URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Submission: On March 25 via api from US

Summary

This website contacted 46 IPs in 7 countries across 35 domains to perform 233 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com.
TLS certificate: Issued by Thawte EV RSA CA 2018 on June 17th 2019. Valid for: a year.
This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
18 35.173.160.135 14618 (AMAZON-AES)
11 143.204.202.5 16509 (AMAZON-02)
5 2606:4700:303... 13335 (CLOUDFLAR...)
12 2a00:1450:400... 15169 (GOOGLE)
7 2600:9000:217... 16509 (AMAZON-02)
11 2600:9000:213... 16509 (AMAZON-02)
1 4 2a00:1450:400... 15169 (GOOGLE)
23 185.220.205.220 41436 (CLOUDWEBM...)
7 172.217.22.2 15169 (GOOGLE)
4 69.173.144.143 26667 (RUBICONPR...)
2 216.52.2.48 29791 (VOXEL-DOT...)
4 95.101.185.51 20940 (AKAMAI-ASN1)
5 37.252.172.37 29990 (ASN-APPNEX)
6 34.95.120.147 15169 (GOOGLE)
5 185.64.189.112 62713 (AS-PUBMATIC)
1 134.209.129.254 14061 (DIGITALOC...)
10 25 152.199.21.89 15133 (EDGECAST)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a03:2880:f01... 32934 (FACEBOOK)
1 2a05:f500:10:... 14413 (LINKEDIN)
1 199.232.53.140 54113 (FASTLY)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 91.228.74.136 27281 (QUANTCAST)
1 151.101.112.157 54113 (FASTLY)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 99.86.0.120 16509 (AMAZON-02)
1 2600:9000:217... 16509 (AMAZON-02)
13 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.197 13414 (TWITTER)
2 2a00:1450:400... 15169 (GOOGLE)
22 185.127.16.52 210329 (CLOUDWEBM...)
4 3.120.54.253 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 91.228.74.206 27281 (QUANTCAST)
15 2a00:1450:400... 15169 (GOOGLE)
3 35.158.0.61 16509 (AMAZON-02)
7 2a00:1450:400... 15169 (GOOGLE)
2 23.8.15.54 20940 (AKAMAI-ASN1)
1 2 2a00:1288:110... 34010 (YAHOO-IRD)
1 1 216.58.206.2 15169 (GOOGLE)
5 5 35.158.60.52 16509 (AMAZON-02)
1 5 3.126.56.137 16509 (AMAZON-02)
2 3 52.19.114.209 16509 (AMAZON-02)
1 151.101.113.108 54113 (FASTLY)
1 95.101.184.244 20940 (AKAMAI-ASN1)
1 1 167.172.1.14 14061 (DIGITALOC...)
1 205.185.216.10 20446 (HIGHWINDS3)
233 46
Apex Domain
Subdomains
Transfer
45 sekindo.com
live.sekindo.com
video.sekindo.com
4 MB
35 threatpost.com
threatpost.com
assets.threatpost.com
media.threatpost.com
634 KB
34 advertising.com
adserver-us.adtech.advertising.com
ads.adaptv.advertising.com
pixel.advertising.com
9 KB
24 googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
399 KB
13 doubleclick.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
94 KB
11 adlightning.com
tagan.adlightning.com
242 KB
9 rubiconproject.com
fastlane.rubiconproject.com
prebid-server.rubiconproject.com
eus.rubiconproject.com
8 KB
8 googletagservices.com
www.googletagservices.com
207 KB
7 yahoo.com
pr-bh.ybp.yahoo.com
ups.analytics.yahoo.com
6 KB
7 google.com
www.google.com
adservice.google.com
1 KB
6 pubmatic.com
hbopenbid.pubmatic.com
ads.pubmatic.com
351 B
6 openx.net
teachingaids-d.openx.net
u.openx.net
eu-u.openx.net
1 KB
6 adnxs.com
ib.adnxs.com
acdn.adnxs.com
5 KB
5 google.de
adservice.google.de
www.google.de
800 B
5 admetricspro.com
qd.admetricspro.com
163 KB
4 ampproject.org
cdn.ampproject.org
146 KB
4 casalemedia.com
as-sec.casalemedia.com
4 KB
3 adsrvr.org
match.adsrvr.org
1 KB
3 quantserve.com
secure.quantserve.com
pixel.quantserve.com
7 KB
2 googleapis.com
fonts.googleapis.com
1 KB
2 amazon-adsystem.com
c.amazon-adsystem.com
28 KB
2 google-analytics.com
www.google-analytics.com
18 KB
2 gstatic.com
www.gstatic.com
fonts.gstatic.com
104 KB
2 serverbid.com
e.serverbid.com
sync.serverbid.com
267 B
2 lijit.com
ap.lijit.com
723 B
1 digitaloceanspaces.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 t.co
t.co
449 B
1 quantcount.com
rules.quantcount.com
358 B
1 ads-twitter.com
static.ads-twitter.com
2 KB
1 reddit.com
www.reddit.com
1 KB
1 linkedin.com
www.linkedin.com
1 facebook.com
graph.facebook.com
526 B
1 googletagmanager.com
www.googletagmanager.com
24 KB
1 kasperskycontenthub.com
kasperskycontenthub.com
398 B
0 adap.tv Failed
sync.adap.tv Failed
233 35
Domain Requested by
25 adserver-us.adtech.advertising.com 10 redirects threatpost.com
23 live.sekindo.com threatpost.com
live.sekindo.com
22 video.sekindo.com threatpost.com
live.sekindo.com
17 threatpost.com threatpost.com
securepubads.g.doubleclick.net
15 pagead2.googlesyndication.com tagan.adlightning.com
pagead2.googlesyndication.com
threatpost.com
11 media.threatpost.com threatpost.com
11 tagan.adlightning.com threatpost.com
tagan.adlightning.com
9 tpc.googlesyndication.com tagan.adlightning.com
threatpost.com
cdn.ampproject.org
8 www.googletagservices.com threatpost.com
tagan.adlightning.com
securepubads.g.doubleclick.net
7 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
threatpost.com
7 assets.threatpost.com threatpost.com
5 ups.analytics.yahoo.com 1 redirects threatpost.com
5 pixel.advertising.com 5 redirects
5 hbopenbid.pubmatic.com qd.admetricspro.com
live.sekindo.com
5 ib.adnxs.com qd.admetricspro.com
live.sekindo.com
5 qd.admetricspro.com threatpost.com
4 googleads.g.doubleclick.net tagan.adlightning.com
pagead2.googlesyndication.com
4 cdn.ampproject.org securepubads.g.doubleclick.net
threatpost.com
4 ads.adaptv.advertising.com live.sekindo.com
4 teachingaids-d.openx.net qd.admetricspro.com
live.sekindo.com
4 as-sec.casalemedia.com qd.admetricspro.com
live.sekindo.com
4 fastlane.rubiconproject.com qd.admetricspro.com
4 adservice.google.de tagan.adlightning.com
4 www.google.com 1 redirects threatpost.com
tagan.adlightning.com
3 match.adsrvr.org 2 redirects threatpost.com
3 adservice.google.com tagan.adlightning.com
3 prebid-server.rubiconproject.com live.sekindo.com
2 pr-bh.ybp.yahoo.com 1 redirects threatpost.com
2 eus.rubiconproject.com live.sekindo.com
qd.admetricspro.com
2 pixel.quantserve.com 1 redirects threatpost.com
2 fonts.googleapis.com live.sekindo.com
2 c.amazon-adsystem.com live.sekindo.com
c.amazon-adsystem.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 ap.lijit.com qd.admetricspro.com
1 serverbid-sync.nyc3.cdn.digitaloceanspaces.com qd.admetricspro.com
1 sync.serverbid.com 1 redirects
1 ads.pubmatic.com qd.admetricspro.com
1 eu-u.openx.net qd.admetricspro.com
1 acdn.adnxs.com qd.admetricspro.com
1 cm.g.doubleclick.net 1 redirects
1 u.openx.net live.sekindo.com
1 fonts.gstatic.com threatpost.com
1 t.co threatpost.com
1 rules.quantcount.com secure.quantserve.com
1 www.google.de threatpost.com
1 stats.g.doubleclick.net 1 redirects
1 static.ads-twitter.com www.googletagmanager.com
1 secure.quantserve.com www.googletagmanager.com
1 www.reddit.com threatpost.com
1 www.linkedin.com threatpost.com
1 graph.facebook.com threatpost.com
1 www.gstatic.com www.google.com
1 www.googletagmanager.com threatpost.com
1 e.serverbid.com qd.admetricspro.com
1 kasperskycontenthub.com threatpost.com
0 sync.adap.tv Failed threatpost.com
233 56
Subject Issuer Validity Valid
threatpost.com
Thawte EV RSA CA 2018
2019-06-17 -
2020-06-17
a year crt.sh
*.adlightning.com
Amazon
2019-08-19 -
2020-09-19
a year crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2
2020-02-04 -
2020-10-09
8 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
assets.threatpost.com
Amazon
2020-03-04 -
2021-04-04
a year crt.sh
kasperskycontenthub.com
Thawte RSA CA 2018
2019-06-14 -
2020-06-13
a year crt.sh
media.threatpost.com
Amazon
2020-03-04 -
2021-04-04
a year crt.sh
www.google.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
www.sekindo.com
Go Daddy Secure Certificate Authority - G2
2019-05-23 -
2020-06-18
a year crt.sh
*.google.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA
2019-01-10 -
2021-01-14
2 years crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2
2019-03-11 -
2020-05-10
a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018
2020-03-02 -
2021-04-01
a year crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA
2019-01-23 -
2021-03-08
2 years crt.sh
*.openx.net
GeoTrust RSA CA 2018
2018-01-04 -
2020-07-09
3 years crt.sh
*.pubmatic.com
Sectigo RSA Organization Validation Secure Server CA
2019-02-22 -
2021-02-21
2 years crt.sh
e.serverbid.com
Let's Encrypt Authority X3
2020-03-24 -
2020-06-22
3 months crt.sh
*.adtech.advertising.com
DigiCert SHA2 High Assurance Server CA
2018-05-22 -
2020-05-26
2 years crt.sh
*.google-analytics.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-03-01 -
2020-05-30
3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2019-11-21 -
2020-09-01
9 months crt.sh
*.reddit.com
DigiCert SHA2 Secure Server CA
2018-08-17 -
2020-09-02
2 years crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA
2019-10-04 -
2020-10-07
a year crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2019-08-14 -
2020-08-18
a year crt.sh
www.google.de
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
c.amazon-adsystem.com
Amazon
2019-10-07 -
2020-09-29
a year crt.sh
tpc.googlesyndication.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
t.co
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
*.storage.googleapis.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.v.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2020-03-01 -
2020-08-28
6 months crt.sh
misc-sni.google.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2020-01-04 -
2020-07-02
6 months crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA
2020-02-13 -
2020-08-11
6 months crt.sh
cdn.adnxs.com
GlobalSign CloudSSL CA - SHA256 - G3
2019-05-16 -
2020-05-16
a year crt.sh
*.nyc3.cdn.digitaloceanspaces.com
DigiCert SHA2 Secure Server CA
2020-03-11 -
2021-04-14
a year crt.sh
*.adsrvr.org
Trustwave Organization Validation SHA256 CA, Level 1
2019-03-07 -
2021-04-19
2 years crt.sh

This page contains 25 frames:

Primary Page: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Frame ID: AB8CC6340276C3081BF7BB87348AF28F
Requests: 96 HTTP requests in this frame

Frame: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1585161659&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Frame ID: 485482B457FEA23EB66160CBF3536B0B
Requests: 49 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=P6KLRNy7h3K160ZmYNUOAce7&theme=standard&size=normal&cb=3z2eoofwgbz0
Frame ID: 49CD4E2F46982A5F4668D101033F42EE
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=P6KLRNy7h3K160ZmYNUOAce7&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=ax47hswy1ixp
Frame ID: 440971FA45B719891920CB5534C2E87E
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: DD35801911719F1613AA95A23D60B900
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: 6DE70239A84F67A2FE6149E9B2932F8A
Requests: 21 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-88d2de2-47b2e0b5.js
Frame ID: 64479A83B1119E2AC7472C2882CE9FEA
Requests: 14 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-88d2de2-47b2e0b5.js
Frame ID: BAE7F8A2976E7485FC8D5F63356DF729
Requests: 14 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-88d2de2-47b2e0b5.js
Frame ID: F01438CFFFDB706C3C39CD209A25BDCC
Requests: 13 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-88d2de2-47b2e0b5.js
Frame ID: 7E52544130100EE1B57F3E677273E797
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200319/r20190131/zrt_lookup.html
Frame ID: B3E479CDBD77A600858A99BCC87EBAFF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7500593236707325&output=html&h=90&slotname=7759284332&adk=4262696766&adf=3173046725&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ea=0&flash=0&wgl=1&adsid=NT&dt=1585161661085&bpp=22&bdt=184&fdt=152&idt=153&shv=r20200319&cbv=r20190131&ptt=9&saldr=aa&correlator=7763239248100&frm=23&ife=4&pv=2&ga_vid=2110905385.1585161660&ga_sid=1585161661&ga_hid=1859437683&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=429&ady=10&biw=1585&bih=1200&isw=728&ish=90&ifk=1127880121&scr_x=0&scr_y=0&oid=3&pvsid=2322980237652856&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.88d65erqbtp9&fsb=1&dtd=164
Frame ID: C5F7CFC79CB5B38290AC3A3B2EA224AC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7500593236707325&output=html&h=280&slotname=7077012612&adk=2662501839&adf=3173046724&w=336&psa=0&guci=1.2.0.0.2.2.0.0&format=336x280&url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ea=0&flash=0&wgl=1&adsid=NT&dt=1585161661151&bpp=4&bdt=240&fdt=160&idt=160&shv=r20200319&cbv=r20190131&ptt=9&saldr=aa&correlator=7763239248100&frm=23&ife=4&pv=1&ga_vid=2110905385.1585161660&ga_sid=1585161661&ga_hid=792988457&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1057&ady=257&biw=1585&bih=1200&isw=336&ish=280&ifk=1520156743&scr_x=0&scr_y=0&oid=3&pvsid=3245535912936893&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.1ct7fzm7birb&fsb=1&dtd=164
Frame ID: 6957C15151CC0A0A8DB68D4043AB71E6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7500593236707325&output=html&h=250&slotname=2376748102&adk=2477513961&adf=3173046723&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ea=0&flash=0&wgl=1&adsid=NT&dt=1585161661194&bpp=4&bdt=276&fdt=135&idt=135&shv=r20200319&cbv=r20190131&ptt=9&saldr=aa&correlator=7763239248100&frm=23&ife=4&pv=1&ga_vid=2110905385.1585161660&ga_sid=1585161661&ga_hid=1680912526&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1075&ady=1562&biw=1585&bih=1200&isw=300&ish=250&ifk=4033026528&scr_x=0&scr_y=0&oid=3&pvsid=4483954338265324&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.dju8gnhdqwya&btvi=1&fsb=1&dtd=139
Frame ID: 4ADF16ECA7E400BE6E104DB3F07AC4E2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: B1233778D15D23DC23847F8CBE3D68F9
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Frame ID: F3B88EE7D0EC6248567B25FD116375DA
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Frame ID: 49694D29B0D89350B4540B89AC316993
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: AEDBD92F1825A2C7652668DD30547140
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: BB1DE6249963727102537FBD2C9C51B0
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: FC701A6123C6B40F820B27EF37B9E85E
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
Frame ID: DC3C1D3E31D760340A7B80196C6D5E71
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: C921DA5A0B4E4BC3CE131D06DFB6C8BE
Requests: 1 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: A3F4F9FE1E5177E1796CF1E7BD8A2F91
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 9A02F3FC2906825A3ACD22954CC88121
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: FC92D4FA731478813AB775FE6F28DD37
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /\/prebid\.js/i

Overall confidence: 100%
Detected patterns
  • script /\.quantserve\.com\/quant\.js/i

Page Statistics

233
Requests

99 %
HTTPS

39 %
IPv6

35
Domains

56
Subdomains

46
IPs

7
Countries

5711 kB
Transfer

9768 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
Request Chain 46
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
Request Chain 47
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
Request Chain 48
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
Request Chain 49
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
Request Chain 63
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A2bfdf13a-6ec8-11ea-855f-12121b825df6;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
Request Chain 64
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A2bfdfacc-6ec8-11ea-9336-1201d05c7be8;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
Request Chain 65
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1A2bfe2b28-6ec8-11ea-b895-128a639db496;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
Request Chain 66
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A2bfe07e2-6ec8-11ea-8564-12dcd5311714;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
Request Chain 67
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
Request Chain 90
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&aip=1&a=953522800&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ul=en-us&de=UTF-8&dt=Apache%20Tomcat%20Exploit%20Poised%20to%20Pounce%2C%20Stealing%20Files%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAEAB~&jid=2052855395&gjid=1506444342&cid=2110905385.1585161660&tid=UA-35676203-21&_gid=2099108862.1585161660&_r=1&gtm=2wg3i0PM29HLF&z=425573027 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-35676203-21&cid=2110905385.1585161660&jid=2052855395&_gid=2099108862.1585161660&gjid=1506444342&_v=j81&z=425573027 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=2110905385.1585161660&jid=2052855395&_v=j81&z=425573027 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=2110905385.1585161660&jid=2052855395&_v=j81&z=425573027&slf_rd=1&random=2526068164
Request Chain 190
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D&_test=XnulvgAAAFkcBH97 HTTP 302
  • https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XnulvgAAAFkcBH97&_test=XnulvgAAAFkcBH97
Request Chain 191
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEPhEHV4b1BRaScVMnT_0U0A&google_cver=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEPhEHV4b1BRaScVMnT_0U0A&google_cver=1&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
Request Chain 192
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://pixel.advertising.com/ups/55953/sync?uid=e695dc7a-acb0-413c-8569-e9a7f2c0b499&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=e695dc7a-acb0-413c-8569-e9a7f2c0b499 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=e695dc7a-acb0-413c-8569-e9a7f2c0b499&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=e695dc7a-acb0-413c-8569-e9a7f2c0b499&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
Request Chain 202
  • https://sync.serverbid.com/ss/2000891.html HTTP 302
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Request Chain 204
  • https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/adtech/1A2bfe3550-6ec8-11ea-9b48-12359aeea65a?gdpr=1&gdpr_consent= HTTP 302
  • https://pixel.advertising.com/ups/56465/sync?uid=y-c.J.L811lxk_rTgJf9MnmP_0AUOIVgwwO3gM&_origin=0&nsync=0 HTTP 302
  • https://ups.analytics.yahoo.com/ups/56465/sync?uid=y-c.J.L811lxk_rTgJf9MnmP_0AUOIVgwwO3gM&_origin=0&nsync=0&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
Request Chain 205
  • https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
  • https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=gnVEjdYlEYuaIhCO0yle19FyQ96aJUrX0nHxRq1I HTTP 302
  • https://ups.analytics.yahoo.com/ups/55965/sync?_origin=0&gdpr=1&uid=gnVEjdYlEYuaIhCO0yle19FyQ96aJUrX0nHxRq1I&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a

233 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
threatpost.com/apache-tomcat-exploit-stealing-files/154055/
78 KB
20 KB
Document
General
Full URL
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf505aa2560757b32e7572cd1b7ad465844fe8e622b3faa249e7c8d5d932fb75
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
threatpost.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

Server
nginx
Date
Wed, 25 Mar 2020 18:40:58 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Link
<https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/?p=154055>; rel=shortlink
X-Frame-Options
SAMEORIGIN
X-Debug-Auth
off
X-Request-Host
threatpost.com
x-cache-hit
HIT
Content-Encoding
gzip
main.css
threatpost.com/wp-content/themes/threatpost-2018/assets/css/
234 KB
35 KB
Stylesheet
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1585155242
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
56ab0f61f8ed6030bdd684f3752233177da0555b07cb172e0abffe8e02978bc5

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:40:59 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Mar 2020 16:54:04 GMT
Server
nginx
ETag
W/"5e7b8cac-3a94d"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 01 Apr 2020 18:40:59 GMT
op.js
tagan.adlightning.com/math-aids-threatpost/
47 KB
14 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.5 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-5.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5782cfd4d895132342c352d2207334fc69cfc757870949b913dd449128486391

