URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-...
Submission: On April 03 via api from GB

Summary

This website contacted 37 IPs in 6 countries across 27 domains to perform 151 HTTP transactions. The main IP is 34.197.250.24, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.scmagazine.com.
TLS certificate: Issued by RapidSSL RSA CA 2018 on September 5th 2019. Valid for: a year.
This is the only time www.scmagazine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 34.197.250.24 14618 (AMAZON-AES)
23 108.161.188.228 33438 (HIGHWINDS2)
6 204.180.130.159 53866 (QTS-AS)
2 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:20e... 16509 (AMAZON-02)
3 52.216.248.206 16509 (AMAZON-02)
1 4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 13 172.217.18.98 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 3.211.216.130 14618 (AMAZON-AES)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
22 2a00:1450:400... 15169 (GOOGLE)
1 143.204.94.29 16509 (AMAZON-02)
1 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
1 2600:1f14:e96... 16509 (AMAZON-02)
1 143.204.97.40 16509 (AMAZON-02)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2a05:f500:10:... 14413 (LINKEDIN)
5 52.22.20.103 14618 (AMAZON-AES)
1 13.225.73.22 16509 (AMAZON-02)
1 3 216.58.206.6 15169 (GOOGLE)
2 3 185.33.223.210 29990 (ASN-APPNEX)
3 35.175.86.40 14618 (AMAZON-AES)
5 2a00:1450:400... 15169 (GOOGLE)
2 204.180.130.165 53866 (QTS-AS)
1 4 2600:1f14:e96... 16509 (AMAZON-02)
1 3 216.58.207.66 15169 (GOOGLE)
1 35.190.72.21 15169 (GOOGLE)
2 2 99.81.223.179 16509 (AMAZON-02)
1 46.51.196.250 16509 (AMAZON-02)
1 52.26.12.4 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
151 37
Apex Domain
Subdomains
Transfer
23 netdna-ssl.com
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
345 KB
20 doubleclick.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
ad.doubleclick.net
cm.g.doubleclick.net
googleads4.g.doubleclick.net
119 KB
17 googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
413 KB
10 ampproject.org
cdn.ampproject.org
420 KB
8 omeda.com
olytics.omeda.com
oqs.omeda.com
76 KB
7 feathr.co
cdn.feathr.co
polo.feathr.co
marco.feathr.co
polo-v1.feathr.co
37 KB
7 googletagservices.com
www.googletagservices.com
108 KB
6 b2c.com
api.b2c.com
api-52-26-12-4.b2c.com
7 KB
5 google.com
adservice.google.com
www.google.com
351 B
4 dpmsrv.com
s.dpmsrv.com
a.dpmsrv.com
40 KB
4 adsrvr.org
js.adsrvr.org
match.adsrvr.org
insight.adsrvr.org
3 KB
4 google-analytics.com
www.google-analytics.com
41 KB
3 adnxs.com
ib.adnxs.com
3 KB
3 linkedin.com
px.ads.linkedin.com
www.linkedin.com
3 KB
3 gstatic.com
fonts.gstatic.com
42 KB
3 amazonaws.com
s3.amazonaws.com
2 MB
2 google.de
adservice.google.de
www.google.de
280 B
2 googleapis.com
fonts.googleapis.com
1 KB
2 scmagazine.com
www.scmagazine.com
22 KB
1 2mdn.net
s0.2mdn.net
59 KB
1 rlcdn.com
idsync.rlcdn.com
40 B
1 licdn.com
snap.licdn.com
2 KB
1 haymarketmedia.com
accounts.haymarketmedia.com
617 B
1 lytics.io
c.lytics.io
386 B
1 crazyegg.com
script.crazyegg.com
1 maropost.com
content.maropost.com
3 KB
1 googletagmanager.com
www.googletagmanager.com
39 KB
151 27
Domain Requested by
23 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com www.scmagazine.com
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
13 securepubads.g.doubleclick.net 1 redirects www.googletagservices.com
securepubads.g.doubleclick.net
www.scmagazine.com
12 tpc.googlesyndication.com securepubads.g.doubleclick.net
www.scmagazine.com
tpc.googlesyndication.com
cdn.ampproject.org
ad.doubleclick.net
10 cdn.ampproject.org securepubads.g.doubleclick.net
7 www.googletagservices.com www.scmagazine.com
securepubads.g.doubleclick.net
olytics.omeda.com
www.googletagservices.com
ad.doubleclick.net
6 olytics.omeda.com www.scmagazine.com
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
olytics.omeda.com
5 api-52-26-12-4.b2c.com 1 redirects www.scmagazine.com
5 pagead2.googlesyndication.com olytics.omeda.com
securepubads.g.doubleclick.net
4 polo.feathr.co cdn.feathr.co
www.scmagazine.com
4 www.google.com 1 redirects www.scmagazine.com
4 www.google-analytics.com 1 redirects www.googletagmanager.com
www.google-analytics.com
3 a.dpmsrv.com www.scmagazine.com
s.dpmsrv.com
3 ib.adnxs.com 2 redirects
3 ad.doubleclick.net 1 redirects www.scmagazine.com
www.googletagservices.com
3 fonts.gstatic.com www.scmagazine.com
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
3 s3.amazonaws.com www.scmagazine.com
2 googleads4.g.doubleclick.net ad.doubleclick.net
2 match.adsrvr.org 2 redirects
2 oqs.omeda.com olytics.omeda.com
www.scmagazine.com
2 px.ads.linkedin.com 1 redirects www.scmagazine.com
2 fonts.googleapis.com www.scmagazine.com
2 www.scmagazine.com 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
1 s0.2mdn.net www.scmagazine.com
1 insight.adsrvr.org js.adsrvr.org
1 polo-v1.feathr.co www.scmagazine.com
1 idsync.rlcdn.com www.scmagazine.com
1 cm.g.doubleclick.net 1 redirects
1 marco.feathr.co www.scmagazine.com
1 www.linkedin.com 1 redirects
1 s.dpmsrv.com www.scmagazine.com
1 api.b2c.com www.googletagmanager.com
1 snap.licdn.com www.scmagazine.com
1 js.adsrvr.org www.googletagmanager.com
1 www.google.de www.scmagazine.com
1 stats.g.doubleclick.net 1 redirects
1 cdn.feathr.co 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
1 accounts.haymarketmedia.com 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
1 c.lytics.io 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
1 adservice.google.com www.googletagservices.com
1 adservice.google.de www.googletagservices.com
1 script.crazyegg.com www.googletagmanager.com
1 content.maropost.com www.scmagazine.com
1 www.googletagmanager.com www.scmagazine.com
151 43
Subject Issuer Validity Valid
*.scmagazine.com
RapidSSL RSA CA 2018
2019-09-05 -
2020-09-04
a year crt.sh
*.netdna-ssl.com
Sectigo RSA Domain Validation Secure Server CA
2020-02-18 -
2021-03-18
a year crt.sh
*.omeda.com
SSL.com RSA SSL subCA
2020-03-18 -
2020-08-28
5 months crt.sh
*.storage.googleapis.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.maropost.com
Go Daddy Secure Certificate Authority - G2
2019-06-10 -
2021-08-09
2 years crt.sh
s3.amazonaws.com
DigiCert Baltimore CA-2 G2
2019-11-09 -
2020-12-02
a year crt.sh
ssl945600.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2020-01-28 -
2020-08-05
6 months crt.sh
*.google.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2
2019-11-10 -
2020-10-09
a year crt.sh
accounts.haymarketmedia.com
Amazon
2019-09-28 -
2020-10-28
a year crt.sh
www.google.de
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.adsrvr.org
Trustwave Organization Validation SHA256 CA, Level 1
2019-03-07 -
2021-04-19
2 years crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
*.b2c.com
Amazon
2020-02-25 -
2021-03-25
a year crt.sh
*.dpmsrv.com
Amazon
2019-05-14 -
2020-06-14
a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2020-03-04 -
2020-09-04
6 months crt.sh
polo.feathr.co
Let's Encrypt Authority X3
2020-02-13 -
2020-05-13
3 months crt.sh
marco.feathr.co
Amazon
2019-09-20 -
2020-10-20
a year crt.sh
*.doubleclick.net
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2019-04-24 -
2020-04-23
a year crt.sh
polo-v1.feathr.co
Let's Encrypt Authority X3
2020-02-13 -
2020-05-13
3 months crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA
2019-01-23 -
2021-03-08
2 years crt.sh
misc-sni.google.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
www.google.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh