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:27:20 GMT
content-encoding
gzip
age
820
x-cache
Hit from cloudfront
status
200
content-length
13839
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 25 Mar 2020 17:14:06 GMT
server
AmazonS3
etag
"c720f79bdc4566c473c92ceac1a330cd"
x-amz-version-id
YjLYTIrnenBUChmrTgNZqZDKrisHUCcW
via
1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
cache-control
max-age=900
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
HESFokxcTanxOwrtZSd2XxC1ZcYccVNSMZl_azFin2OqTaESW2NgfA==
ros-layout.js
qd.admetricspro.com/js/threatpost/
18 KB
2 KB
Script
General
Full URL
https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681b:a173 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e00db38c7c200422a1b2604eccaee91db1aa7dd5aead5383f62b85cead19068

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:40:59 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 23 Mar 2020 17:20:59 GMT
server
cloudflare
age
160
etag
W/"4871-5a188dbd16705-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
579ac370cc792736-FRA
access-control-allow-origin
*
expires
Wed, 25 Mar 2020 18:48:19 GMT
gpt.js
www.googletagservices.com/tag/js/
43 KB
14 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2ad6f11aca9703e03bfe4c7bfc653ed76c80da9ead9eb8fbd4c4f883e967caba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:40:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"467 / 483 of 1000 / last-modified: 1585081309"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
14458
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:40:58 GMT
cmp.js
qd.admetricspro.com/js/threatpost/
218 KB
61 KB
Script
General
Full URL
https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681b:a173 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aaf45a172ec90c76bcecd61c68d998c2256fe9b1700371e80011d1161c5ab629

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:40:59 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 27 Sep 2019 21:07:46 GMT
server
cloudflare
age
160
etag
W/"367ba-5938f47194c80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
579ac370cc7b2736-FRA
access-control-allow-origin
*
expires
Wed, 25 Mar 2020 18:48:19 GMT
targeting.js
qd.admetricspro.com/js/threatpost/
275 B
213 B
Script
General
Full URL
https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681b:a173 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:40:59 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 08 Feb 2020 20:49:18 GMT
server
cloudflare
age
160
etag
W/"113-59e16a3cfb471-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
579ac370cc7c2736-FRA
access-control-allow-origin
*
expires
Wed, 25 Mar 2020 18:48:19 GMT
prebid.js
qd.admetricspro.com/js/threatpost/
294 KB
86 KB
Script
General
Full URL
https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681b:a173 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f40f7297122393e1425eec62e78a75c3211f7ad3f6b09a356aa317fcedc2cf3

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:40:59 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 26 Feb 2020 03:30:32 GMT
server
cloudflare
age
72
etag
W/"49929-59f723a0fd39e-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
579ac370cc7d2736-FRA
access-control-allow-origin
*
expires
Wed, 25 Mar 2020 18:39:15 GMT
engine.js
qd.admetricspro.com/js/threatpost/
16 KB
12 KB
Script
General
Full URL
https://qd.admetricspro.com/js/threatpost/engine.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681b:a173 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bcf391dd0b006a87698ac0894d71039d610480913d24fcdaa1f2fdeeeda943e3

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:40:59 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 24 Nov 2019 00:06:08 GMT
server
cloudflare
age
160
etag
W/"41f6-5980c69fe949d-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
579ac370cc7e2736-FRA
access-control-allow-origin
*
expires
Wed, 25 Mar 2020 18:48:19 GMT
/
assets.threatpost.com/wp-content/plugins/bwp-minify/min/
77 KB
17 KB
Stylesheet
General
Full URL
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=def5d7c4
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2176:1600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2ed8662cb6ca4b48b146127db22ebd71f824d54fb6ca11601bd8fa97ff572cf2
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Wed, 25 Mar 2020 16:54:34 GMT
content-encoding
gzip
age
6385
x-cache
Hit from cloudfront
status
200
content-length
16477
last-modified
Wed, 25 Mar 2020 16:54:02 GMT
server
nginx
cache-control
max-age=86400
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 521484bc87dc7b3d509c41618270e818.cloudfront.net (CloudFront)
x-cache-hit
MISS
x-debug-auth
off
x-amz-cf-pop
MXP64-C3
x-request-host
kasperskycontenthub.com
x-amz-cf-id
HhImF_x4XLNzEy-0PcFwmaoErgW1lNphlf1AttC4DqVcsSsBpl3XMQ==
expires
Thu, 26 Mar 2020 16:54:33 GMT
jquery.js
threatpost.com/wp-includes/js/jquery/
95 KB
37 KB
Script
General
Full URL
https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:40:59 GMT
Content-Encoding
gzip
Last-Modified
Wed, 18 Dec 2019 22:32:15 GMT
Server
nginx
ETag
W/"5dfaa8ef-17a69"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 01 Apr 2020 18:40:59 GMT
/
assets.threatpost.com/wp-content/plugins/bwp-minify/min/
175 KB
55 KB
Script
General
Full URL
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/themes/threatpost-2018/assets/js/main.js,wp-content/themes/threatpost-2018/assets/js/loadmore.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=def5d7c4
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2176:1600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f89d17dc2e4ecb385243b7b4cdaf5d8d9f6d4b9829e2be80afb66d01721835e3
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 16:54:35 GMT
content-encoding
gzip
age
6384
x-cache
Hit from cloudfront
status
200
content-length
55884
last-modified
Wed, 25 Mar 2020 16:54:02 GMT
server
nginx
cache-control
max-age=86400
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 521484bc87dc7b3d509c41618270e818.cloudfront.net (CloudFront)
x-cache-hit
MISS
x-debug-auth
off
x-amz-cf-pop
MXP64-C3
x-request-host
kasperskycontenthub.com
x-amz-cf-id
NSjLmBFcqV-nDgknk5uThNgHfpfhyKfQviZTUCI9wGD0OPswuO2gkg==
expires
Thu, 26 Mar 2020 16:54:34 GMT
/
kasperskycontenthub.com/
0
398 B
Script
General
Full URL
https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=1406020749&back=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 25 Mar 2020 18:40:59 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
x-cache-hit
HIT
Transfer-Encoding
chunked
X-Debug-Auth
off
Connection
close
X-Request-Host
kasperskycontenthub.com
X-XSS-Protection
1; mode=block
tom_cat-e1584994988247.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/03/23161807/
32 KB
33 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/23161807/tom_cat-e1584994988247.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2134:9800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3827e211932573b49bc847f79077e85e27877abc8426fc3dd4703ab797f0134

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 23 Mar 2020 20:57:04 GMT
via
1.1 e7ce333c56f455a0dae7f1f5ea5d6086.cloudfront.net (CloudFront), 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
last-modified
Mon, 23 Mar 2020 20:23:09 GMT
server
AmazonS3
age
164636
etag
"e5acb1e32fd0aa4c062f8c51d053c056"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA54, MXP64-C2
accept-ranges
bytes
content-length
33105
x-amz-cf-id
TXSoNIUsIo43fl03bA7ZpXmFygirK1A_hifoPZ_ciun5LjTAfb92Xg==
expires
Tue, 23 Mar 2021 20:23:08 GMT
Tara-headshot.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/08/15114841/
13 KB
13 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2018/08/15114841/Tara-headshot.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2134:9800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
89ce08431545cd3c6d42419d99ee0152027a68c1d0c7c82838cc9a51d9d52451

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 22 Sep 2019 06:30:57 GMT
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront), 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
last-modified
Fri, 17 Aug 2018 16:22:08 GMT
server
AmazonS3
age
16027803
etag
"dee18dfeea6de13bec60c1e5237eb723"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA6-C1, MXP64-C2
accept-ranges
bytes
content-length
13097
x-amz-cf-id
CYGcMSKjyPQ6xuJMkXCIwSVwipqp-x_8PvpZIyHfztA7RZVRPModbg==
expires
Sat, 17 Aug 2019 16:22:07 GMT
subscribe2.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/
8 KB
9 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2134:9800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 19 Sep 2019 00:57:41 GMT
via
1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront), 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
last-modified
Tue, 19 Feb 2019 20:14:58 GMT
server
AmazonS3
age
16306999
etag
"5ba45563f793f39ef6baf02645651654"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2, MXP64-C2
accept-ranges
bytes
content-length
8281
x-amz-cf-id
9fyeXmxj0QHuVoONdwZMz3U4SpSQOrMF8At__LWU9oIM-4GnEo7mMw==
expires
Wed, 19 Feb 2020 20:14:57 GMT
china-hack-apt41-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/03/25105551/
23 KB
23 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/25105551/china-hack-apt41-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2134:9800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
392ee73494ad87dfd8e26d58894a845e8b3f2f8b0e4faea89562c45014be5ccb

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 25 Mar 2020 15:58:14 GMT
via
1.1 f1a4124f4c347609b380426ba659692a.cloudfront.net (CloudFront), 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
last-modified
Wed, 25 Mar 2020 14:55:55 GMT
server
AmazonS3
age
9766
etag
"47f38a2c0dcffc1771fb30754bf2af62"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-amz-cf-pop
MUC51-C1, MXP64-C2
accept-ranges
bytes
content-length
23082
x-amz-cf-id
xq0yYbn85ZWlLYpmOVEXbUulNoED_e5NEwxkURq4wR0GqHmWPLCHVQ==
expires
Thu, 25 Mar 2021 14:55:54 GMT
ge-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/03/25111238/
32 KB
32 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/25111238/ge-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2134:9800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9d472cb43e4b1b45017fd51ee4f226c9b94ac04da07e66a8513ef8283d3080ed

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 25 Mar 2020 15:38:38 GMT
via
1.1 8d84df16ba20ff1d2ca3914948494e04.cloudfront.net (CloudFront), 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
last-modified
Wed, 25 Mar 2020 15:23:54 GMT
server
AmazonS3
age
10942
etag
"4263ec26fe88302b418228386e0d0cae"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA54, MXP64-C2
accept-ranges
bytes
content-length
32503
x-amz-cf-id
S6y0bFOMdfzbWlU_NV8IDbJ9VcUhtXDlY7q5bb8Vyzr1-b4atcU-rQ==
expires
Thu, 25 Mar 2021 15:23:51 GMT
sand-worm-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/03/11130126/
20 KB
21 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/11130126/sand-worm-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2134:9800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0beebca369560b7e66790550519f778098bc236470389046643728d4fe2b87eb

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 18 Mar 2020 23:38:26 GMT
via
1.1 6e8dd39e00d9a5c1a31d69ffa2821a5e.cloudfront.net (CloudFront), 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
last-modified
Wed, 11 Mar 2020 17:01:30 GMT
server
AmazonS3
age
586954
etag
"c2c951b64d133cac6f83af8352fe6219"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA54, MXP64-C2
accept-ranges
bytes
content-length
20532
x-amz-cf-id
oam3dz2nMUdSk89VWE9aYwu1eEzCaXZ2hIvtlFqPgSLnzp-7NwkuiQ==
expires
Thu, 11 Mar 2021 17:01:29 GMT
api.js
www.google.com/recaptcha/
674 B
538 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?hl=en
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
beb58d113da73001dfcbbb97b0e041c737361f1ae0050e6c60c96c14d69a46a7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:40:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
447
x-xss-protection
1; mode=block
expires
Wed, 25 Mar 2020 18:40:59 GMT
data-center-64x64.png
media.threatpost.com/wp-content/uploads/sites/103/2020/01/15162631/
8 KB
9 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/01/15162631/data-center-64x64.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2134:9800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1d36800d5a9c72e02424db4f2ee2d3e3391388e8b7e863533f73c788df14ab5e

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 16 Feb 2020 06:15:20 GMT
via
1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront), 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
last-modified
Wed, 15 Jan 2020 21:26:52 GMT
server
AmazonS3
age
3327940
etag
"93668d327fc4fcc8e57177484d96236e"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1, MXP64-C2
accept-ranges
bytes
content-length
8414
x-amz-cf-id
_kR2Z_IwnsE3tkGJ1I7OU_0wb_F8P6yo-w2kD1H6O_c1Na15p0qrTg==
expires
Thu, 14 Jan 2021 21:26:49 GMT
cyber-threat-2020-64x64.png
media.threatpost.com/wp-content/uploads/sites/103/2019/10/25090853/
3 KB
4 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2019/10/25090853/cyber-threat-2020-64x64.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2134:9800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e69b4aedd4ba4df00f7340e4a299dacca0abd06295d6c871f6816ea07db2507c

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Dec 2019 14:00:33 GMT
via
1.1 efed2d5ffeb697060f4a3aa73bdf068f.cloudfront.net (CloudFront), 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
last-modified
Fri, 25 Oct 2019 13:08:56 GMT
server
AmazonS3
age
7360827
etag
"97535062e07e5bd8bf0ddb185a9869c7"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA54, MXP64-C2
accept-ranges
bytes
content-length
3569
x-amz-cf-id
cy-1GHNLypxggjA-i8QZovpv1xR_NhCTx88Zr-yEm2_o663QwQCKyw==
expires
Sat, 24 Oct 2020 13:08:53 GMT
patches-64x64.png
media.threatpost.com/wp-content/uploads/sites/103/2017/05/06225026/
9 KB
9 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2017/05/06225026/patches-64x64.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2134:9800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b546be5b42d65b5d2eb3ef247886a1d692512462946bac11547df2a0a5ed02a2

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 30 Dec 2019 14:02:11 GMT
via
1.1 269bfdd288bfea5423a4e9e701777da6.cloudfront.net (CloudFront), 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
last-modified
Tue, 03 Jul 2018 01:47:16 GMT
server
AmazonS3
age
7447129
etag
"34fd711c1863cbefe6bf897a5665a720"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1, MXP64-C2
accept-ranges
bytes
content-length
8748
x-amz-cf-id
QyHJRmjwek-8PwlqNh6ZoXkZCi8ljOWsUmWghH-q5tK3GOr2FH5IpQ==
expires
Wed, 03 Jul 2019 01:47:12 GMT
artificial_intelligence-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/10/01152243/
2 KB
2 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2018/10/01152243/artificial_intelligence-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2134:9800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a968b405c5b4dcd85f76e5400c41930968710351102d83a80cf114ad7549b5d0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 26 Dec 2019 14:00:59 GMT
via
1.1 3ef066dcf359ad5dbc339df978147194.cloudfront.net (CloudFront), 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
last-modified
Mon, 01 Oct 2018 19:22:48 GMT
server
AmazonS3
age
7792800
etag
"a67a437ee807847e498f42bfe1dd14fa"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA54, MXP64-C2
accept-ranges
bytes
content-length
1834
x-amz-cf-id
0u3xigEJh26YJAYRXj6g4Fcg_yX5kNTLKce7Mam1PaSgkG2eCleIIg==
expires
Tue, 01 Oct 2019 19:22:43 GMT
Hacker-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/01/23110846/
1 KB
2 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2019/01/23110846/Hacker-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2134:9800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3e05b274c76d548e39c6633af671d715bd1be28a929ab47a5ae8d29ff120df7

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 24 Dec 2019 14:02:16 GMT
via
1.1 c5c25772c7f14e267596e0f8ce51d9bc.cloudfront.net (CloudFront), 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
last-modified
Wed, 23 Jan 2019 16:08:49 GMT
server
AmazonS3
age
7965524
etag
"0c579c9f31a7fe9e5b94b47a6fd20620"
x-cache
Hit from cloudfront
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1, MXP64-C2
accept-ranges
bytes
content-length
1393
x-amz-cf-id
HSi5eCICmyJsGAYdOS_vnFn5UnVCKRbql_SgR2w65rigzYDoTHJkoQ==
expires
Thu, 23 Jan 2020 16:08:46 GMT
liveView.php
live.sekindo.com/live/
24 KB
7 KB
Script
General
Full URL
https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
1f228da49041c803a9b37350971d949972f7621da29427026d06e73cdbfeb6f0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:40:58 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/javascript; charset=utf-8
/
assets.threatpost.com/wp-content/plugins/bwp-minify/min/
2 KB
1 KB
Script
General
Full URL
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/jquery.json.min.js&ver=def5d7c4
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2176:1600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a9f6c03ce6f4d1654f29f2136651e883198d509cb2e26af1c24b1f87b6ccae13
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 16:54:36 GMT
content-encoding
gzip
age
6383
x-cache
Hit from cloudfront
status
200
content-length
935
last-modified
Wed, 25 Mar 2020 16:54:01 GMT
server
nginx
cache-control
max-age=86400
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 521484bc87dc7b3d509c41618270e818.cloudfront.net (CloudFront)
x-cache-hit
MISS
x-debug-auth
off
x-amz-cf-pop
MXP64-C3
x-request-host
kasperskycontenthub.com
x-amz-cf-id
GeupNQtRO9q7tIoJik1DCOY1Y_SQrFFS4t3C9bKC1kxqD9OOuwC_KA==
expires
Thu, 26 Mar 2020 16:54:36 GMT
gravityforms.min.js
threatpost.com/wp-content/plugins/gravityforms/js/
26 KB
10 KB
Script
General
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.2.6.5
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a783d2ad42c380bc896219c080fa845d1e9f2e77483558103aeb296b95b85701

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:40:59 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Mar 2020 16:54:00 GMT
Server
nginx
ETag
W/"5e7b8ca8-6923"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 01 Apr 2020 18:40:59 GMT
/
assets.threatpost.com/wp-content/plugins/bwp-minify/min/
6 KB
3 KB
Script
General
Full URL
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/conditional_logic.min.js&ver=def5d7c4
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2176:1600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
663ac3773e9741ad638447e6e9478f83e10e073c5ee433c5de3c640c7dae8c32
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 16:54:41 GMT
content-encoding
gzip
age
6378
x-cache
Hit from cloudfront
status
200
content-length
2338
last-modified
Wed, 25 Mar 2020 16:54:00 GMT
server
nginx
cache-control
max-age=86400
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 521484bc87dc7b3d509c41618270e818.cloudfront.net (CloudFront)
x-cache-hit
MISS
x-debug-auth
off
x-amz-cf-pop
MXP64-C3
x-request-host
kasperskycontenthub.com
x-amz-cf-id
MDLbxM3fOiNeFh4oPWngBy8Nk5rZG5T9GjY0enAYAI8EFVG-WsTCzw==
expires
Thu, 26 Mar 2020 16:54:41 GMT
/
assets.threatpost.com/wp-content/plugins/bwp-minify/min/
5 KB
2 KB
Script
General
Full URL
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/placeholders.jquery.min.js&ver=def5d7c4
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2176:1600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 16:54:42 GMT
content-encoding
gzip
age
6377
x-cache
Hit from cloudfront
status
200
content-length
1747
last-modified
Wed, 25 Mar 2020 16:54:01 GMT
server
nginx
cache-control
max-age=86400
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 521484bc87dc7b3d509c41618270e818.cloudfront.net (CloudFront)
x-cache-hit
HIT
x-debug-auth
off
x-amz-cf-pop
MXP64-C3
x-request-host
kasperskycontenthub.com
x-amz-cf-id
1OUN8d8i0AD3HjZHce0QpO16dE6xLA03tgdq54PAsEcRWaChPR97EQ==
expires
Thu, 26 Mar 2020 16:54:14 GMT
/
assets.threatpost.com/wp-content/plugins/bwp-minify/min/
2 KB
1 KB
Script
General
Full URL
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/js/wp-embed.min.js,wp-content/plugins/akismet/_inc/form.js&ver=def5d7c4
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2176:1600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a2e2059610101cb4718d6d9cf8d6e44243838304968710f35ed7f44188a9c279
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 16:56:22 GMT
content-encoding
gzip
age
6276
x-cache
Hit from cloudfront
status
200
content-length
947
last-modified
Wed, 18 Dec 2019 22:32:15 GMT
server
nginx
cache-control
max-age=86400
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 521484bc87dc7b3d509c41618270e818.cloudfront.net (CloudFront)
x-cache-hit
MISS
x-debug-auth
off
x-amz-cf-pop
MXP64-C3
x-request-host
kasperskycontenthub.com
x-amz-cf-id
QxvfWf3w-nnYar6zwpBpaijjbb9Y69oUQ8wBGvq6A9Dt5hSeSozyJQ==
expires
Thu, 26 Mar 2020 16:56:22 GMT
b-0d4dfcb.js
tagan.adlightning.com/math-aids-threatpost/
53 KB
15 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.5 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-5.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
92236ba12e109fff1e82ecabec1eda229af59c8374c54374a38a46dc01f53559

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 16:49:46 GMT
content-encoding
gzip
age
2253074
x-cache
Hit from cloudfront
status
200
content-length
14481
x-amz-meta-git_commit
0d4dfcb
last-modified
Mon, 20 Jan 2020 21:00:33 GMT
server
AmazonS3
etag
"bf1a2a1d4ffb353d268fccfda0736572"
x-amz-version-id
PGsbLvp7r6PsyaqOJTHRTfOBKlgvnkI7
via
1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
uAFRdTyjvx19d7Qau2lvjvbuRYbIGzFBrcFaoNM1gbD5FJBEH38pDQ==
bl-88d2de2-47b2e0b5.js
tagan.adlightning.com/math-aids-threatpost/
80 KB
31 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-88d2de2-47b2e0b5.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.5 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-5.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e107ee0ce6bbe3eeca2b5cbe98251de6bf8be5a53aa8060e9c8affb4cc8d2bfa

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 17:20:50 GMT
content-encoding
gzip
age
4810
x-cache
Hit from cloudfront
status
200
content-length
31278
x-amz-meta-git_commit
88d2de2
last-modified
Wed, 25 Mar 2020 17:13:54 GMT
server
AmazonS3
etag
"9b401a5bd2aa0675109aa77dc89a96d9"
x-amz-version-id
GKFikuxOFF5dqHYHZzXayrEgDgfxCGX4
via
1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
0XaRlar3VeOSJ3koP7j986GiJjzIGVxqkrQMdVu1RnUdw1gGqPLr0A==
pubads_impl_2020030501.js
securepubads.g.doubleclick.net/gpt/
165 KB
60 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
sffe /
Resource Hash
8ee04e0441c9e51785d17ac835a93cf4d30d90826f87350b42ba233496a26f55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Wed, 25 Mar 2020 18:40:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 05 Mar 2020 14:08:10 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
61481
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:40:59 GMT
integrator.sync.js
adservice.google.de/adsid/
113 B
178 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.sync.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:40:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
108
x-xss-protection
0
fastlane.json
fastlane.rubiconproject.com/a/api/
306 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&tk_flint=pbjs_lite_v3.8.0&x_source.tid=1e9d4eaf-1970-46e2-86e7-6d69a953c608&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5568397136230656
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
55bb116c5fb03c11a9002731ea2b31ee1cdcb3d94ee4fb5743281493c11d442e

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:40:59 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=461
Content-Length
306
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
241 B
2 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&tk_flint=pbjs_lite_v3.8.0&x_source.tid=9f076ac3-1d33-4802-842d-0eb9a8110078&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.2979351983756362
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
82af068ba43f9bef1eb790425bf25522200c9031b8ab6e899edffed118a202b7

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:40:59 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=305
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
261 B
2 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&tk_flint=pbjs_lite_v3.8.0&x_source.tid=d9b2a9a7-3d0d-43d9-a524-a5cfeee005b1&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.42098649267759325
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
b98e3901ded14df1f4660b0b151effb8cad5b18a086a102933c0561787f6afa2

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:40:59 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=177
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
261 B
2 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&tk_flint=pbjs_lite_v3.8.0&x_source.tid=d9b2a9a7-3d0d-43d9-a524-a5cfeee005b1&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.19705666133611666
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
3000bf561ae4a3af7b060eff14cc377f81d86ff4410c0a7675e721baa6c5c068

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:40:59 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=218
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
bid
ap.lijit.com/rtb/
47 B
723 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.8.0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
a5e912ba2c711b19778be1cd1dc789bab043e10d9a2e8d088f6d25fb5ff6d3d7

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 25 Mar 2020 18:40:59 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://threatpost.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
65
cygnus
as-sec.casalemedia.com/
25 B
987 B
XHR
General
Full URL
https://as-sec.casalemedia.com/cygnus?s=438654&v=7.2&r=%7B%22id%22%3A%22128bfa64a821213%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22133f0b75bd9ad3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22148a70c47d031e3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2215ee8142b7f553d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1&
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-51.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e7a5932b6d57a395b5b5b31af1a0906620a11d197103d65b9f7901bddf2f1856

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:40:59 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
45
Expires
Wed, 25 Mar 2020 18:40:59 GMT
prebid
ib.adnxs.com/ut/v3/
375 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
fdeb7f92826abf9d6a3aad0e3ee1ebab6e526b4531e8b0c9b1f8f3166c431613
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:01 GMT
X-Proxy-Origin
194.187.251.52; 194.187.251.52; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.50:80
AN-X-Request-Uuid
7d20836c-7f55-40c4-86ae-3346d4d40e10
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
375
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
teachingaids-d.openx.net/w/1.0/
173 B
570 B
XHR
General
Full URL
https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=1e9d4eaf-1970-46e2-86e7-6d69a953c608%2C1e9d4eaf-1970-46e2-86e7-6d69a953c608%2C9f076ac3-1d33-4802-842d-0eb9a8110078%2Cd9b2a9a7-3d0d-43d9-a524-a5cfeee005b1%2Cd9b2a9a7-3d0d-43d9-a524-a5cfeee005b1&nocache=1585161659616&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divIds=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720&
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
30201304008e296c9c45f343d1057e775d213ba9a6cd32d25285dac53e26218b

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
content-encoding
gzip
server
OXGW/16.182.1
status
200
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
165
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/
0
115 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Wed, 25 Mar 2020 18:40:59 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://threatpost.com
prebid
ib.adnxs.com/ut/v3/
376 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
c75d3d7ec8ff92599edcf0840b82ee15b733b3c7b5b48c86274cf3a92e612e52
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:01 GMT
X-Proxy-Origin
194.187.251.52; 194.187.251.52; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.110:80
AN-X-Request-Uuid
8edd9bcd-21a9-444f-8808-57ad16689af1
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
376
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v2
e.serverbid.com/api/
16 B
168 B
XHR
General
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
134.209.129.254 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
200
date
Wed, 25 Mar 2020 18:40:59 GMT
access-control-allow-credentials
true
access-control-allow-origin
https://threatpost.com
content-length
16
vary
Origin
content-type
application/json
ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
0
-1 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
access-control-allow-origin
https://threatpost.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
0
-1 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
access-control-allow-origin
https://threatpost.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
0
-1 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
access-control-allow-origin
https://threatpost.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
0
-1 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
access-control-allow-origin
https://threatpost.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
0
-1 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
access-control-allow-origin
https://threatpost.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
gtm.js
www.googletagmanager.com/
71 KB
24 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a131f31ca11fc278e39c2f004fe72c5a9c2c8c7459e55d361627b2aa9c92b983
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:40:59 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
24364
x-xss-protection
0
last-modified
Wed, 25 Mar 2020 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 25 Mar 2020 18:40:59 GMT
icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/
11 KB
4 KB
Other
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:41:00 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Mar 2020 16:54:04 GMT
Server
nginx
ETag
W/"5e7b8cac-2b9f"
Transfer-Encoding
chunked
Content-Type
image/svg+xml
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 01 Apr 2020 18:41:00 GMT
icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/
11 KB
4 KB
Other
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:41:00 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Mar 2020 16:54:02 GMT
Server
nginx
ETag
W/"5e7b8caa-2b9f"
Transfer-Encoding
chunked
Content-Type
image/svg+xml
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 01 Apr 2020 18:41:00 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/P6KLRNy7h3K160ZmYNUOAce7/
260 KB
93 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/P6KLRNy7h3K160ZmYNUOAce7/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b2d6fcca7b06d9b949f7f407e9229e0323cb2a75cb6ee4ad35b53e25cf161605
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 23 Mar 2020 16:31:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 23 Mar 2020 04:07:14 GMT
server
sffe
age
180589
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
94799
x-xss-protection
0
expires
Tue, 23 Mar 2021 16:31:10 GMT
logo.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/
19 KB
19 KB
Image
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Referer
https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1585155242
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:41:00 GMT
Last-Modified
Wed, 25 Mar 2020 16:54:02 GMT
Server
nginx
ETag
"5e7b8caa-4a32"
Content-Type
image/png
Cache-Control
max-age=604800, public
Connection
close
Accept-Ranges
bytes
Content-Length
18994
Expires
Wed, 01 Apr 2020 18:41:00 GMT
museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer
https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1585155242
Origin
https://threatpost.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:40:59 GMT
Last-Modified
Wed, 25 Mar 2020 16:54:04 GMT
Server
nginx
ETag
"5e7b8cac-51b8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000, public
Connection
close
Accept-Ranges
bytes
Content-Length
20920
Expires
Thu, 25 Mar 2021 18:40:59 GMT
museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer
https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1585155242
Origin
https://threatpost.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:40:59 GMT
Last-Modified
Wed, 25 Mar 2020 16:54:04 GMT
Server
nginx
ETag
"5e7b8cac-51a4"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000, public
Connection
close
Accept-Ranges
bytes
Content-Length
20900
Expires
Thu, 25 Mar 2021 18:40:59 GMT
museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer
https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1585155242
Origin
https://threatpost.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:40:59 GMT
Last-Modified
Wed, 25 Mar 2020 16:54:02 GMT
Server
nginx
ETag
"5e7b8caa-50c8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000, public
Connection
close
Accept-Ranges
bytes
Content-Length
20680
Expires
Thu, 25 Mar 2021 18:40:59 GMT
museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer
https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1585155242
Origin
https://threatpost.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:40:59 GMT
Last-Modified
Wed, 25 Mar 2020 16:54:02 GMT
Server
nginx
ETag
"5e7b8caa-5194"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000, public
Connection
close
Accept-Ranges
bytes
Content-Length
20884
Expires
Thu, 25 Mar 2021 18:40:59 GMT
mail-plane-light.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/
828 B
722 B
Image
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Referer
https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1585155242
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:40:59 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Mar 2020 16:54:02 GMT
Server
nginx
ETag
W/"5e7b8caa-33c"
Transfer-Encoding
chunked
Content-Type
image/svg+xml
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 01 Apr 2020 18:40:59 GMT
twitter-blue.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/
868 B
847 B
Image
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Referer
https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1585155242
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:41:00 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Mar 2020 16:54:04 GMT
Server
nginx
ETag
W/"5e7b8cac-364"
Transfer-Encoding
chunked
Content-Type
image/svg+xml
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 01 Apr 2020 18:41:00 GMT
museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
15 KB
16 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer
https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1585155242
Origin
https://threatpost.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:40:59 GMT
Last-Modified
Wed, 25 Mar 2020 16:54:04 GMT
Server
nginx
ETag
"5e7b8cac-3dcc"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000, public
Connection
close
Accept-Ranges
bytes
Content-Length
15820
Expires
Thu, 25 Mar 2021 18:40:59 GMT
liveView.php
live.sekindo.com/live/ Frame 4854
2 KB
1 KB
Script
General
Full URL
https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1585161659&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
c4173aadc6ecc4504b6027a2fff393a9166b96e79dc730c2d90a2146e4f613a1

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:40:59 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/javascript; charset=utf-8
ADTECH;apid=1A2bfdf13a-6ec8-11ea-855f-12121b825df6;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A2bfdf13a-6ec8-11ea-855f-12121b825df6;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=15...
0
-1 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A2bfdf13a-6ec8-11ea-855f-12121b825df6;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
access-control-allow-origin
https://threatpost.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A2bfdf13a-6ec8-11ea-855f-12121b825df6;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A2bfdf13a-6ec8-11ea-855f-12121b825df6;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A2bfdfacc-6ec8-11ea-9336-1201d05c7be8;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A2bfdfacc-6ec8-11ea-9336-1201d05c7be8;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=15...
0
-1 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A2bfdfacc-6ec8-11ea-9336-1201d05c7be8;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
access-control-allow-origin
https://threatpost.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A2bfdfacc-6ec8-11ea-9336-1201d05c7be8;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A2bfdfacc-6ec8-11ea-9336-1201d05c7be8;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A2bfe2b28-6ec8-11ea-b895-128a639db496;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1A2bfe2b28-6ec8-11ea-b895-128a639db496;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=15...
0
-1 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1A2bfe2b28-6ec8-11ea-b895-128a639db496;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
access-control-allow-origin
https://threatpost.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1A2bfe2b28-6ec8-11ea-b895-128a639db496;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1A2bfe2b28-6ec8-11ea-b895-128a639db496;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A2bfe07e2-6ec8-11ea-8564-12dcd5311714;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A2bfe07e2-6ec8-11ea-8564-12dcd5311714;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=15...
0
-1 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A2bfe07e2-6ec8-11ea-8564-12dcd5311714;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
access-control-allow-origin
https://threatpost.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A2bfe07e2-6ec8-11ea-8564-12dcd5311714;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A2bfe07e2-6ec8-11ea-8564-12dcd5311714;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=15...
0
-1 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
access-control-allow-origin
https://threatpost.com
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status
302
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:40:59 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
mail-plane-large-dark.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/
812 B
722 B
Image
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Referer
https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1585155242
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:41:01 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Mar 2020 16:54:02 GMT
Server
nginx
ETag
W/"5e7b8caa-32c"
Transfer-Encoding
chunked
Content-Type
image/svg+xml
Cache-Control
max-age=604800, public
Connection
close
Expires
Wed, 01 Apr 2020 18:41:01 GMT
logo-white.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/
10 KB
10 KB
Image
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Referer
https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1585155242
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:41:07 GMT
Last-Modified
Wed, 25 Mar 2020 16:54:02 GMT
Server
nginx
ETag
"5e7b8caa-260a"
Content-Type
image/png
Cache-Control
max-age=604800, public
Connection
close
Accept-Ranges
bytes
Content-Length
9738
Expires
Wed, 01 Apr 2020 18:41:07 GMT
fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/
75 KB
76 KB
Font
General
Full URL
https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2176:1600:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=def5d7c4
Origin
https://threatpost.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 22 Jan 2020 19:47:34 GMT
via
1.1 fac4aa0a37eb414ea7428e42f604df90.cloudfront.net (CloudFront)
age
5439205
x-cache
Hit from cloudfront
status
200
content-length
77160
pragma
public
last-modified
Fri, 17 Jan 2020 13:10:25 GMT
server
nginx
etag
"5e21b241-12d68"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-amz-cf-pop
MXP64-C3
accept-ranges
bytes
x-amz-cf-id
-XPKxPUHiQ7qYFw4WS22undFsQKeQUZcDarsFANsqESXW0_E6poDfA==
expires
Thu, 21 Jan 2021 19:47:34 GMT
photo-newsletter.jpg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/
83 KB
83 KB
Image
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/photo-newsletter.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
940e0c3385928422aae38e1a74f1d84b462d8ce1a056c686fde505a0bf3162bb

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
public
Date
Wed, 25 Mar 2020 18:41:07 GMT
Last-Modified
Wed, 25 Mar 2020 16:54:03 GMT
Server
nginx
ETag
"5e7b8cab-14c88"
Content-Type
image/jpeg
Cache-Control
max-age=604800, public
Connection
close
Accept-Ranges
bytes
Content-Length
85128
Expires
Wed, 01 Apr 2020 18:41:07 GMT
anchor
www.google.com/recaptcha/api2/ Frame 49CD
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=P6KLRNy7h3K160ZmYNUOAce7&theme=standard&size=normal&cb=3z2eoofwgbz0
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Ajn7qkTE9bc+DY4BFIjYNA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=P6KLRNy7h3K160ZmYNUOAce7&theme=standard&size=normal&cb=3z2eoofwgbz0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 25 Mar 2020 18:41:00 GMT
content-security-policy
script-src 'report-sample' 'nonce-Ajn7qkTE9bc+DY4BFIjYNA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
10268
server
GSE
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
ADTECH;apid=1A2bfdfacc-6ec8-11ea-9336-1201d05c7be8;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/
605 B
736 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A2bfdfacc-6ec8-11ea-9336-1201d05c7be8;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=485959bd7418e2f;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
46872d9f0f8d6e31be116fa3e619ecc1f0e002484c1a0c3621932050d61c4069

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:00 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
605
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A2bfdf13a-6ec8-11ea-855f-12121b825df6;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/
605 B
783 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A2bfdf13a-6ec8-11ea-855f-12121b825df6;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=49730b689d613a4;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
2b45399fddc08d42e19321e415ff178a1259b2d0bd37378d20f73f58fb4b339d

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:00 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
605
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A2bfe07e2-6ec8-11ea-8564-12dcd5311714;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/
606 B
737 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A2bfe07e2-6ec8-11ea-8564-12dcd5311714;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4687b7ebbd2d983;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
9387aadffc3591e88625a1412e99d5102291178b8709e7959f60790e0df20f4e

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:00 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
606
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A2bfe2b28-6ec8-11ea-b895-128a639db496;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/
606 B
737 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1A2bfe2b28-6ec8-11ea-b895-128a639db496;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=507a9bb6a192ecf;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
cd72140fc3ec50a30d23e7b19b8c907d5e85ccbb0ea8e92ca3d2bb57faf6a7e8

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:00 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
606
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/
605 B
736 B
XHR
General
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a;cfp=1;rndc=1585161659;v=2;cmd=bid;cors=yes;alias=4764e2560638eb2;misc=1585161659621
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
970d1c7b873652d09fdeb32bd3c64fd6b41af545c09e6f3d0ef639a1cfb0e392

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:00 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://threatpost.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
605
expires
Mon, 15 Jun 1998 00:00:00 GMT
/
graph.facebook.com/
82 B
526 B
XHR
General
Full URL
https://graph.facebook.com/?id=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F
Requested by
Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5bdd2164f22a304758dc0a7fdb43ad498e8a3ee825a29e387b85d6d64c044ac0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
etag
"a9b881f712a25def68eddbd3ea007639f1b94d4a"
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
x-fb-rev
1001895592
alt-svc
h3-27=":443"; ma=3600
content-length
82
pragma
no-cache
x-fb-debug
E7z5GlRIjYlExKGCur3qWKBkPvnphx3pVqHlJZfTCIjQxPr66r5m8IQiFYMCVUsikt03Xs1ogBvxLvnLfHM7og==
x-fb-trace-id
BQ7n788jWLl
date
Wed, 25 Mar 2020 18:41:00 GMT, Wed, 25 Mar 2020 18:41:00 GMT
content-type
application/json
access-control-allow-origin
*
x-fb-request-id
As_zb7-V7UljY-wGtx-Wru2
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.12
expires
Sat, 01 Jan 2000 00:00:00 GMT
share
www.linkedin.com/countserv/count/
0
0
Script
General
Full URL
https://www.linkedin.com/countserv/count/share?url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F&format=jsonp&callback=jQuery112409894751258523726_1585161659635&_=1585161659636
Requested by
Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

info.json
www.reddit.com/api/
102 B
1 KB
XHR
General
Full URL
https://www.reddit.com/api/info.json?url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F
Requested by
Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.53.140 Manchester, United Kingdom, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
f4f2c0a4763f01ee2b13b4f8189e6fd5f32bd704d71fed8d0f11883de9724198
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 25 Mar 2020 18:41:00 GMT
via
1.1 varnish
x-content-type-options
nosniff
x-cache
MISS
status
200
content-length
102
x-xss-protection
1; mode=block
x-served-by
cache-man4144-MAN
x-moose
majestic
expires
-1
server
snooserv
x-timer
S1585161660.146257,VS0,VE376
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
X-Moose
cache-control
private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible
IE=edge
accept-ranges
bytes
x-cache-hits
0
analytics.js
www.google-analytics.com/
44 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
145
date
Wed, 25 Mar 2020 18:38:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
18174
expires
Wed, 25 Mar 2020 20:38:35 GMT
quant.js
secure.quantserve.com/
13 KB
6 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.136 , United Kingdom, ASN27281 (QUANTCAST, US),
Reverse DNS
Software
QS /
Resource Hash
e8d7c60749c1d62942a8e0a6f901800bd14ff3094251373626cd99a8875c6391
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 25 Mar 2020 18:41:00 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25-Mar-2020 18:41:00 GMT
Server
QS
Etag
M0-56c8c653
Vary
Accept-Encoding
Strict-Transport-Security
max-age=86400
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=604800
Connection
keep-alive
Content-Length
5651
Expires
Wed, 01 Apr 2020 18:41:00 GMT
uwt.js
static.ads-twitter.com/
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:00 GMT
content-encoding
gzip
age
37623
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1954
x-served-by
cache-hhn4039-HHN
last-modified
Tue, 23 Jan 2018 20:09:00 GMT
x-timer
S1585161660.142388,VS0,VE0
etag
"b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
DetectGDPR2.v1.0.js
live.sekindo.com/content/ClientDetections/ Frame 4854
8 KB
3 KB
Script
General
Full URL
https://live.sekindo.com/content/ClientDetections/DetectGDPR2.v1.0.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1585161659&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
ace61d80f3fe90bbb02ab328d9705b57a9c8a95d3a0bf6b4cd510d4dacd033df