This page contains 9 frames:

Primary Page: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Frame ID: 3DAB73238FC99F3D4947478AC5F894EC
Requests: 115 HTTP requests in this frame

Frame: data://truncated
Frame ID: F2978492B216772C5060710210918BD3
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=znpsh7f&ref=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&upid=e4qkh98&upv=1.1.0
Frame ID: 79607DBE9B0192142F9E6E1AA7368997
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 2E29497C233DC61A959F8232B04C193D
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Frame ID: E1C2B048B5221CF968EFB6965487E7D7
Requests: 9 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Frame ID: 402CD50A7C0A269491C42C184ABCFC9A
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Frame ID: 3C04B397E5E9349C4BE4FA9BE293E846
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv02UzG8JVbNDJ8R7873DvIlDfe1rAZ_MU1YgyChyt3bnNskAjKBZk6e_dtNyJdd8Y15Dp5I-FaIOTWzbHdNA2PEtl57MA74uv_CKnl1asZD_ZBny5M8k5fhDjd8my--XMZCXSFGSkptEKNYyckQQ8waJs5GllHQh9lwJyI3RwspNzd-wx2rQ89opKyV5Itp_8hxyQvnoH85vmDraYeWRPpoeOjxA6m3iqDE7Ekcwdq_MJLKPdhZnBFzElS7s-NqYeKOQ&sig=Cg0ArKJSzDvwoPjuNIh-EAE&urlfix=1&adurl=
Frame ID: 084B2579988F12F8EC2E9D22F22E0378
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: ADFB0C738FC9DA74AAA7AC34DC18A270
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /script\.crazyegg\.com\/pages\/scripts\/\d+\/\d+\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
  • html /<!-- (?:End )?Google Tag Manager -->/i