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 25 Mar 2020 18:41:00 GMT
Content-Encoding
gzip
Last-Modified
Sun, 26 Jan 2020 18:48:12 GMT
Server
nginx
ETag
W/"5e2ddeec-211f"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Thu, 25 Mar 2021 18:41:00 GMT
iab_consent_sdk.v1.0.js
live.sekindo.com/content/ClientDetections/ Frame 4854
19 KB
6 KB
Script
General
Full URL
https://live.sekindo.com/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1585161659&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 25 Mar 2020 18:40:59 GMT
Content-Encoding
gzip
Last-Modified
Wed, 12 Feb 2020 15:01:36 GMT
Server
nginx
ETag
W/"5e441350-4be0"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Thu, 25 Mar 2021 18:40:59 GMT
DetectGDPR.v1.0.js
live.sekindo.com/content/ClientDetections/ Frame 4854
7 KB
3 KB
Script
General
Full URL
https://live.sekindo.com/content/ClientDetections/DetectGDPR.v1.0.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1585161659&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
993ebc45d9927d420801f05819222e8cc1aa523187e4c0b290df02b23ce18093

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 25 Mar 2020 18:40:59 GMT
Content-Encoding
gzip
Last-Modified
Sun, 26 Jan 2020 11:58:13 GMT
Server
nginx
ETag
W/"5e2d7ed5-1d87"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Thu, 25 Mar 2021 18:40:59 GMT
hls.0.12.4_1.min.js
live.sekindo.com/content/video/hls/ Frame 4854
247 KB
85 KB
Script
General
Full URL
https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1585161659&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
7d0492c66125b1c2bdc419641e41542857e7d90e323d355ee0b8bb268da121fb

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 25 Mar 2020 18:41:00 GMT
Content-Encoding
gzip
Last-Modified
Mon, 06 Jan 2020 15:31:56 GMT
Server
nginx
ETag
W/"5e1352ec-3dcb9"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Thu, 25 Mar 2021 18:41:00 GMT
prebidVid.2.44.3_2.min.js
live.sekindo.com/content/prebid/ Frame 4854
267 KB
99 KB
Script
General
Full URL
https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1585161659&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
4ee36d77a67f176a8468c3fafd5c230a2b8584293b81221b004619e700f84106

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 25 Mar 2020 18:40:59 GMT
Content-Encoding
gzip
Last-Modified
Thu, 30 Jan 2020 06:21:36 GMT
Server
nginx
ETag
W/"5e3275f0-42b3f"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Thu, 25 Mar 2021 18:40:59 GMT
liveVideo.php
live.sekindo.com/live/ Frame 4854
353 KB
103 KB
Script
General
Full URL
https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30332D32355F32307D7B7331323334383830387D7B4338357D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B4C363631357DFEFE&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5e7ba5bbcad89&debugInfo=12348808_&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.82740020751953&geoLong=4.3480000495910645&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&gdpr2Consent=&ccpa=0&ccpaConsent=
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1585161659&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
49f6ce28bf691d68caf0194e319980493fe17958241d083ac686a0b31c70f41f

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Wed, 25 Mar 2020 18:41:00 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&aip=1&a=953522800&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ul=en-us...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-35676203-21&cid=2110905385.1585161660&jid=2052855395&_gid=2099108862.1585161660&gjid=1506444342&_v=j81&z=425573027
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=2110905385.1585161660&jid=2052855395&_v=j81&z=425573027
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=2110905385.1585161660&jid=2052855395&_v=j81&z=425573027&slf_rd=1&random=2526068164
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=2110905385.1585161660&jid=2052855395&_v=j81&z=425573027&slf_rd=1&random=2526068164
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:00 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:00 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=2110905385.1585161660&jid=2052855395&_v=j81&z=425573027&slf_rd=1&random=2526068164
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
apstag.js
c.amazon-adsystem.com/aax2/ Frame 4854
87 KB
25 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30332D32355F32307D7B7331323334383830387D7B4338357D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B4C363631357DFEFE&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5e7ba5bbcad89&debugInfo=12348808_&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.82740020751953&geoLong=4.3480000495910645&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&gdpr2Consent=&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.86.0.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-0-120.fra6.r.cloudfront.net
Software
Server /
Resource Hash
ac2a58f9d55c4642121cfb6f7e213cbc882bbdd75ef171ca8a07ed982ef693ce

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 24 Mar 2020 22:00:54 GMT
content-encoding
gzip
server
Server
age
74405
etag
1dcfbf3986ee8b9c3abbc67eb808ab43
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=86400
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-amz-cf-id
64XWvqSk4hakMjM-I4fQLZG3obYRxCnbsUe_JAw3zm8Xcl-Jl2_Nww==
via
1.1 b8e900270aa30d899882e71796feca9c.cloudfront.net (CloudFront)
rules-p-_7kVx0t9Jqj90.js
rules.quantcount.com/
3 B
358 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2176:4000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:36:47 GMT
via
1.1 3fa2b80983a3483c49ea2a8d6ada6dd1.cloudfront.net (CloudFront)
last-modified
Fri, 03 Mar 2017 23:52:35 GMT
server
AmazonS3
age
254
etag
"8a80554c91d9fca8acb82f023de02f11"
x-cache
Error from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=300
x-amz-cf-pop
MXP64-C3
accept-ranges
bytes
content-length
3
x-amz-cf-id
F8G7YE0R8jWVwTxtfJFROxlBmjF6vN93xPuT75QYkeiRolAnvyL19Q==
bframe
www.google.com/recaptcha/api2/ Frame 4409
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=P6KLRNy7h3K160ZmYNUOAce7&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=ax47hswy1ixp
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-L6KQh19FXgbEY3E5SNc9Rg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/bframe?hl=en&v=P6KLRNy7h3K160ZmYNUOAce7&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=ax47hswy1ixp
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 25 Mar 2020 18:41:00 GMT
content-security-policy
script-src 'report-sample' 'nonce-L6KQh19FXgbEY3E5SNc9Rg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1185
server
GSE
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
ads
securepubads.g.doubleclick.net/gampad/
27 KB
8 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1767861426681425&correlator=1199045217561234&output=ldjh&impl=fifs&adsid=NT&vrg=2020030501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200325&iu_parts=21707124336%2CThreatPost-970x250-ATF%2CThreatPost-300x250-ATF%2CThreatPost-300x600-ATF%2CThreatPost-2x2-Skin&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fapache-tomcat-exploit-stealing-files%252F154055%252F%26urlquery%3Dgoogfc%26contentid%3D154055%26category%3Dvulnerabilities%26contenttags%3Dapache-tomcat%252Ccompromise%252Ccve-2020-1938%252Cexploit%252Cfile-retrieval%252Chack%252Cin-the-wild-attacks%252Cremote-code-execution%252Csecurity-vulnerability%252Cweb-server&cookie_enabled=1&bc=31&abxe=1&lmt=1585161660&dt=1585161660420&dlt=1585161658975&idt=570&frm=20&biw=1585&bih=1200&oid=3&adxs=429%2C1075%2C1075%2C0&adys=10%2C257%2C1532%2C0&adks=1015519800%2C654286612%2C375389812%2C3385906655&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&dssz=44&icsg=11275075776&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x90%7C300x250%7C300x250%7C1585x2&msz=728x90%7C300x250%7C300x250%7C1585x2&ga_vid=2110905385.1585161660&ga_sid=1585161660&ga_hid=953522800&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
cafe /
Resource Hash
eab15001f6fb4511c86535abe6fea6fd8891c0f693d48e27e3a80d782bc1bd10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 25 Mar 2020 18:41:00 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
7815
x-xss-protection
0
google-lineitem-id
5193129080,5256232715,5192770279,5283645110
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138293210130,138298747257,138293210928,138301519116
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2020030501.js
securepubads.g.doubleclick.net/gpt/
69 KB
25 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
sffe /
Resource Hash
ffdc18ac8f47bcd50dd9c33532c334e7073717a62b367d95b9cb1561048547dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 05 Mar 2020 14:08:10 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
25689
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:00 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/
0
0
Other
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

adsct
t.co/i/
43 B
449 B
Image
General
Full URL
https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 25 Mar 2020 18:41:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=0
content-length
65
x-xss-protection
0
x-response-time
117
pragma
no-cache
last-modified
Wed, 25 Mar 2020 18:41:00 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
afb6ec71d276fbd2ce8894ba7baa407c
x-transaction
003d34f10096c193
expires
Tue, 31 Mar 1981 05:00:00 GMT
css
fonts.googleapis.com/ Frame DD35
2 KB
672 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30332D32355F32307D7B7331323334383830387D7B4338357D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B4C363631357DFEFE&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5e7ba5bbcad89&debugInfo=12348808_&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.82740020751953&geoLong=4.3480000495910645&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&gdpr2Consent=&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 25 Mar 2020 18:41:00 GMT
server
ESF
date
Wed, 25 Mar 2020 18:41:00 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 25 Mar 2020 18:41:00 GMT
css
fonts.googleapis.com/ Frame 6DE7
2 KB
626 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30332D32355F32307D7B7331323334383830387D7B4338357D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B4C363631357DFEFE&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5e7ba5bbcad89&debugInfo=12348808_&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.82740020751953&geoLong=4.3480000495910645&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&gdpr2Consent=&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 25 Mar 2020 18:41:00 GMT
server
ESF
date
Wed, 25 Mar 2020 18:41:00 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 25 Mar 2020 18:41:00 GMT
placeHolder.png
live.sekindo.com/content/video/splayer/assets/
23 KB
24 KB
Image
General
Full URL
https://live.sekindo.com/content/video/splayer/assets/placeHolder.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 25 Mar 2020 18:40:59 GMT
Last-Modified
Sun, 11 Jun 2017 08:03:58 GMT
Server
nginx
ETag
"593cf96e-5dbf"
Content-Type
image/png
Cache-Control
no-cache, private
Accept-Ranges
bytes
Content-Length
23999
Expires
Wed, 25 Mar 2020 18:40:58 GMT
vid5e70618c10176436842867.jpg
video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/ Frame 6DE7
21 KB
21 KB
Image
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/vid5e70618c10176436842867.jpg?cbuster=1584423309
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
c4ca1b4345ad8c00fd480a746e1a0f08c212ece3a894e8ea94db9dad099154ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 25 Mar 2020 18:40:22 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:27 GMT
Server
Tengine
ETag
"5e7062cb-5426"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
21542
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5e7497d367e55463572644.jpg
video.sekindo.com/uploads/cn5/video/users/converted/24485/video1523972806/ Frame 6DE7
18 KB
18 KB
Image
General
Full URL
https://video.sekindo.com/uploads/cn5/video/users/converted/24485/video1523972806/vid5e7497d367e55463572644.jpg?cbuster=1584699348
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
1375c3a601c8c119942e35a8a9b340c0a44c53b15983e961295f04dc66889da9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 25 Mar 2020 18:40:22 GMT
Last-Modified
Fri, 20 Mar 2020 16:35:26 GMT
Server
Tengine
ETag
"5e74f0ce-47da"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
18394
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5e7aa5fa02206483346051.jpg
video.sekindo.com/uploads/cn11/video/users/converted/24485/video1523972806/ Frame 6DE7
14 KB
14 KB
Image
General
Full URL
https://video.sekindo.com/uploads/cn11/video/users/converted/24485/video1523972806/vid5e7aa5fa02206483346051.jpg?cbuster=1585096186
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
b2e11a6d036e47dd106daa0d14d175a42337d24f1bb5b5df546b3096931f725c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 25 Mar 2020 18:40:22 GMT
Last-Modified
Wed, 25 Mar 2020 00:30:09 GMT
Server
Tengine
ETag
"5e7aa611-386b"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
14443
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5e755143ae5c1045852669.jpg
video.sekindo.com/uploads/cn4/video/users/converted/24485/video1523972806/ Frame 6DE7
12 KB
12 KB
Image
General
Full URL
https://video.sekindo.com/uploads/cn4/video/users/converted/24485/video1523972806/vid5e755143ae5c1045852669.jpg?cbuster=1584746820
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
7fe9c9bddddeedcfcc45dadb0f0c5f57cce1393013fff5d2c85ec6e9556d1414
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 25 Mar 2020 18:40:22 GMT
Last-Modified
Sat, 21 Mar 2020 08:19:02 GMT
Server
Tengine
ETag
"5e75cdf6-3019"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
12313
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5e78c63388ed7519841362.jpg
video.sekindo.com/uploads/cn3/video/users/converted/24485/video1523972806/ Frame 6DE7
20 KB
20 KB
Image
General
Full URL
https://video.sekindo.com/uploads/cn3/video/users/converted/24485/video1523972806/vid5e78c63388ed7519841362.jpg?cbuster=1584973364
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
a7b094f48e6774d82dfc7864e438d35675e5dad0ba6f3222a8003e9a932f104e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Mon, 23 Mar 2020 14:23:17 GMT
Server
Tengine
ETag
"5e78c655-4fb6"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
20406
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5e700bc4c80c0677299569.jpg
video.sekindo.com/uploads/cn2/video/users/converted/24485/video1523972806/ Frame 6DE7
15 KB
16 KB
Image
General
Full URL
https://video.sekindo.com/uploads/cn2/video/users/converted/24485/video1523972806/vid5e700bc4c80c0677299569.jpg?cbuster=1584401350
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
ed8348ad255986ca08204cc5d4bd3a58e8173a0588b47d89895f77af07c9adaf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Mon, 16 Mar 2020 23:35:20 GMT
Server
Tengine
ETag
"5e700d38-3ce5"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
15589
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5e71c75337a14771087703.jpg
video.sekindo.com/uploads/cn4/video/users/converted/24485/video1523972806/ Frame 6DE7
26 KB
27 KB
Image
General
Full URL
https://video.sekindo.com/uploads/cn4/video/users/converted/24485/video1523972806/vid5e71c75337a14771087703.jpg?cbuster=1584514900
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
8fa3dc8d99f9c768dab8377000d306d6c3795c024993ab8a7f42e29f5f236ddd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Wed, 18 Mar 2020 07:02:09 GMT
Server
Tengine
ETag
"5e71c771-6929"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
26921
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5e700bc79897c647013074.jpg
video.sekindo.com/uploads/cn2/video/users/converted/24485/video1523972806/ Frame 6DE7
19 KB
19 KB
Image
General
Full URL
https://video.sekindo.com/uploads/cn2/video/users/converted/24485/video1523972806/vid5e700bc79897c647013074.jpg?cbuster=1584401356
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
0a1b5a439d79947cc5db6aa52347627ed146b7710af2ce042804a8a259ea966c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Mon, 16 Mar 2020 23:35:51 GMT
Server
Tengine
ETag
"5e700d57-4a74"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
19060
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5e794147e4fb1213342156.jpg
video.sekindo.com/uploads/cn2/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 6DE7
6 KB
6 KB
Image
General
Full URL
https://video.sekindo.com/uploads/cn2/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5e794147e4fb1213342156.jpg?cbuster=1585004881
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
e49757fb6a21657071fe47fddf22b3dd01c0a2d579b0bb9570ef941f919fdf9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Mon, 23 Mar 2020 23:08:36 GMT
Server
Tengine
ETag
"5e794174-1671"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
5745
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5e6fbdb6cdf45970267049.jpg
video.sekindo.com/uploads/cn2/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 6DE7
17 KB
17 KB
Image
General
Full URL
https://video.sekindo.com/uploads/cn2/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5e6fbdb6cdf45970267049.jpg?cbuster=1584381377
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
0b4b6edbb9dfa923bde86147c294879a60493c25e315b728abd03ebb7967add1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Mon, 16 Mar 2020 17:57:18 GMT
Server
Tengine
ETag
"5e6fbdfe-4231"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
16945
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5e70618c10176436842867.jpg
video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/ Frame DD35
21 KB
21 KB
Image
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/converted/24485/video1523972806/vid5e70618c10176436842867.jpg?cbuster=1584423309
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
c4ca1b4345ad8c00fd480a746e1a0f08c212ece3a894e8ea94db9dad099154ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://amli.sekindo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:27 GMT
Server
Tengine
ETag
"5e7062cb-5426"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
21542
Expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/ Frame DD35
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame DD35
715 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 4854
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.86.0.120 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-0-120.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 25 Mar 2020 07:08:27 GMT
content-encoding
gzip
vary
Origin
age
41554
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Thu, 05 Mar 2020 08:28:46 GMT
server
AmazonS3
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
Qidd19VTFnslkScQNfk7UVw9L_um7-0tddKGfWxNKO2QTuoQVcR7hw==
liveView.php
live.sekindo.com/live/ Frame 4854
65 KB
3 KB
XHR
General
Full URL
https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=1&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn8%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo1523972806%2Fvid5e70618c10176436842867.mp4&vid_content_id=704253&vid_content_desc=Therapeutic+Products+Are+a+Quicker+Path+to+Treatement+for+COVID-19%2C+Says+Biotech+CEO&vid_content_title=Therapeutic+Products+Are+a+Quicker+Path+to+Treatement+for+COVID-19%2C+Says+Biotech+CEO&vid_content_duration=221&debugInformation=&x=400&y=225&fpl=0&pubUrl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ri=6C69766553746174737C736B317B54307D7B64323032302D30332D32355F32307D7B7331323334383830387D7B4338357D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B4C363631357DFEFE&isApp=0&geoLati=50.82740020751953&geoLong=4.3480000495910645&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5e7ba5bbcad89&cbuster=1585161660571&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30332D32355F32307D7B7331323334383830387D7B4338357D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B4C363631357DFEFE&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5e7ba5bbcad89&debugInfo=12348808_&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.82740020751953&geoLong=4.3480000495910645&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&gdpr2Consent=&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
8059ef7e4e176e0b52f8409da913d7232558458689998d6158fa830cff900e18

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:00 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Content-Type
application/json; charset=utf-8
Content-Length
3074
liveView.php
live.sekindo.com/live/ Frame 4854
65 KB
3 KB
XHR
General
Full URL
https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=1&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn8%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo1523972806%2Fvid5e70618c10176436842867.mp4&vid_content_id=704253&vid_content_desc=Therapeutic+Products+Are+a+Quicker+Path+to+Treatement+for+COVID-19%2C+Says+Biotech+CEO&vid_content_title=Therapeutic+Products+Are+a+Quicker+Path+to+Treatement+for+COVID-19%2C+Says+Biotech+CEO&vid_content_duration=221&debugInformation=&x=320&y=180&fpl=0&pubUrl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ri=6C69766553746174737C736B317B54307D7B64323032302D30332D32355F32307D7B7331323334383830387D7B4338357D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B4C363631357DFEFE&isApp=0&geoLati=50.82740020751953&geoLong=4.3480000495910645&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5e7ba5bbcad89&cbuster=1585161660572&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30332D32355F32307D7B7331323334383830387D7B4338357D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B4C363631357DFEFE&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5e7ba5bbcad89&debugInfo=12348808_&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.82740020751953&geoLong=4.3480000495910645&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&gdpr2Consent=&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
4ebb74bccc78dc81f31944b8c09651746486a736c0858d0e6213b8fed2b6ff3c

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:00 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Content-Type
application/json; charset=utf-8
Content-Length
2839
liveView.php
live.sekindo.com/live/ Frame 4854
23 KB
2 KB
XHR
General
Full URL
https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=0&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn8%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo1523972806%2Fvid5e70618c10176436842867.mp4&vid_content_id=704253&vid_content_desc=Therapeutic+Products+Are+a+Quicker+Path+to+Treatement+for+COVID-19%2C+Says+Biotech+CEO&vid_content_title=Therapeutic+Products+Are+a+Quicker+Path+to+Treatement+for+COVID-19%2C+Says+Biotech+CEO&vid_content_duration=221&debugInformation=&x=400&y=225&fpl=0&pubUrl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ri=6C69766553746174737C736B317B54307D7B64323032302D30332D32355F32307D7B7331323334383830387D7B4338357D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B4C363631357DFEFE&isApp=0&geoLati=50.82740020751953&geoLong=4.3480000495910645&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5e7ba5bbcad89&cbuster=1585161660572&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30332D32355F32307D7B7331323334383830387D7B4338357D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B4C363631357DFEFE&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5e7ba5bbcad89&debugInfo=12348808_&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.82740020751953&geoLong=4.3480000495910645&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&gdpr2Consent=&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
1b865de44e72a2747505e6411aca48ed3cb36be7a04bc4f278fcb397640897e8

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:00 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Content-Type
application/json; charset=utf-8
Content-Length
1753
openrtb
ads.adaptv.advertising.com/rtb/ Frame 4854
0
215 B
XHR
General
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.54.253 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-54-253.eu-central-1.compute.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://threatpost.com
Access-Control-Allow-Credentials
true
Server
adaptv/1.0
Connection
keep-alive
Content-Length
0
Content-Type
application/json
translator
hbopenbid.pubmatic.com/ Frame 4854
0
59 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Wed, 25 Mar 2020 18:41:00 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://threatpost.com
liveView.php
live.sekindo.com/live/ Frame 4854
23 KB
2 KB
XHR
General
Full URL
https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=0&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn8%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo1523972806%2Fvid5e70618c10176436842867.mp4&vid_content_id=704253&vid_content_desc=Therapeutic+Products+Are+a+Quicker+Path+to+Treatement+for+COVID-19%2C+Says+Biotech+CEO&vid_content_title=Therapeutic+Products+Are+a+Quicker+Path+to+Treatement+for+COVID-19%2C+Says+Biotech+CEO&vid_content_duration=221&debugInformation=&x=320&y=180&fpl=0&pubUrl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ri=6C69766553746174737C736B317B54307D7B64323032302D30332D32355F32307D7B7331323334383830387D7B4338357D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B4C363631357DFEFE&isApp=0&geoLati=50.82740020751953&geoLong=4.3480000495910645&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5e7ba5bbcad89&cbuster=1585161660703&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30332D32355F32307D7B7331323334383830387D7B4338357D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B4C363631357DFEFE&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5e7ba5bbcad89&debugInfo=12348808_&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.82740020751953&geoLong=4.3480000495910645&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&gdpr2Consent=&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
78bc5dc1c09d79d9421e935ad00c2281a2c1b8f4966d244195391a54eb3cfb65

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:00 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Content-Type
application/json; charset=utf-8
Content-Length
1751
chunklist_640.m3u8
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/ Frame 4854
1 KB
2 KB
XHR
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/chunklist_640.m3u8
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
0fd953ce433919e53bd0becd88f9f5def2ea86ef980537fe224533d082592dc6

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:51 GMT
Server
Tengine
ETag
"5e7062e3-4ec"
Content-Type
application/vnd.apple.mpegurl
Access-Control-Allow-Origin
*
Expires
Wed, 01 Apr 2020 18:40:23 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
1260
X-Proxy-Cache
HIT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame DD35
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Roboto&display=swap
Origin
https://threatpost.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 27 Feb 2020 08:47:06 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
2368434
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Fri, 26 Feb 2021 08:47:06 GMT
w_640_000.ts
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/ Frame 4854
282 KB
283 KB
XHR
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/w_640_000.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
1c6d050ba929828a393c4a5a47ad09fdeb41687590cbaa3eafb6e256dffa48fe

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:41 GMT
Server
Tengine
ETag
"5e7062d9-46978"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Wed, 01 Apr 2020 18:40:23 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
289144
X-Proxy-Cache
HIT
cf981760-e41d-4f65-8fb2-9250b6720174
https://threatpost.com/ Frame 4854
63 KB
0
Other
General
Full URL
blob:https://threatpost.com/cf981760-e41d-4f65-8fb2-9250b6720174
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
worker

Response headers

Content-Length
64352
Content-Type
text/javascript
pixel;r=1638380125;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue;fpan=1;fpa=P0-381849457-1585161660842;ns=0...
pixel.quantserve.com/
35 B
658 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=1638380125;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue;fpan=1;fpa=P0-381849457-1585161660842;ns=0;ce=1;qjs=1;qv=0e9a7da-20191205140709;cm=;ref=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1585161660842;tzo=-60;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2020%2F03%2F23161807%2Ftom_c%2Ctype.article%2Ctitle.Apache%20Tomcat%20Exploit%20Poised%20to%20Pounce%252C%20Stealing%20Files%2Cdescription.Researchers%20said%20that%20a%20working%20exploit%20for%20CVE-2020-1938%20leaked%20on%20GitHub%20makes%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fapache-tomcat-exploit-stealing-files%2F154055%2F
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.206 , United Kingdom, ASN27281 (QUANTCAST, US),
Reverse DNS
Software
QS /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:01 GMT
Server
QS
Strict-Transport-Security
max-age=86400
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control
private, no-cache, no-store, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
Fri, 04 Aug 1978 12:00:00 GMT
bl-88d2de2-47b2e0b5.js
tagan.adlightning.com/math-aids-threatpost/ Frame 6447
80 KB
31 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-88d2de2-47b2e0b5.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.5 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-5.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e107ee0ce6bbe3eeca2b5cbe98251de6bf8be5a53aa8060e9c8affb4cc8d2bfa

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 17:20:50 GMT
content-encoding
gzip
age
4811
x-cache
Hit from cloudfront
status
200
content-length
31278
x-amz-meta-git_commit
88d2de2
last-modified
Wed, 25 Mar 2020 17:13:54 GMT
server
AmazonS3
etag
"9b401a5bd2aa0675109aa77dc89a96d9"
x-amz-version-id
GKFikuxOFF5dqHYHZzXayrEgDgfxCGX4
via
1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
0VyzcBaCtTZobPe3yswuTeFdNC0GnNieQHksWbeRZ5xkidAJ06_qSg==
b-0d4dfcb.js
tagan.adlightning.com/math-aids-threatpost/ Frame 6447
53 KB
15 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.5 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-5.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
92236ba12e109fff1e82ecabec1eda229af59c8374c54374a38a46dc01f53559

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 16:49:46 GMT
content-encoding
gzip
age
2253075
x-cache
Hit from cloudfront
status
200
content-length
14481
x-amz-meta-git_commit
0d4dfcb
last-modified
Mon, 20 Jan 2020 21:00:33 GMT
server
AmazonS3
etag
"bf1a2a1d4ffb353d268fccfda0736572"
x-amz-version-id
PGsbLvp7r6PsyaqOJTHRTfOBKlgvnkI7
via
1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
LQQippLcZHsbT3RAiSOGDhCAMYLrPjuBvMJu0m8EtfAuSYhkd8T7xw==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 6447
107 KB
38 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c005dba1d518d8fcd6bb8b0cd5264947d7c8c5b53363556d98c453428a376ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
39033
x-xss-protection
0
server
cafe
etag
13352514705584774431
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 25 Mar 2020 18:41:00 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 6447
74 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a1b118736ba9dc41f144f350574bec748a1ba0e8b355a99cbfe570ad236b50e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1584962844677376"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28201
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:00 GMT
osd.js
www.googletagservices.com/activeview/js/current/
74 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
351e508c1da4f9d1535747086accb41121466a52044aa868eba4a36009fdb101
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1584962844677376"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
27941
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:00 GMT
bl-88d2de2-47b2e0b5.js
tagan.adlightning.com/math-aids-threatpost/ Frame BAE7
80 KB
31 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-88d2de2-47b2e0b5.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.5 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-5.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e107ee0ce6bbe3eeca2b5cbe98251de6bf8be5a53aa8060e9c8affb4cc8d2bfa

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 17:20:50 GMT
content-encoding
gzip
age
4811
x-cache
Hit from cloudfront
status
200
content-length
31278
x-amz-meta-git_commit
88d2de2
last-modified
Wed, 25 Mar 2020 17:13:54 GMT
server
AmazonS3
etag
"9b401a5bd2aa0675109aa77dc89a96d9"
x-amz-version-id
GKFikuxOFF5dqHYHZzXayrEgDgfxCGX4
via
1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
D7ZbMwg2A356wA1gIRU-GsByb-nJ5cRw2P1mod8Y0LMLgaJsgRS5BQ==
b-0d4dfcb.js
tagan.adlightning.com/math-aids-threatpost/ Frame BAE7
53 KB
15 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.5 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-5.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
92236ba12e109fff1e82ecabec1eda229af59c8374c54374a38a46dc01f53559

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 16:49:46 GMT
content-encoding
gzip
age
2253075
x-cache
Hit from cloudfront
status
200
content-length
14481
x-amz-meta-git_commit
0d4dfcb
last-modified
Mon, 20 Jan 2020 21:00:33 GMT
server
AmazonS3
etag
"bf1a2a1d4ffb353d268fccfda0736572"
x-amz-version-id
PGsbLvp7r6PsyaqOJTHRTfOBKlgvnkI7
via
1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
GNEKRwSSuNdYeIP5hphPZF6vGNIorWQ2z3zia9XCFUSgvcB8FHMp3Q==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame BAE7
107 KB
38 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c005dba1d518d8fcd6bb8b0cd5264947d7c8c5b53363556d98c453428a376ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
39033
x-xss-protection
0
server
cafe
etag
13352514705584774431
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 25 Mar 2020 18:41:00 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame BAE7
74 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a1b118736ba9dc41f144f350574bec748a1ba0e8b355a99cbfe570ad236b50e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1584962844677376"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28201
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:00 GMT
bl-88d2de2-47b2e0b5.js
tagan.adlightning.com/math-aids-threatpost/ Frame F014
80 KB
31 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-88d2de2-47b2e0b5.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.5 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-5.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e107ee0ce6bbe3eeca2b5cbe98251de6bf8be5a53aa8060e9c8affb4cc8d2bfa

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 17:20:50 GMT
content-encoding
gzip
age
4811
x-cache
Hit from cloudfront
status
200
content-length
31278
x-amz-meta-git_commit
88d2de2
last-modified
Wed, 25 Mar 2020 17:13:54 GMT
server
AmazonS3
etag
"9b401a5bd2aa0675109aa77dc89a96d9"
x-amz-version-id
GKFikuxOFF5dqHYHZzXayrEgDgfxCGX4
via
1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
bJQzd7Ch_FnYSaMNaAFRm4eMWL8tT3dIXSdR8jeckmrFfNhCCCVpZw==
b-0d4dfcb.js
tagan.adlightning.com/math-aids-threatpost/ Frame F014
53 KB
15 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.5 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-5.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
92236ba12e109fff1e82ecabec1eda229af59c8374c54374a38a46dc01f53559

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 16:49:46 GMT
content-encoding
gzip
age
2253075
x-cache
Hit from cloudfront
status
200
content-length
14481
x-amz-meta-git_commit
0d4dfcb
last-modified
Mon, 20 Jan 2020 21:00:33 GMT
server
AmazonS3
etag
"bf1a2a1d4ffb353d268fccfda0736572"
x-amz-version-id
PGsbLvp7r6PsyaqOJTHRTfOBKlgvnkI7
via
1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
RvrZyZg7faoZOuogeFNoaZRDUHoVjHUzLpB4pKNgLEvmmZ4rsd_7fA==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame F014
107 KB
38 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c005dba1d518d8fcd6bb8b0cd5264947d7c8c5b53363556d98c453428a376ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
39033
x-xss-protection
0
server
cafe
etag
13352514705584774431
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 25 Mar 2020 18:41:00 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame F014
74 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a1b118736ba9dc41f144f350574bec748a1ba0e8b355a99cbfe570ad236b50e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1584962844677376"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28201
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:00 GMT
bl-88d2de2-47b2e0b5.js
tagan.adlightning.com/math-aids-threatpost/ Frame 7E52
80 KB
31 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-88d2de2-47b2e0b5.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.5 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-5.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e107ee0ce6bbe3eeca2b5cbe98251de6bf8be5a53aa8060e9c8affb4cc8d2bfa

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 17:20:50 GMT
content-encoding
gzip
age
4811
x-cache
Hit from cloudfront
status
200
content-length
31278
x-amz-meta-git_commit
88d2de2
last-modified
Wed, 25 Mar 2020 17:13:54 GMT
server
AmazonS3
etag
"9b401a5bd2aa0675109aa77dc89a96d9"
x-amz-version-id
GKFikuxOFF5dqHYHZzXayrEgDgfxCGX4
via
1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
Ppp8MIQ-NY96i-3UuRh5y4_7sLONV4RgxQ2p9pZ6e0Kcsv15Tmf04g==
b-0d4dfcb.js
tagan.adlightning.com/math-aids-threatpost/ Frame 7E52
53 KB
15 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.5 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-5.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
92236ba12e109fff1e82ecabec1eda229af59c8374c54374a38a46dc01f53559

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 28 Feb 2020 16:49:46 GMT
content-encoding
gzip
age
2253075
x-cache
Hit from cloudfront
status
200
content-length
14481
x-amz-meta-git_commit
0d4dfcb
last-modified
Mon, 20 Jan 2020 21:00:33 GMT
server
AmazonS3
etag
"bf1a2a1d4ffb353d268fccfda0736572"
x-amz-version-id
PGsbLvp7r6PsyaqOJTHRTfOBKlgvnkI7
via
1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
uEB3AOFNEJmHSBpEXJLav4eU2J_8XRB9BirQLXKMEh6CBrFdk1kRHg==
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012003101714470/
20 KB
8 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c2b0d171a4179bf00898c430c1c15464e528aff5762fc70a5d02184834c82eff
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
7198
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
7178
x-xss-protection
0
server
sffe
date
Wed, 25 Mar 2020 16:41:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9d3d923337ef7e9b"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 25 Mar 2021 16:41:02 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 6447
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssFbGzriuSI6ftCwID4JQPdk6v_MejotmyWa0Bt8Z4TdgbkVvTH-cQZctf_y1Rsdf9nWnYu5_-x8ymUovmHDqskraVoagJKstWX-yyRoQBLBWUkEc9W2Nt4jYuNqBkkvtM54_TKfiXoVkaWiD7rizOkxgjoRcWRFlOwCrrmIOAgq6csoibML8OLiYLwODENcLENX0GqYB4v0V-Vxh-on6r7odyr-CSG-HHQJyf4qMU46jlV_QOP048RugS2fRJ5ToqAgFxDaok38bj3M4zxEdXTpIcQ&sai=AMfl-YQfPfJUCDVYfiPaeSKUfYcaoMAdy50DRlhbaeXpxbl7vAFsu4ueHpKPDH4rLmPRdw08E6bUithnb2QQkq-nzTd8Dzw9p80BLozP6VfO&sig=Cg0ArKJSzLhvkLp45KjZEAE&urlfix=1&adurl=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

timing-allow-origin
*
date
Wed, 25 Mar 2020 18:41:00 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame BAE7
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssbIpirn4vePSZ3am9UdNkyEoClBbllelyXgowivcZ0XP-wjh5Fiw3khK0p1MKIYmpX0wo1gCECRDPVekc8Lliswhcs2hUv1wahyS-o9_GGgOODWnZNwMc72cI0asLDoThBWvOwoLceVKoRHn7bhUc7iEro2xsEPQ7C_mOjBfMj0rQ6bWfJ61Fdmrfvlknj56vqk-hmmRGIgFtlJvQDo0EQ2ASruIiA1U2qVCKwzUeFrP9Z8zkF65bbWuaOJ_116Cv-tGZP8TnnG7VRKgvKduKJIDiM&sai=AMfl-YR4XrUqqHhojilyyU_TTqmY_dTATcchrHV_BVGLJD1KnS8pIAzN_vQDwfEJ5lyywVIUsvwx1KJmI52w3iGTtheBBMVUTlUSh9uUW8-x&sig=Cg0ArKJSzOOgnvQD1qngEAE&urlfix=1&adurl=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

timing-allow-origin
*
date
Wed, 25 Mar 2020 18:41:01 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:01 GMT
truncated
/ Frame 6447
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e3c8a651cd65a7e694a40402984b2ce0616cffdf05caaf28647c6f8d64af0ba

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
cygnus
as-sec.casalemedia.com/ Frame 4854
24 B
1 KB
XHR
General
Full URL
https://as-sec.casalemedia.com/cygnus?s=435870&v=8.1&r=%7B%22id%22%3A%2251bc5427b2cae4%22%2C%22imp%22%3A%5B%7B%22id%22%3A%226cf80ecd1e0a9c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.6%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%2C%7B%22id%22%3A%227defe741577615%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.6%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&nf=1&
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-51.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7392e80d684fccdd3169a810b6a261216f38474c9bff6c58f65103ee325f4082

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:01 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
44
Expires
Wed, 25 Mar 2020 18:41:01 GMT
avjp
teachingaids-d.openx.net/v/1.0/ Frame 4854
92 B
295 B
XHR
General
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=b86a6691-cc36-48ba-8947-291bc3d608b4&nocache=1585161661024&gdpr_consent=&gdpr=1&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&skip=1&auid=540882778&vwd=320&vht=180&
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:01 GMT
via
1.1 google
server
OXGW/16.182.1
status
200
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
92
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
prebid-server.rubiconproject.com/openrtb2/ Frame 4854
140 B
361 B
XHR
General
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.0.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-0-61.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
43842fb2f8d9c078ff0f59c748beeed6101568de6527330cffac3f7055524bce

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
status
200
content-type
application/json
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
148
expires
0
translator
hbopenbid.pubmatic.com/ Frame 4854
0
59 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Wed, 25 Mar 2020 18:41:01 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://threatpost.com
prebid
ib.adnxs.com/ut/v3/ Frame 4854
144 B
837 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
c8fe5180d034b77448d84fa4d5f3d2e36a94aa899b54cdf21ccb9d8228d8d82c
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:03 GMT
X-Proxy-Origin
194.187.251.52; 194.187.251.52; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.46:80
AN-X-Request-Uuid
7641e035-81b3-4826-9f3f-b3a0b87960bd
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
openrtb
ads.adaptv.advertising.com/rtb/ Frame 4854
0
215 B
XHR
General
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.54.253 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-54-253.eu-central-1.compute.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://threatpost.com
Access-Control-Allow-Credentials
true
Server
adaptv/1.0
Connection
keep-alive
Content-Length
0
Content-Type
application/json
view
securepubads.g.doubleclick.net/pcs/ Frame F014
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstqVmt1_NF0zfoSXpQ8SS8CMjUrDmQebbpq1VEculrGAiZ9ht_MD2mrPLyjHMpQOFMnM2CxoMOIfWfFxfiiFfXDqEW8ojUtoDo_uJ6RaeOBlSdvPVQgJSdc3Rgnmxbb2yPPU_nCmTImXBTQ7PBtGjKMBjPbhhK7CYkRinFckuNsledyyqA7GTXb3XtrEGwf4xwKraqZ-Et3Cgccl3nuskPN15y3leRbY28uT9TzkU0l6wNP5F0Ia3oxl2ESvnCObLilyVrclbx81bq50D_33iDIQEtQ&sai=AMfl-YQu4zGanKC5-EWMj1rPWWaXth_ei_VNMxDAqgwn-76tQvYwGggl4eoOO7Agyb80PQNcrTF71PpFFZ6o7POgmVhSJEaQvI75utEjrTa-&sig=Cg0ArKJSzCnvvaXYKBbQEAE&urlfix=1&adurl=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

timing-allow-origin
*
date
Wed, 25 Mar 2020 18:41:01 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
truncated
/ Frame BAE7
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8b5bbc2b60e09019ce08162810338e87f4dbd768eb201ea3bf7d85f807b3006c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
integrator.js
adservice.google.de/adsid/ Frame 6447
109 B
171 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 6447
109 B
171 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200319/r20190131/ Frame 6447
224 KB
84 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200319/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1fea51227a0d0a882dcf26ad5791bdf3bbb79958e076630e86427a8266300a2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
85515
x-xss-protection
0
server
cafe
etag
13950792502640807200
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 25 Mar 2020 18:41:01 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200319/r20190131/ Frame B3E4
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20200319/r20190131/zrt_lookup.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20200319/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnt1-PSEJhODpB1oI5vBf6S0GqpVFr0_inQjSaVUMKdQQC3tPvwzMjiHA0f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Sat, 21 Mar 2020 14:49:24 GMT
expires
Sat, 04 Apr 2020 14:49:24 GMT
content-type
text/html; charset=UTF-8
etag
17714563530871986051
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4497
x-xss-protection
0
cache-control
public, max-age=1209600
age
359497
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame 7E52
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
662
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Wed, 25 Mar 2020 18:29:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 25 Mar 2021 18:29:59 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003101714470/ Frame 7E52
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
18605
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55811
x-xss-protection
0
server
sffe
date
Wed, 25 Mar 2020 13:30:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"789295de90cb321e"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 25 Mar 2021 13:30:56 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012003101714470/v0/ Frame 7E52
92 KB
28 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003101714470/v0/amp-analytics-0.1.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e17e03dc3ff1767a8d185975a2bf392068a0b2f2848503c38ceaa3f10fb0ea84
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
18602
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28328
x-xss-protection
0
server
sffe
date
Wed, 25 Mar 2020 13:30:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f4788313c10056ed"
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 25 Mar 2021 13:30:59 GMT
7464639028652035684
tpc.googlesyndication.com/simgad/ Frame 7E52
330 B
478 B
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/7464639028652035684
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f19e7ee6cdf20bd478c037707c447b7cd469051de4dadeac32a795efb463c2e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 06 Mar 2020 09:43:39 GMT
x-content-type-options
nosniff
age
1673842
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
330
x-xss-protection
0
last-modified
Tue, 28 Jan 2020 23:02:00 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 06 Mar 2021 09:43:39 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 7E52
0
57 B
Image
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsssihNZ0PFoadY8sWs2GUQXl-6a7DMTrkdqt6K2FvT9HG95XSIFhpRLsRl_ZM97Qiyk0m2dALfmA7B0qVAZki4VnLMclszP-FndpOIz4bOUXRmPINJY7pjWdg6zevja4vBh3e9GS9ziBFfPMHCu1J0TTUVYaJIY9CAeHlYntZ19huVSAvTSrxUV6ygQdXuN29LtTo2iwof3Wvi3-PvAaQ8E1KYSHwS0MEwUit39fvLM6iPrsVmeinbPhggtwUHzB2Cue09pXEsB8N4G5nvC6Q&sai=AMfl-YSc_2LQ07azjzKqKM2esxYJfBjx0dwGMll7sQEBglSTrti6uiiPqGNcTPg4HHhkxyI4wAlUsQRUdzpDiKmzJd09V3ARcE_fBymwRkTJ&sig=Cg0ArKJSzLZeLQcb0DaPEAE&adurl=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s14-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
truncated
/ Frame 7E52
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f02afeb5b738e5795e3e631cb9463385dab46478566f33f898f1061edc28b91f

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
integrator.js
adservice.google.de/adsid/ Frame BAE7
109 B
171 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame BAE7
109 B
171 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200319/r20190131/ Frame BAE7
224 KB
84 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200319/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1fea51227a0d0a882dcf26ad5791bdf3bbb79958e076630e86427a8266300a2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
85515
x-xss-protection
0
server
cafe
etag
13950792502640807200
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 25 Mar 2020 18:41:01 GMT
truncated
/ Frame F014
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
31e953c96e86f74cd589b460ea07444a682888e98aa34593761206686ed42456

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
integrator.js
adservice.google.de/adsid/ Frame F014
109 B
171 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame F014
109 B
171 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200319/r20190131/ Frame F014
224 KB
84 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200319/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1fea51227a0d0a882dcf26ad5791bdf3bbb79958e076630e86427a8266300a2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
85515
x-xss-protection
0
server
cafe
etag
13950792502640807200
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 25 Mar 2020 18:41:01 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame C5F7
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7500593236707325&output=html&h=90&slotname=7759284332&adk=4262696766&adf=3173046725&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ea=0&flash=0&wgl=1&adsid=NT&dt=1585161661085&bpp=22&bdt=184&fdt=152&idt=153&shv=r20200319&cbv=r20190131&ptt=9&saldr=aa&correlator=7763239248100&frm=23&ife=4&pv=2&ga_vid=2110905385.1585161660&ga_sid=1585161661&ga_hid=1859437683&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=429&ady=10&biw=1585&bih=1200&isw=728&ish=90&ifk=1127880121&scr_x=0&scr_y=0&oid=3&pvsid=2322980237652856&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.88d65erqbtp9&fsb=1&dtd=164
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200319/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-7500593236707325&output=html&h=90&slotname=7759284332&adk=4262696766&adf=3173046725&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ea=0&flash=0&wgl=1&adsid=NT&dt=1585161661085&bpp=22&bdt=184&fdt=152&idt=153&shv=r20200319&cbv=r20190131&ptt=9&saldr=aa&correlator=7763239248100&frm=23&ife=4&pv=2&ga_vid=2110905385.1585161660&ga_sid=1585161661&ga_hid=1859437683&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=429&ady=10&biw=1585&bih=1200&isw=728&ish=90&ifk=1127880121&scr_x=0&scr_y=0&oid=3&pvsid=2322980237652856&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.88d65erqbtp9&fsb=1&dtd=164
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnt1-PSEJhODpB1oI5vBf6S0GqpVFr0_inQjSaVUMKdQQC3tPvwzMjiHA0f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 25 Mar 2020 18:41:01 GMT
server
cafe
content-length
18732
x-xss-protection
0
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
osd.js
www.googletagservices.com/activeview/js/current/ Frame 6447
74 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
351e508c1da4f9d1535747086accb41121466a52044aa868eba4a36009fdb101
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1584962844677376"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
27941
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:01 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 6957
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7500593236707325&output=html&h=280&slotname=7077012612&adk=2662501839&adf=3173046724&w=336&psa=0&guci=1.2.0.0.2.2.0.0&format=336x280&url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ea=0&flash=0&wgl=1&adsid=NT&dt=1585161661151&bpp=4&bdt=240&fdt=160&idt=160&shv=r20200319&cbv=r20190131&ptt=9&saldr=aa&correlator=7763239248100&frm=23&ife=4&pv=1&ga_vid=2110905385.1585161660&ga_sid=1585161661&ga_hid=792988457&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1057&ady=257&biw=1585&bih=1200&isw=336&ish=280&ifk=1520156743&scr_x=0&scr_y=0&oid=3&pvsid=3245535912936893&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.1ct7fzm7birb&fsb=1&dtd=164
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200319/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-7500593236707325&output=html&h=280&slotname=7077012612&adk=2662501839&adf=3173046724&w=336&psa=0&guci=1.2.0.0.2.2.0.0&format=336x280&url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ea=0&flash=0&wgl=1&adsid=NT&dt=1585161661151&bpp=4&bdt=240&fdt=160&idt=160&shv=r20200319&cbv=r20190131&ptt=9&saldr=aa&correlator=7763239248100&frm=23&ife=4&pv=1&ga_vid=2110905385.1585161660&ga_sid=1585161661&ga_hid=792988457&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1057&ady=257&biw=1585&bih=1200&isw=336&ish=280&ifk=1520156743&scr_x=0&scr_y=0&oid=3&pvsid=3245535912936893&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.1ct7fzm7birb&fsb=1&dtd=164
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnt1-PSEJhODpB1oI5vBf6S0GqpVFr0_inQjSaVUMKdQQC3tPvwzMjiHA0f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 25 Mar 2020 18:41:01 GMT
server
cafe
content-length
21263
x-xss-protection
0
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
osd.js
www.googletagservices.com/activeview/js/current/ Frame BAE7
74 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
351e508c1da4f9d1535747086accb41121466a52044aa868eba4a36009fdb101
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1584962844677376"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
27941
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:01 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 4ADF
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7500593236707325&output=html&h=250&slotname=2376748102&adk=2477513961&adf=3173046723&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ea=0&flash=0&wgl=1&adsid=NT&dt=1585161661194&bpp=4&bdt=276&fdt=135&idt=135&shv=r20200319&cbv=r20190131&ptt=9&saldr=aa&correlator=7763239248100&frm=23&ife=4&pv=1&ga_vid=2110905385.1585161660&ga_sid=1585161661&ga_hid=1680912526&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1075&ady=1562&biw=1585&bih=1200&isw=300&ish=250&ifk=4033026528&scr_x=0&scr_y=0&oid=3&pvsid=4483954338265324&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.dju8gnhdqwya&btvi=1&fsb=1&dtd=139
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200319/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-7500593236707325&output=html&h=250&slotname=2376748102&adk=2477513961&adf=3173046723&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ea=0&flash=0&wgl=1&adsid=NT&dt=1585161661194&bpp=4&bdt=276&fdt=135&idt=135&shv=r20200319&cbv=r20190131&ptt=9&saldr=aa&correlator=7763239248100&frm=23&ife=4&pv=1&ga_vid=2110905385.1585161660&ga_sid=1585161661&ga_hid=1680912526&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1075&ady=1562&biw=1585&bih=1200&isw=300&ish=250&ifk=4033026528&scr_x=0&scr_y=0&oid=3&pvsid=4483954338265324&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.dju8gnhdqwya&btvi=1&fsb=1&dtd=139
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnt1-PSEJhODpB1oI5vBf6S0GqpVFr0_inQjSaVUMKdQQC3tPvwzMjiHA0f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 25 Mar 2020 18:41:01 GMT
server
cafe
content-length
205
x-xss-protection
0
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
osd.js
www.googletagservices.com/activeview/js/current/ Frame F014
74 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
351e508c1da4f9d1535747086accb41121466a52044aa868eba4a36009fdb101
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1584962844677376"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
27941
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:01 GMT
7464639028652035684
tpc.googlesyndication.com/simgad/ Frame 7E52
330 B
391 B
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/7464639028652035684
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f19e7ee6cdf20bd478c037707c447b7cd469051de4dadeac32a795efb463c2e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 06 Mar 2020 09:43:39 GMT
x-content-type-options
nosniff
age
1673842
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
330
x-xss-protection
0
last-modified
Tue, 28 Jan 2020 23:02:00 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 06 Mar 2021 09:43:39 GMT
w_640_001.ts
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/ Frame 4854
303 KB
303 KB
XHR
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/w_640_001.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
d248bb41224321fbec6777da358bce1ab63d997af40ccfba8f8bb68855d70e50

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:41 GMT
Server
Tengine
ETag
"5e7062d9-4bc74"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Wed, 01 Apr 2020 18:40:23 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
310388
X-Proxy-Cache
HIT
liveView.php
live.sekindo.com/live/ Frame 6DE7
0
379 B
Image
General
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=16&serverTime=1585161660&s=0&sta=12348808&x=320&y=180&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&isApp=0&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5e7ba5bbcad89&contentFileId=704253&mediaPlayListId=5946&playerVer=3.0.0&contentMatchType=&isExcludeFromOpt=0&cbuster=1585161661412&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0&ccpa=0&ccpaConsent=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:01 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
w_640_002.ts
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/ Frame 4854
328 KB
328 KB
XHR
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/w_640_002.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
8f5aab2ec77ed44c628caf30bf731cba5d7e1fa8b067131e091c8fe9af55947f

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:41 GMT
Server
Tengine
ETag
"5e7062d9-51f98"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Wed, 01 Apr 2020 18:40:23 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
335768
X-Proxy-Cache
HIT
w_640_003.ts
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/ Frame 4854
310 KB
310 KB
XHR
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/w_640_003.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
9ce62bc31fb8f8f6b76022662abe81fb995e95f719df0e22a6fa864538291c2c

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:42 GMT
Server
Tengine
ETag
"5e7062da-4d628"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Wed, 01 Apr 2020 18:40:23 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
316968
X-Proxy-Cache
HIT
w_640_004.ts
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/ Frame 4854
323 KB
324 KB
XHR
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/w_640_004.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
3eb7a5ddfbc1e1606b7ebe2736d0ebd2ac9177936ddc25537369f74f50e57c4a

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:42 GMT
Server
Tengine
ETag
"5e7062da-50c80"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Wed, 01 Apr 2020 18:40:23 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
330880
X-Proxy-Cache
HIT
w_640_005.ts
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/ Frame 4854
317 KB
318 KB
XHR
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/w_640_005.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
46ac0ab0236a9dd822fc73f2c3eb9c4ff0d42f88d0b2026c735d6430d5b9354e

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:40:23 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:42 GMT
Server
Tengine
ETag
"5e7062da-4f5bc"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Wed, 01 Apr 2020 18:40:23 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
325052
X-Proxy-Cache
HIT
sodar
pagead2.googlesyndication.com/getconfig/ Frame F014
7 KB
5 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200319&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200319/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
faf000460e51b498af07f3982b4d1bafd510ce2a79fc180b52e7b9fb1d6e9f7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5155
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame F014
14 KB
5 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5456
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:01 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame B123
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Wed, 25 Mar 2020 18:21:07 GMT
expires
Thu, 25 Mar 2021 18:21:07 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1194
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
gen_204
pagead2.googlesyndication.com/pagead/ Frame F014
0
58 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200319&jk=4483954338265324&bg=!l5SllIxYVsCpf3ysQUQCAAAAR1IAAAANmQFgnH0TxsuHK5vdXu_525tXkHXeMf95yoTZfD4Y-1fZuOaFPpNt-Lt5nYLrHrRU1tSlTtvPIm2X6IeBckVvNj_0fOcRFW1zYu3thAC38X57_wnUQOu1oawEf1Ju-BcRqy8qQDcJvJ58Cy7EM6dssDtufQqQB97AujVsxGliuOUrQevebZfUqrRnVWoZe0um2lxASzbcssyeOx82mXag27yBChghGCbqFQJH2cUSCkIVp8Rr3vX-gIEjdSKVK1eQmjdX9ZA58xn2mQXnEcFXVslNrDtn6cDksXH16lDaKt5TJw_FZPWkD71vl_sp8VVb9a7doAFUcUNAHLS5rM4DRqADqlqWawoNTTdl4kmOgrhA7gVIWVXUfTLD8zmSYozJ2jo3r7CRhMpbs63CyJ7Ko9irSP1UywD_ZTFGV7XmAQY97Yjz3TaGAVeI3qtnMPrvlPJoeBW7BEyQSu9H9r6Wn40WAg
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:01 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame F3B8
0
0
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.15.54 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-15-54.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
rsid=1|AIfsdBUO++vuGxiryvY+NyL0uYVhZ/St03A+TpDyVQ1yr4T5MwT6QMScCrOK5+LIKUjy2mCqC2K2RBmUMyiRFxj1oVYGhl0PykR7JZiIexk6pm/GC88NaPeTSs/Z; ses15=; vis15=300372^1; khaos=K87OBOMK-8-POT; audit=1|hLZGFuTafB3czTyVeU9/xm2GJI/YgkPnBrtHFCl8pkbvcKk2NzjqD0D3pCcW8TpHcpj76PKZXj8oT2OqK/B16qwRNgFmLHdP
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified
Wed, 04 Mar 2020 22:48:14 GMT
Content-Encoding
gzip
Content-Length
7619
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=43811
Expires
Thu, 26 Mar 2020 06:51:13 GMT
Date
Wed, 25 Mar 2020 18:41:02 GMT
Connection
keep-alive
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 4969
0
0
Document
General
Full URL
https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash

Request headers

:method
GET
:authority
u.openx.net
:scheme
https
:path
/w/1.0/pd?gdpr=1&gdpr_consent=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=256ade5c-0e2c-0d56-18ca-89cfad5de8c3|1585161659
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=256ade5c-0e2c-0d56-18ca-89cfad5de8c3|1585161659; Version=1; Expires=Thu, 25-Mar-2021 18:41:02 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1585161662|mOgikimWiygu; Version=1; Expires=Thu, 09-Apr-2020 18:41:02 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.182.1
p3p
CP="CUR ADM OUR NOR STA NID"
date
Wed, 25 Mar 2020 18:41:02 GMT
content-type
text/html
content-length
374
content-encoding
gzip
via
1.1 google
alt-svc
clear
%7Bcombo_uid%7D
pr-bh.ybp.yahoo.com/sync/adaptv_ortb/ Frame 4854
43 B
793 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/adaptv_ortb/%7Bcombo_uid%7D
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Wed, 25 Mar 2020 18:41:02 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
x-content-type-options
nosniff
content-length
43
x-xss-protection
1; mode=block
expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
sync.adap.tv/ Frame 4854
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D&_test=XnulvgAAAFkcBH97
  • https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XnulvgAAAFkcBH97&_test=XnulvgAAAFkcBH97
0
0

sync
ups.analytics.yahoo.com/ups/57304/ Frame 4854
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEPhEHV4b1BRaScVMnT_0U0A&google_cver=1
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEPhEHV4b1BRaScVMnT_0U0A&google_cver=1&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
0
977 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEPhEHV4b1BRaScVMnT_0U0A&google_cver=1&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.106 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:41:02 GMT
Server
ATS/7.1.2.106
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status
302
date
Wed, 25 Mar 2020 18:41:02 GMT
strict-transport-security
max-age=31536000
content-length
0
location
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEPhEHV4b1BRaScVMnT_0U0A&google_cver=1&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
ups.analytics.yahoo.com/ups/55953/ Frame 4854
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://pixel.advertising.com/ups/55953/sync?uid=e695dc7a-acb0-413c-8569-e9a7f2c0b499&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=e695dc7a-acb0-413c-8569-e9a7f2c0b499
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=e695dc7a-acb0-413c-8569-e9a7f2c0b499&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=e695dc7a-acb0-413c-8569-e9a7f2c0b499&apid=1A2bfe3550-6ec8-11ea...
0
977 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/55953/sync?uid=e695dc7a-acb0-413c-8569-e9a7f2c0b499&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=e695dc7a-acb0-413c-8569-e9a7f2c0b499&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.106 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:41:02 GMT
Server
ATS/7.1.2.106
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status
302
date
Wed, 25 Mar 2020 18:41:02 GMT
strict-transport-security
max-age=31536000
content-length
0
location
https://ups.analytics.yahoo.com/ups/55953/sync?uid=e695dc7a-acb0-413c-8569-e9a7f2c0b499&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=e695dc7a-acb0-413c-8569-e9a7f2c0b499&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
activeview
pagead2.googlesyndication.com/pcs/ Frame 6447
42 B
115 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsurvACZRpd9rCtSRWobSWOqcRtvJb0uzQBronUD9R_tu6iDKdgYoZxHXaDgrifO2L05vDh7Oa2WSmqdBLMErF96fFWkNrHZVsiO-Rsk_F0&sig=Cg0ArKJSzC3vEpcKHdQpEAE&adk=1015519800&tt=-1&bs=1585%2C1200&mtos=1021,1021,1021,1021,1021&tos=1021,0,0,0,0&p=10,429,100,1157&mcvt=1021&rs=0&ht=0&tfs=334&tls=1355&mc=1&lte=0&bas=0&bac=0&met=ie&avms=nio&exg=1&md=2&btr=0&lm=2&rst=1585161660908&dlt&rpt=313&isd=0&msd=0&ext&xdi=0&ps=1585%2C4855&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-13-6-12-12-0-0-0&tvt=1351&is=728%2C90&iframe_loc=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&r=v&id=osdim&vs=4&uc=13&upc=0&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200323
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:02 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame BAE7
42 B
110 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuH2JPH9DbZUwpFykxZqL8PopHXx2Y-97SNlX3f1vjCyV4crIi8zYlp-T8Hflo4RgbY8dy_X9SeyjoMzf8Z7iS6pa3AjJc30ogeI6kzSE0&sig=Cg0ArKJSzP1FYzkCZqeQEAE&adk=654286612&tt=-1&bs=1585%2C1200&mtos=1022,1022,1022,1022,1022&tos=1022,0,0,0,0&p=257,1057,537,1393&mcvt=1022&rs=0&ht=0&tfs=274&tls=1296&mc=1&lte=0&bas=0&bac=0&met=ie&avms=nio&exg=1&md=2&btr=0&lm=2&rst=1585161660915&dlt&rpt=311&isd=0&msd=0&ext&xdi=0&ps=1585%2C4855&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-13-4-12-12-0-0-0&tvt=1293&is=336%2C280&iframe_loc=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&r=v&id=osdim&vs=4&uc=13&upc=0&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200323
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:02 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 7E52
42 B
110 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuBA6Fv8PTnzt_Peon_uGDpuERAA11hsWzz0T8stEyMiV9iMRMY2J6S9zKIouO2AokpINQJ2iWhbw2aTWTUSgXzKYtNsHXkkE2NgUutr0w&sig=Cg0ArKJSzOZ4Z9V08-uvEAE&id=ampim&o=0,0&d=2,2&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=106&tls=1107&g=100&h=100&tt=1107&r=v&adk=3385906655&avms=ampa
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:02 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
liveView.php
live.sekindo.com/live/ Frame 6DE7
0
379 B
Image
General
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=36&serverTime=1585161660&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&isApp=0&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5e7ba5bbcad89&contentFileId=0&mediaPlayListId=0&cbuster=1585161662742&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0&ccpa=0&ccpaConsent=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:02 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame AEDB
0
0
Document
General
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
icu=ChgIzLJhEAoYASABKAEwvcvu8wU4AUABSAEQvcvu8wUYAA..; uuid2=6783984584399014428
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

Server
nginx/1.9.13
Content-Type
text/html
Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
W/"573e714d-3e3"
Expires
Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control
max-age=31536000
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish 1.1 varnish
Content-Length
506
Accept-Ranges
bytes
Date
Wed, 25 Mar 2020 18:41:03 GMT
Age
20077148
Connection
keep-alive
X-Served-By
cache-jfk8123-JFK, cache-hhn4058-HHN
X-Cache
HIT, HIT
X-Cache-Hits
1276778, 4296432
X-Timer
S1585161664.562813,VS0,VE0
Vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame BB1D
0
0
Document
General
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.15.54 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-15-54.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
rsid=1|AIfsdBUO++vuGxiryvY+NyL0uYVhZ/St03A+TpDyVQ1yr4T5MwT6QMScCrOK5+LIKUjy2mCqC2K2RBmUMyiRFxj1oVYGhl0PykR7JZiIexk6pm/GC88NaPeTSs/Z; ses15=; vis15=300372^1; khaos=K87OBOMK-8-POT; audit=1|hLZGFuTafB3czTyVeU9/xm2GJI/YgkPnBrtHFCl8pkbvcKk2NzjqD0D3pCcW8TpHcpj76PKZXj8oT2OqK/B16qwRNgFmLHdP; pux=1512%3D89683%262231%3D89683%262249%3D89683%262307%3D89683%262974%3D89683%263778%3D89683%26brx%3D89683%26goog%3D89683%26
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified
Wed, 04 Mar 2020 22:48:14 GMT
Content-Encoding
gzip
Content-Length
7619
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=43810
Expires
Thu, 26 Mar 2020 06:51:13 GMT
Date
Wed, 25 Mar 2020 18:41:03 GMT
Connection
keep-alive
Vary
Accept-Encoding
Cookie set beacon
ap.lijit.com/ Frame FC70
0
0
Document
General
Full URL
https://ap.lijit.com/beacon?informer=13394437
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Host
ap.lijit.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D; ljt_reader=490ec71add7625a3f00d50f7
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

Server
nginx
Date
Wed, 25 Mar 2020 18:41:03 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Application-Context
application:prod:9080
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie
ljtrtbexp=eJxlkDkOgDAMBP%2BSmsJnYvM1xN%2BRoMpQjqNZr3MNHadmTV9q049hO865s%2B%2B4YKcIJiowEKhY2N3rNyk4yCjsKGQWWleAE4x8g2%2Ffe1qUvIzGDj%2FQJ5AXjV%2BEn7xf9kb3AwXQWQU%3D;Path=/;Domain=.lijit.com;Expires=Thu, 25-Mar-2021 18:41:03 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=490ec71add7625a3f00d50f7;Path=/;Domain=.lijit.com;Expires=Thu, 25-Mar-2021 18:41:03 GMT;Max-Age=31536000;Secure;SameSite=None ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Thu, 25-Mar-2021 18:41:03 GMT;Max-Age=31536000;Secure;SameSite=None
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
Content-Encoding
gzip
X-Sovrn-Pod
ad_ap5ams1
pd
eu-u.openx.net/w/1.0/ Frame DC3C
0
0
Document
General
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=256ade5c-0e2c-0d56-18ca-89cfad5de8c3|1585161659; pd=v2|1585161662|mOgikimWiygu
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=256ade5c-0e2c-0d56-18ca-89cfad5de8c3|1585161659; Version=1; Expires=Thu, 25-Mar-2021 18:41:03 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1585161662.1|kimWiymOgugi.fcgqsLomgen0; Version=1; Expires=Thu, 09-Apr-2020 18:41:03 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.182.1
p3p
CP="CUR ADM OUR NOR STA NID"
date
Wed, 25 Mar 2020 18:41:03 GMT
content-type
text/html
content-length
354
content-encoding
gzip
via
1.1 google
alt-svc
clear
showad.js
ads.pubmatic.com/AdServer/js/ Frame C921
0
0
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.184.244 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-184-244.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
KTPCACOOKIE=YES; KADUSERCOOKIE=540E3D3E-1F9F-4F64-8C9D-DA5C4C3F5031
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

Last-Modified
Tue, 04 Feb 2020 05:12:07 GMT
ETag
"13006b6-9f85-59db914d12ccf"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
14955
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=89532
Expires
Thu, 26 Mar 2020 19:33:16 GMT
Date
Wed, 25 Mar 2020 18:41:04 GMT
Connection
keep-alive
Vary
Accept-Encoding
2000891.html
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame A3F4
Redirect Chain
  • https://sync.serverbid.com/ss/2000891.html
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
0
0
Document
General
Full URL
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

Host
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

Date
Wed, 25 Mar 2020 18:41:05 GMT
Connection
Keep-Alive
Accept-Ranges
bytes
Cache-Control
max-age=7383
Content-Length
4947
Content-Type
text/html
Last-Modified
Wed, 20 Nov 2019 20:29:05 GMT
ETag
"1b0ebac83fe30af80513039edbdf566f"
x-amz-request-id
tx00000000000002887f15a-005e7a7118-340a38f-nyc3a
Strict-Transport-Security
max-age=15552000; includeSubDomains; preload
Vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW
1585161665.dop042.pa1.t,1585161665.cds001.pa1.shn,1585161665.dop042.pa1.t,1585161665.cds030.pa1.c

Redirect headers

status
302
content-length
0
location
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
cache-control
no-cache
generic
match.adsrvr.org/track/cmf/
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=1&gdpr_consent=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.114.209 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-114-209.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:03 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status
200
cache-control
private,no-cache, must-revalidate
content-type
image/gif
content-length
70
sync
ups.analytics.yahoo.com/ups/56465/
Redirect Chain
  • https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
  • https://pr-bh.ybp.yahoo.com/sync/adtech/1A2bfe3550-6ec8-11ea-9b48-12359aeea65a?gdpr=1&gdpr_consent=
  • https://pixel.advertising.com/ups/56465/sync?uid=y-c.J.L811lxk_rTgJf9MnmP_0AUOIVgwwO3gM&_origin=0&nsync=0
  • https://ups.analytics.yahoo.com/ups/56465/sync?uid=y-c.J.L811lxk_rTgJf9MnmP_0AUOIVgwwO3gM&_origin=0&nsync=0&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
0
1 KB
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/56465/sync?uid=y-c.J.L811lxk_rTgJf9MnmP_0AUOIVgwwO3gM&_origin=0&nsync=0&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.106 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:41:03 GMT
Server
ATS/7.1.2.106
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status
302
date
Wed, 25 Mar 2020 18:41:03 GMT
strict-transport-security
max-age=31536000
content-length
0
location
https://ups.analytics.yahoo.com/ups/56465/sync?uid=y-c.J.L811lxk_rTgJf9MnmP_0AUOIVgwwO3gM&_origin=0&nsync=0&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
ups.analytics.yahoo.com/ups/55965/
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent=
  • https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=gnVEjdYlEYuaIhCO0yle19FyQ96aJUrX0nHxRq1I
  • https://ups.analytics.yahoo.com/ups/55965/sync?_origin=0&gdpr=1&uid=gnVEjdYlEYuaIhCO0yle19FyQ96aJUrX0nHxRq1I&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
0
1 KB
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/55965/sync?_origin=0&gdpr=1&uid=gnVEjdYlEYuaIhCO0yle19FyQ96aJUrX0nHxRq1I&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.106 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:41:03 GMT
Server
ATS/7.1.2.106
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status
302
date
Wed, 25 Mar 2020 18:41:03 GMT
strict-transport-security
max-age=31536000
content-length
0
location
https://ups.analytics.yahoo.com/ups/55965/sync?_origin=0&gdpr=1&uid=gnVEjdYlEYuaIhCO0yle19FyQ96aJUrX0nHxRq1I&apid=1A2bfe3550-6ec8-11ea-9b48-12359aeea65a
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sodar
pagead2.googlesyndication.com/getconfig/ Frame 6447
7 KB
5 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200319&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200319/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c1ad472734d22921af52f3a8f2e7baac54c6d55ca18a5a6b26545cf2326b5a9d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 25 Mar 2020 18:41:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5183
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 6447
14 KB
5 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5456
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:04 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 9A02
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Wed, 25 Mar 2020 18:21:07 GMT
expires
Thu, 25 Mar 2021 18:21:07 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1197
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6447
0
58 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200319&jk=2322980237652856&bg=!kpGlkYlY-2TI3o-w3PwCAAAAT1IAAAANmQFg3lAk3LzNok3cQMAngY-4jbtPqUmxx17qnvWEHbC9BFF3BpufNR7gj3LfLEIuWBhyE9XpbhkuN8KEUhOHkmPuNghhwKHnyq8kuoW11rpDQNB1NYaySg242qKDWTDENzbN8Z2UNSNjTGF9E85PYDKcFGHE_dXMSl2cW5ZloaEPDKnSSuZOIz3Q-gsPNgwo5f_HEVqyNnMU19ocjmOcBg19kcAc5eQ5mcVxdwNh7X8CTOGMzCWFWXIoso6zHgKR-yciwWf9YMCkM_igPDDdtWUK685VyNYDGo9BFcv00fzWS5dwVS2Wsmuh10ngAF1MpRliXJ2DUygMBdMYjromyOUNLwWNcZ7G7cwTUJiOIHA4uzcZCHn85w94VuotOKftq0EVkluG-JhZOPm6sZR0aljYidK-3dCb-d0vBF7f3f0kdZjrbUP15MHQV4Y_UtARgRlRDAtP1UUpyxfp6wZYOa89ig
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:05 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
liveView.php
live.sekindo.com/live/ Frame 6DE7
0
379 B
Image
General
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1585161660&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&isApp=0&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5e7ba5bbcad89&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1585161665734&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0&ccpa=0&ccpaConsent=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:05 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
w_640_006.ts
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/ Frame 4854
303 KB
303 KB
XHR
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/w_640_006.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
24de45d70d956e08fee564550775d0698da4fd94d7a1f307383e9192a21fc192

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:40:30 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:43 GMT
Server
Tengine
ETag
"5e7062db-4bbb8"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Wed, 01 Apr 2020 18:40:30 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
310200
X-Proxy-Cache
HIT
sodar
pagead2.googlesyndication.com/getconfig/ Frame BAE7
7 KB
5 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200319&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200319/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
24b9fb1614d1b9cd7247ae2eaeef6051c0f5701a97a8a63cb2db2e870fb3eab2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 25 Mar 2020 18:41:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5213
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame BAE7
14 KB
5 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Wed, 25 Mar 2020 18:41:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5456
x-xss-protection
0
expires
Wed, 25 Mar 2020 18:41:09 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame FC92
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Wed, 25 Mar 2020 18:21:07 GMT
expires
Thu, 25 Mar 2021 18:21:07 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1202
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
gen_204
pagead2.googlesyndication.com/pagead/ Frame BAE7
0
58 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200319&jk=3245535912936893&bg=!0tGl0clYWOjKQsyR7uQCAAAATFIAAAAOmQFgtdzMGsWZpy6zk7k6CfovFgiMq8VE-yuhC_qzSWBJqTHlipKLUUmbqBGyvCXW8gA3LLVeYsIdI95pvbcqkDPkUlQKbL1xPYlhecGx-wyzcrDgl-fKIS9nFA17238e8sHCXZm4eJKx4CtjAcPpf2WFFFwZHrsMN8CTJRv0PXVyRDgyMwdZ91hYMyhuTZk3gy0y4BbrYaey6JjpS6X6NBcTMCiLgwvYejeGrSzAAF9mRHLydleCkJUvjSM44zN3p8ok8LPiF8Is3rA6oB2uZsBKQP72MAdNsC59cifRfZXQKPYkrcCNhutxtosPDO466AsUsjMRDy00b7cG8Aeao8dajPb4PYtIPgZlGyS7ZjhejGZjy0UQL3EGY91Air6GTpxilteor6_WC6gJ946AvxXaEPbft1DluFJV5sk1pAJsXmTwYy8UYmQ6hhHA5-rAakhoGen83x5Hg6Z4gLuyFWwWyw
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:09 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
liveView.php
live.sekindo.com/live/ Frame 6DE7
0
379 B
Image
General
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1585161660&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&isApp=0&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5e7ba5bbcad89&contentFileId=0&mediaPlayListId=0&dur=1000&cbuster=1585161670525&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0&ccpa=0&ccpaConsent=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:10 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
liveView.php
live.sekindo.com/live/ Frame 6DE7
0
379 B
Image
General
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1585161660&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&isApp=0&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5e7ba5bbcad89&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1585161670734&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0&ccpa=0&ccpaConsent=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:10 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
w_640_007.ts
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/ Frame 4854
300 KB
300 KB
XHR
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/w_640_007.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
5debe6a8009208b266ba92497a32d47494173b54856ce46dce2aa28995af1848

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:40:35 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:43 GMT
Server
Tengine
ETag
"5e7062db-4aff8"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Wed, 01 Apr 2020 18:40:35 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
307192
X-Proxy-Cache
HIT
cygnus
as-sec.casalemedia.com/ Frame 4854
25 B
987 B
XHR
General
Full URL
https://as-sec.casalemedia.com/cygnus?s=435870&v=8.1&r=%7B%22id%22%3A%22206c0d310ade94f%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22211736638820965%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.6%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&nf=1&
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-51.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3825f0ef6c27c18da8c15e44c11878fbf6b028e00e843e1d833749ef23d9dac2

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:15 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
45
Expires
Wed, 25 Mar 2020 18:41:15 GMT
translator
hbopenbid.pubmatic.com/ Frame 4854
0
59 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Wed, 25 Mar 2020 18:41:15 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://threatpost.com
prebid
ib.adnxs.com/ut/v3/ Frame 4854
144 B
838 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
7354372015d7b7e54919221955eec15ec5833a2a36afa129dea08d90abf50b35
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:17 GMT
X-Proxy-Origin
194.187.251.52; 194.187.251.52; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.187:80
AN-X-Request-Uuid
09967c9b-3af2-488b-a0b3-f6a91c084683
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
auction
prebid-server.rubiconproject.com/openrtb2/ Frame 4854
141 B
361 B
XHR
General
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.0.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-0-61.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
9a2d62f213deced23df27d40d992dea1c4b43d039515f2c16a3ef444452aa654

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:15 GMT
content-encoding
gzip
status
200
content-type
application/json
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
148
expires
0
avjp
teachingaids-d.openx.net/v/1.0/ Frame 4854
92 B
292 B
XHR
General
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=c40f4b1a-7189-43df-a077-62ede7717da5&nocache=1585161675315&gdpr_consent=&gdpr=1&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&skip=1&auid=540882779&vwd=320&vht=180&
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:15 GMT
via
1.1 google
server
OXGW/16.182.1
status
200
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
92
expires
Mon, 26 Jul 1997 05:00:00 GMT
openrtb
ads.adaptv.advertising.com/rtb/ Frame 4854
0
215 B
XHR
General
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.54.253 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-54-253.eu-central-1.compute.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://threatpost.com
Access-Control-Allow-Credentials
true
Server
adaptv/1.0
Connection
keep-alive
Content-Length
0
Content-Type
application/json
liveView.php
live.sekindo.com/live/ Frame 6DE7
0
379 B
Image
General
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1585161660&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&isApp=0&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5e7ba5bbcad89&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1585161675734&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0&ccpa=0&ccpaConsent=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:15 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
w_640_008.ts
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/ Frame 4854
300 KB
300 KB
XHR
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/w_640_008.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
f83e347d65965205cac7a0ee0394d832e6678b70f3ce0e2f5f40c9de33208cbb

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:40:41 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:43 GMT
Server
Tengine
ETag
"5e7062db-4af3c"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Wed, 01 Apr 2020 18:40:41 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
307004
X-Proxy-Cache
HIT
liveView.php
live.sekindo.com/live/ Frame 6DE7
0
379 B
Image
General
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1585161660&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&isApp=0&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5e7ba5bbcad89&contentFileId=0&mediaPlayListId=0&dur=1000&cbuster=1585161680524&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0&ccpa=0&ccpaConsent=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:20 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
liveView.php
live.sekindo.com/live/ Frame 6DE7
0
379 B
Image
General
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1585161660&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&isApp=0&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5e7ba5bbcad89&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1585161680734&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0&ccpa=0&ccpaConsent=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:20 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
w_640_009.ts
video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/ Frame 4854
300 KB
300 KB
XHR
General
Full URL
https://video.sekindo.com/uploads/cn8/video/users/hls/24485/video1523972806/vid5e70618c10176436842867.mp4/w_640_009.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.127.16.52 London, United Kingdom, ASN210329 (CLOUDWEBMANAGE-UK-1, GB),
Reverse DNS
Software
Tengine /
Resource Hash
558c6b070bc67a6a01e5e49957e7d46eff8560056a294ced3ec1f56ade8269fa

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 25 Mar 2020 18:40:47 GMT
Last-Modified
Tue, 17 Mar 2020 05:40:43 GMT
Server
Tengine
ETag
"5e7062db-4af3c"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Wed, 01 Apr 2020 18:40:47 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
307004
X-Proxy-Cache
HIT
liveView.php
live.sekindo.com/live/ Frame 6DE7
0
379 B
Image
General
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1585161660&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&isApp=0&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5e7ba5bbcad89&contentFileId=0&mediaPlayListId=0&dur=501&cbuster=1585161685748&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0&ccpa=0&ccpaConsent=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:25 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
prebid
ib.adnxs.com/ut/v3/ Frame 4854
144 B
837 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
0700ca963cd747b3218de68a6482553a2016a4a016ef44d34862900c953efba1
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:31 GMT
X-Proxy-Origin
194.187.251.52; 194.187.251.52; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.50:80
AN-X-Request-Uuid
037485b5-84b5-4c11-86df-24b74c9c0582
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
openrtb
ads.adaptv.advertising.com/rtb/ Frame 4854
0
215 B
XHR
General
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.54.253 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-54-253.eu-central-1.compute.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://threatpost.com
Access-Control-Allow-Credentials
true
Server
adaptv/1.0
Connection
keep-alive
Content-Length
0
Content-Type
application/json
translator
hbopenbid.pubmatic.com/ Frame 4854
0
59 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Wed, 25 Mar 2020 18:41:29 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://threatpost.com
cygnus
as-sec.casalemedia.com/ Frame 4854
24 B
986 B
XHR
General
Full URL
https://as-sec.casalemedia.com/cygnus?s=435870&v=8.1&r=%7B%22id%22%3A%2238d671c850b3c2%22%2C%22imp%22%3A%5B%7B%22id%22%3A%223958675a411a799%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.6%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&nf=1&
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-101-185-51.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
fa74004080332b30cfe2134ee775e15b1922adc79a455b2562df9aea89ba061b

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:29 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
44
Expires
Wed, 25 Mar 2020 18:41:29 GMT
auction
prebid-server.rubiconproject.com/openrtb2/ Frame 4854
141 B
362 B
XHR
General
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.0.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-0-61.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
a2bf27182a0beae64e7eb9da496baed4e62a1eb67ec01e306f3e41c95a5fbde0

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:29 GMT
content-encoding
gzip
status
200
content-type
application/json
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
149
expires
0
avjp
teachingaids-d.openx.net/v/1.0/ Frame 4854
92 B
292 B
XHR
General
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fapache-tomcat-exploit-stealing-files%2F154055%2F%3Fweb_view%3Dtrue&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=0e5d82aa-ab95-4e3e-8712-8e7f848c7deb&nocache=1585161689517&gdpr_consent=&gdpr=1&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&skip=1&auid=540882779&vwd=320&vht=180&
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.182.1 /
Resource Hash
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Origin
https://threatpost.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 Mar 2020 18:41:29 GMT
via
1.1 google
server
OXGW/16.182.1
status
200
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
92
expires
Mon, 26 Jul 1997 05:00:00 GMT
liveView.php
live.sekindo.com/live/ Frame 6DE7
43 B
463 B
Image
General
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=6&serverTime=1585161660&s=58057&sta=12381426&x=320&y=180&msta=12348808&vid_vastType=3&vid_viewabilityState=1&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=&playbackMethod=auto&isApp=0&userIpAddr=194.187.251.52&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5e7ba5bbcad89&rvn=${VP_RVN_MACRO}&attemptMultiplier=10&contentFileId=0&mediaPlayListId=0&playerVer=3.0.0&cbuster=1585161689489&gdpr=1&gdprConsent=&isWePassGdpr=0&gdpr2Consent=&isWePassGdpr2=0&ccpa=0&ccpaConsent=
Requested by
Host: threatpost.com
URL: https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.15
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer
https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Wed, 25 Mar 2020 18:41:29 GMT
Server
nginx
Age
0
X-Powered-By
PHP/7.3.15
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Content-Disposition
inline; filename="pixel.gif"
Content-Type
image/gif
Expires
Thu, 31 Dec 2037 23:55:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sync.adap.tv
URL
https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XnulvgAAAFkcBH97&_test=XnulvgAAAFkcBH97

Verdicts & Comments Add Verdict or Comment

250 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| gAMP_urlhost string| gAMP_urlpath string| gAMP_urlquery string| gAMP_contentid string| gAMP_category string| gAMP_contenttags object| ky_0x14c4 function| ky_0x5749 object| xop function| 2pkv9xhkcg0 boolean| vjk7ey1xlog object| 69h0d6c17uo number| kPrebidTimeout number| kRefreshPollTime number| gRefreshCount number| gOXRefreshCount boolean| gRefreshDebug boolean| gPrebidDebug number| k60SecondRefreshInterval number| k90SecondRefreshInterval number| k120SecondRefreshInterval number| k180SecondRefreshInterval number| kDoNotRefresh number| kDefaultRefreshInterval object| gSChainNodes undefined| gGDPR_forceLocale boolean| gGDPR_silentNoConsent boolean| gGDPR_forceNoConsent string| gGDPR_logoURL undefined| kAmazonPublisherID object| ad728x90ATF object| ad300x250ATF object| ad300x250ATF2 object| ad728x90ATFTAB object| ad300x250ATFTAB object| ad300x250ATF2TAB object| ad320x50ATF object| ad300x250ATFM object| ad300x250ATF2M object| ad2x2skin number| gBrowserWidth object| desktopAdUnits object| tabletAdUnits object| mobileAdUnits object| gAllSlotData number| gAllSlotCount object| OX_dfp_ads number| minWidth boolean| disableBids object| googletag object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleTokenSync object| Ew_0x3c5c function| Ew_0x47dc function| xblocker object| eb_0x26aa function| eb_0xa519 function| xblacklist number| google_srt undefined| google_measure_js_timing object| __core-js_shared__ object| core undefined| __cmp function| pbjsChunk object| pbjs object| _pbjsGlobals object| gRefreshSlots object| gRefreshIDs object| gRefreshTimes object| gRefreshIntervals object| gThisRefreshIDs object| gThisRefreshSlots boolean| gInitialLoad object| gPBJSTimeoutTimer object| gAmazonSlots object| gAmazonBids boolean| gAmazonBidsBack boolean| gOpenXBidsBack boolean| gPrebidBidsBack function| amp_getBidsForAllChannels function| amp_dumpTable function| amp_getBestBids function| amp_dumpBids function| amp_dumpWins function| customOxTargeting function| openXRefreshCallback function| sendAdserverRequest function| checkIfAllBidsBack function| amazonBidsBack function| pbjsBidsBack function| bidsTimeout function| sendBidRequests function| amp_refreshAllSlots function| amp_refreshSlots function| refreshAdSlots function| injectReportAdStyles function| addLoadEvent function| insertAfter function| configureAdSlot function| getCookie undefined| $ function| jQuery object| gdprDynamicStrings object| kss object| gdprStrings function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| dataLayer object| gf_global object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client object| viewPortSize object| debugIp object| debugId function| constructsekindoParent550 function| gformBindFormatPricingFields function| Currency function| gformCleanNumber function| gformGetDecimalSeparator function| gformIsNumber function| gformIsNumeric function| gformDeleteUploadedFile function| gformIsHidden function| gformCalculateTotalPrice function| gformGetShippingPrice function| gformGetFieldId function| gformCalculateProductPrice function| gformGetProductQuantity function| gformIsProductSelected function| gformGetBasePrice function| gformFormatMoney function| gformFormatPricingField function| gformToNumber function| gformGetPriceDifference function| gformGetOptionLabel function| gformGetProductIds function| gformGetPrice function| gformRegisterPriceField function| gformInitPriceFields function| gformShowPasswordStrength function| gformPasswordStrength function| gformAddListItem function| gformDeleteListItem function| gformAdjustClasses function| gformToggleIcons function| gformMatchCard function| gformFindCardType function| gformToggleCreditCard function| gformInitChosenFields function| gformInitCurrencyFormatFields function| gformFormatNumber function| getMatchGroups function| gf_get_field_number_format function| renderRecaptcha function| gformValidateFileSize function| gformInitSpinner function| gformAddSpinner function| gf_raw_input_change function| gf_get_input_id_by_html_id function| gf_get_form_id_by_html_id function| gf_get_ids_by_html_id function| gf_input_change function| gformExtractFieldId function| gformExtractInputIndex function| rgars function| rgar object| _gformPriceFields undefined| _anyProductSelected function| GFCalc object| gform undefined| __gf_keyup_timeout object| gfMultiFileUploader function| gf_apply_rules function| gf_check_field_rule function| gf_apply_field_rule function| gf_get_field_action function| gf_is_match function| gf_is_match_checkable function| gf_is_match_default function| gf_format_number function| gf_try_convert_float function| gf_matches_operation function| gf_get_value function| gf_do_field_action function| gf_do_next_button_action function| gf_do_action function| gf_reset_to_default undefined| __gf_timeout_handle object| Placeholders object| ak_js object| commentForm undefined| replyRowContainer undefined| children object| wp object| jQuery112409894751258523726 object| gf_form_conditional_logic string| gf_number_format function| do_callback object| google_tag_manager object| recaptcha object| closure_lm_540410 function| jQuery112409894751258523726_1585161659635 string| GoogleAnalyticsObject function| ga object| _qevents function| twq object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| twttr function| quantserve function| __qc object| ezt object| _qoptions number| __google_ad_urls_id number| google_unique_id boolean| sekindoFlowingPlayerOn function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter object| __google_ad_urls object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired object| google_reactive_ads_global_state function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP object| google_jobrunner object| google_ad_modifications number| google_global_correlator object| google_prev_clients

0 Cookies

25 Console Messages

Source Level URL
Text
console-api log URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 315)
Message:
gBrowserWidth =1600
console-api log URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 340)
Message:
OpenX Slot defined for /21707124336/ThreatPost-970x250-ATF div-gpt-ad-6794670-2
console-api log URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 340)
Message:
OpenX Slot defined for /21707124336/ThreatPost-300x250-ATF div-gpt-ad-6794670-3
console-api log URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 340)
Message:
OpenX Slot defined for /21707124336/ThreatPost-300x600-ATF div-gpt-ad-6794670-5
console-api log URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 340)
Message:
OpenX Slot defined for /21707124336/ThreatPost-2x2-Skin div-gpt-ad-6794670-1
console-api log URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 3)
Message:
CMP: Locale=en-us gdpr= false
console-api log URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 3)
Message:
GDPR is not applicable, skipping initialization of CMP
console-api log (Line 3)
Message:
Not calling apstag.init() typeof(kAmazonPublisherID)=undefined
console-api log (Line 3)
Message:
ENGINE: gSChainNodes found, prebid configured with 1 supply chain object(s)
console-api log (Line 3)
Message:
Initial Ad Load
console-api log (Line 3)
Message:
sendBidRequests() gPBJSTimeoutTimer=null pbjs.adserverRequestSent=undefined
console-api log (Line 3)
Message:
pbjs bids returned
console-api log (Line 3)
Message:
gPBJSTimeoutTimer cleared
console-api log (Line 3)
Message:
sendAdserverRequest(): pbjsBidsBack
console-api log (Line 3)
Message:
sendAdserverRequest()
console-api log (Line 3)
Message:
Not calling apstag.setDisplayBids() gAmazonBidsBack=false
console-api log (Line 3)
Message:
pbjs.getAdserverTargeting: >> Prebid
console-api log (Line 3)
Message:
[object Object]
console-api log (Line 3)
Message:
pbjs.getBidResponses:
console-api log (Line 3)
Message:
[object Object]
console-api log (Line 3)
Message:
gThisRefreshSlots=
console-api log (Line 3)
Message:
[object Object],[object Object],[object Object],[object Object]
console-api log (Line 3)
Message:
sendAdserverRequest(): ---> Calling googletag.pubads().refresh()
console-api log (Line 3)
Message:
console.groupEnd
console-api info URL: https://cdn.ampproject.org/rtv/012003101714470/amp4ads-v0.js(Line 407)
Message:
Powered by AMP ⚡ HTML – Version 2003101714470 https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/?web_view=true

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acdn.adnxs.com
ads.adaptv.advertising.com
ads.pubmatic.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
ap.lijit.com
as-sec.casalemedia.com
assets.threatpost.com
c.amazon-adsystem.com
cdn.ampproject.org
cm.g.doubleclick.net
e.serverbid.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
graph.facebook.com
hbopenbid.pubmatic.com
ib.adnxs.com
kasperskycontenthub.com
live.sekindo.com
match.adsrvr.org
media.threatpost.com
pagead2.googlesyndication.com
pixel.advertising.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
qd.admetricspro.com
rules.quantcount.com
secure.quantserve.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
static.ads-twitter.com
stats.g.doubleclick.net
sync.adap.tv
sync.serverbid.com
t.co
tagan.adlightning.com
teachingaids-d.openx.net
threatpost.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
video.sekindo.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.reddit.com
sync.adap.tv
104.244.42.197
134.209.129.254
143.204.202.5
151.101.112.157
151.101.113.108
152.199.21.89
167.172.1.14
172.217.22.2
185.127.16.52
185.220.205.220
185.64.189.112
199.232.53.140
205.185.216.10
216.52.2.48
216.58.206.2
23.8.15.54
2600:9000:2134:9800:0:5c46:4f40:93a1
2600:9000:2176:1600:2:9275:3d40:93a1
2600:9000:2176:4000:6:44e3:f8c0:93a1
2606:4700:3030::681b:a173
2a00:1288:110:c305::8000
2a00:1450:4001:800::2002
2a00:1450:4001:800::2008
2a00:1450:4001:800::200e
2a00:1450:4001:808::2004
2a00:1450:4001:815::2002
2a00:1450:4001:816::200a
2a00:1450:4001:81b::2001
2a00:1450:4001:81c::2003
2a00:1450:4001:820::2002
2a00:1450:4001:820::2003
2a00:1450:4001:825::2003
2a00:1450:400c:c07::9c
2a03:2880:f01c:800e:face:b00c:0:2
2a05:f500:10:101::b93f:9101
3.120.54.253
3.126.56.137
34.95.120.147
35.158.0.61
35.158.60.52
35.173.160.135
37.252.172.37
52.19.114.209
69.173.144.143
91.228.74.136
91.228.74.206
95.101.184.244
95.101.185.51
99.86.0.120
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
0700ca963cd747b3218de68a6482553a2016a4a016ef44d34862900c953efba1
0a1b5a439d79947cc5db6aa52347627ed146b7710af2ce042804a8a259ea966c
0b4b6edbb9dfa923bde86147c294879a60493c25e315b728abd03ebb7967add1
0beebca369560b7e66790550519f778098bc236470389046643728d4fe2b87eb
0fd953ce433919e53bd0becd88f9f5def2ea86ef980537fe224533d082592dc6
1375c3a601c8c119942e35a8a9b340c0a44c53b15983e961295f04dc66889da9
1b865de44e72a2747505e6411aca48ed3cb36be7a04bc4f278fcb397640897e8
1c6d050ba929828a393c4a5a47ad09fdeb41687590cbaa3eafb6e256dffa48fe
1d36800d5a9c72e02424db4f2ee2d3e3391388e8b7e863533f73c788df14ab5e
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1e3c8a651cd65a7e694a40402984b2ce0616cffdf05caaf28647c6f8d64af0ba
1f228da49041c803a9b37350971d949972f7621da29427026d06e73cdbfeb6f0
1fea51227a0d0a882dcf26ad5791bdf3bbb79958e076630e86427a8266300a2a
24b9fb1614d1b9cd7247ae2eaeef6051c0f5701a97a8a63cb2db2e870fb3eab2
24de45d70d956e08fee564550775d0698da4fd94d7a1f307383e9192a21fc192
2ad6f11aca9703e03bfe4c7bfc653ed76c80da9ead9eb8fbd4c4f883e967caba
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b45399fddc08d42e19321e415ff178a1259b2d0bd37378d20f73f58fb4b339d
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2ed8662cb6ca4b48b146127db22ebd71f824d54fb6ca11601bd8fa97ff572cf2
3000bf561ae4a3af7b060eff14cc377f81d86ff4410c0a7675e721baa6c5c068
30201304008e296c9c45f343d1057e775d213ba9a6cd32d25285dac53e26218b
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
31e953c96e86f74cd589b460ea07444a682888e98aa34593761206686ed42456
351e508c1da4f9d1535747086accb41121466a52044aa868eba4a36009fdb101
3825f0ef6c27c18da8c15e44c11878fbf6b028e00e843e1d833749ef23d9dac2
392ee73494ad87dfd8e26d58894a845e8b3f2f8b0e4faea89562c45014be5ccb
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3c005dba1d518d8fcd6bb8b0cd5264947d7c8c5b53363556d98c453428a376ef
3eb7a5ddfbc1e1606b7ebe2736d0ebd2ac9177936ddc25537369f74f50e57c4a
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
43842fb2f8d9c078ff0f59c748beeed6101568de6527330cffac3f7055524bce
4486f4e70d7321e8f64da51c38b50767e846bdaf4ef3441d628f27a4f8952c10
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
46872d9f0f8d6e31be116fa3e619ecc1f0e002484c1a0c3621932050d61c4069
46ac0ab0236a9dd822fc73f2c3eb9c4ff0d42f88d0b2026c735d6430d5b9354e
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49f6ce28bf691d68caf0194e319980493fe17958241d083ac686a0b31c70f41f
4ebb74bccc78dc81f31944b8c09651746486a736c0858d0e6213b8fed2b6ff3c
4ee36d77a67f176a8468c3fafd5c230a2b8584293b81221b004619e700f84106
558c6b070bc67a6a01e5e49957e7d46eff8560056a294ced3ec1f56ade8269fa
55bb116c5fb03c11a9002731ea2b31ee1cdcb3d94ee4fb5743281493c11d442e
56ab0f61f8ed6030bdd684f3752233177da0555b07cb172e0abffe8e02978bc5
5782cfd4d895132342c352d2207334fc69cfc757870949b913dd449128486391
5a1b118736ba9dc41f144f350574bec748a1ba0e8b355a99cbfe570ad236b50e
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5bdd2164f22a304758dc0a7fdb43ad498e8a3ee825a29e387b85d6d64c044ac0
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5debe6a8009208b266ba92497a32d47494173b54856ce46dce2aa28995af1848
5e00db38c7c200422a1b2604eccaee91db1aa7dd5aead5383f62b85cead19068
663ac3773e9741ad638447e6e9478f83e10e073c5ee433c5de3c640c7dae8c32
6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2
7354372015d7b7e54919221955eec15ec5833a2a36afa129dea08d90abf50b35
7392e80d684fccdd3169a810b6a261216f38474c9bff6c58f65103ee325f4082
76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e
76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099
78bc5dc1c09d79d9421e935ad00c2281a2c1b8f4966d244195391a54eb3cfb65
7d0492c66125b1c2bdc419641e41542857e7d90e323d355ee0b8bb268da121fb
7fe9c9bddddeedcfcc45dadb0f0c5f57cce1393013fff5d2c85ec6e9556d1414
8059ef7e4e176e0b52f8409da913d7232558458689998d6158fa830cff900e18
82af068ba43f9bef1eb790425bf25522200c9031b8ab6e899edffed118a202b7
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
89ce08431545cd3c6d42419d99ee0152027a68c1d0c7c82838cc9a51d9d52451
8b5bbc2b60e09019ce08162810338e87f4dbd768eb201ea3bf7d85f807b3006c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ee04e0441c9e51785d17ac835a93cf4d30d90826f87350b42ba233496a26f55
8f5aab2ec77ed44c628caf30bf731cba5d7e1fa8b067131e091c8fe9af55947f
8fa3dc8d99f9c768dab8377000d306d6c3795c024993ab8a7f42e29f5f236ddd
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c
92236ba12e109fff1e82ecabec1eda229af59c8374c54374a38a46dc01f53559
9387aadffc3591e88625a1412e99d5102291178b8709e7959f60790e0df20f4e
940e0c3385928422aae38e1a74f1d84b462d8ce1a056c686fde505a0bf3162bb
970d1c7b873652d09fdeb32bd3c64fd6b41af545c09e6f3d0ef639a1cfb0e392
993ebc45d9927d420801f05819222e8cc1aa523187e4c0b290df02b23ce18093
9a2d62f213deced23df27d40d992dea1c4b43d039515f2c16a3ef444452aa654
9ce62bc31fb8f8f6b76022662abe81fb995e95f719df0e22a6fa864538291c2c
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9d472cb43e4b1b45017fd51ee4f226c9b94ac04da07e66a8513ef8283d3080ed
9f40f7297122393e1425eec62e78a75c3211f7ad3f6b09a356aa317fcedc2cf3
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a131f31ca11fc278e39c2f004fe72c5a9c2c8c7459e55d361627b2aa9c92b983
a2bf27182a0beae64e7eb9da496baed4e62a1eb67ec01e306f3e41c95a5fbde0
a2e2059610101cb4718d6d9cf8d6e44243838304968710f35ed7f44188a9c279
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
a5e912ba2c711b19778be1cd1dc789bab043e10d9a2e8d088f6d25fb5ff6d3d7
a783d2ad42c380bc896219c080fa845d1e9f2e77483558103aeb296b95b85701
a7b094f48e6774d82dfc7864e438d35675e5dad0ba6f3222a8003e9a932f104e
a968b405c5b4dcd85f76e5400c41930968710351102d83a80cf114ad7549b5d0
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
a9f6c03ce6f4d1654f29f2136651e883198d509cb2e26af1c24b1f87b6ccae13
aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7
aaf45a172ec90c76bcecd61c68d998c2256fe9b1700371e80011d1161c5ab629
ac2a58f9d55c4642121cfb6f7e213cbc882bbdd75ef171ca8a07ed982ef693ce
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ace61d80f3fe90bbb02ab328d9705b57a9c8a95d3a0bf6b4cd510d4dacd033df
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
b2d6fcca7b06d9b949f7f407e9229e0323cb2a75cb6ee4ad35b53e25cf161605
b2e11a6d036e47dd106daa0d14d175a42337d24f1bb5b5df546b3096931f725c
b546be5b42d65b5d2eb3ef247886a1d692512462946bac11547df2a0a5ed02a2
b98e3901ded14df1f4660b0b151effb8cad5b18a086a102933c0561787f6afa2
bcf391dd0b006a87698ac0894d71039d610480913d24fcdaa1f2fdeeeda943e3
beb58d113da73001dfcbbb97b0e041c737361f1ae0050e6c60c96c14d69a46a7
c1ad472734d22921af52f3a8f2e7baac54c6d55ca18a5a6b26545cf2326b5a9d
c2b0d171a4179bf00898c430c1c15464e528aff5762fc70a5d02184834c82eff
c4173aadc6ecc4504b6027a2fff393a9166b96e79dc730c2d90a2146e4f613a1
c4ca1b4345ad8c00fd480a746e1a0f08c212ece3a894e8ea94db9dad099154ef
c75d3d7ec8ff92599edcf0840b82ee15b733b3c7b5b48c86274cf3a92e612e52
c8fe5180d034b77448d84fa4d5f3d2e36a94aa899b54cdf21ccb9d8228d8d82c
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd72140fc3ec50a30d23e7b19b8c907d5e85ccbb0ea8e92ca3d2bb57faf6a7e8
cf505aa2560757b32e7572cd1b7ad465844fe8e622b3faa249e7c8d5d932fb75
d248bb41224321fbec6777da358bce1ab63d997af40ccfba8f8bb68855d70e50
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
e107ee0ce6bbe3eeca2b5cbe98251de6bf8be5a53aa8060e9c8affb4cc8d2bfa
e17e03dc3ff1767a8d185975a2bf392068a0b2f2848503c38ceaa3f10fb0ea84
e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796
e3827e211932573b49bc847f79077e85e27877abc8426fc3dd4703ab797f0134
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e05b274c76d548e39c6633af671d715bd1be28a929ab47a5ae8d29ff120df7
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e49757fb6a21657071fe47fddf22b3dd01c0a2d579b0bb9570ef941f919fdf9f
e69b4aedd4ba4df00f7340e4a299dacca0abd06295d6c871f6816ea07db2507c
e7a5932b6d57a395b5b5b31af1a0906620a11d197103d65b9f7901bddf2f1856
e8d7c60749c1d62942a8e0a6f901800bd14ff3094251373626cd99a8875c6391
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
eab15001f6fb4511c86535abe6fea6fd8891c0f693d48e27e3a80d782bc1bd10
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ed8348ad255986ca08204cc5d4bd3a58e8173a0588b47d89895f77af07c9adaf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f02afeb5b738e5795e3e631cb9463385dab46478566f33f898f1061edc28b91f
f19e7ee6cdf20bd478c037707c447b7cd469051de4dadeac32a795efb463c2e2
f4f2c0a4763f01ee2b13b4f8189e6fd5f32bd704d71fed8d0f11883de9724198
f83e347d65965205cac7a0ee0394d832e6678b70f3ce0e2f5f40c9de33208cbb
f89d17dc2e4ecb385243b7b4cdaf5d8d9f6d4b9829e2be80afb66d01721835e3
fa74004080332b30cfe2134ee775e15b1922adc79a455b2562df9aea89ba061b
faf000460e51b498af07f3982b4d1bafd510ce2a79fc180b52e7b9fb1d6e9f7b
fdeb7f92826abf9d6a3aad0e3ee1ebab6e526b4531e8b0c9b1f8f3166c431613
ffdc18ac8f47bcd50dd9c33532c334e7073717a62b367d95b9cb1561048547dc