Page Statistics

151
Requests

85 %
HTTPS

51 %
IPv6

27
Domains

43
Subdomains

37
IPs

6
Countries

3393 kB
Transfer

6088 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 68
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1775146832&t=pageview&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&ul=en-us&de=UTF-8&dt=Password%20found%20to%20rescue%20victims%20of%20malicious%20COVID-19%20tracker%20app&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGDAAAADQ~&jid=1767165818&gjid=1312709652&cid=880951314.1585915585&tid=UA-1290429-10&_gid=1976381246.1585915585&_r=1&gtm=2wg3p1MHZ6C39&cd1=102615%3A0&cd2=coronavirus%2Ccybercrime%2Cmalware%2Cmobile%20security%2Cransomware&cd3=Bradley%20Barth&cd4=59&cd5=post&cd6=News&cd7=&cd9=2020-03-16&cd10=705&cd12=&cd14=&cd15=&z=1909349960 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1290429-10&cid=880951314.1585915585&jid=1767165818&_gid=1976381246.1585915585&gjid=1312709652&_v=j81&z=1909349960 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=880951314.1585915585&jid=1767165818&_v=j81&z=1909349960 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=880951314.1585915585&jid=1767165818&_v=j81&z=1909349960&slf_rd=1&random=2495688024
Request Chain 77
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&time=1585915585580 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68780%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity-news%252Fnews-archive%252Fcoronavirus%252Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%252F%26time%3D1585915585580%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&time=1585915585580&liSync=true
Request Chain 82
  • https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss5fN4wYbX9eh8nrmQXFxoF4PfmN9l0fPczGs_5wQ1vzSFQLtQgIPpBKcjYg03Fm3ndxojY53AHGZW53g3RRRxt0i1_fxYJXpBewVXq4eNg2WLeIqsHV8RU3pVQw9V6Rrz9xvDzlDZtRMlcBj8u4fZ1yRo_Gngi6I0yEm52CzEGaGfobi8ZW0LpZPgYMuFsbPiYlNy2WrajZZnpH12robq2VOFPaOsV_WYpQF6t48-1BZ8zpMOwkiR2GbqkTC50_2ZnotqNop3PcgfEHEQ&sai=AMfl-YRhCVVzRK7KyjzCbxXBT57TXYPlQSdLlKxaF9VaOo-aeYVb-rTbS1JSq0w5WOytzdTLR8D4MLvDpo0PUB6hERuPB1Ojeb1zUyliNlyJ&sig=Cg0ArKJSzLUq5OcwA9oOEAE&urlfix=1&adurl=https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDn5vzuURABGAEyCIpg8wtxFUxf&b2s=false HTTP 302
  • https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDn5vzuURABGAEyCIpg8wtxFUxf&b2s=false
Request Chain 83
  • https://ad.doubleclick.net/ddm/trackimp/N510001.130598SCMAGAZINEUS2/B23930244.270774553;dc_trk_aid=465774920;dc_trk_cid=130306048;ord=709913250;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N510001.130598SCMAGAZINEUS2/B23930244.270774553;dc_pre=CI_9gfmbzOgCFbrDuwgdZrMCPQ;dc_trk_aid=465774920;dc_trk_cid=130306048;ord=709913250;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Request Chain 84
  • https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&q%3DxImp%26v%3D1.x%26cl%3D1122%26pixelIndex%3D0%26r%3D391474%26tzOffset%3D-120%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity-news%252Fnews-archive%252Fcoronavirus%252Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%252F&_=1585915585703 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26q%253DxImp%2526v%253D1.x%2526cl%253D1122%2526pixelIndex%253D0%2526r%253D391474%2526tzOffset%253D-120%2526url%253Dhttps%25253A%25252F%25252Fwww.scmagazine.com%25252Fhome%25252Fsecurity-news%25252Fnews-archive%25252Fcoronavirus%25252Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%25252F%26_%3D1585915585703 HTTP 302
  • https://a.dpmsrv.com/dpmpxl/index.php?id=4463431617475281923&q=xImp&v=1.x&cl=1122&pixelIndex=0&r=391474&tzOffset=-120&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&_=1585915585703
Request Chain 91
  • https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=4463431617475281923&pixelIndex=0&_=1585915585704 HTTP 302
  • https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=4463431617475281923&pixelIndex=0&_=1585915585704&google_gid=CAESEOjB5ylVUcvfJ1mO0-ICcUA&google_cver=1
Request Chain 93
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5e8726c1dc5dff00088131d0&gdpr=0 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5e8726c1dc5dff00088131d0&gdpr=0 HTTP 302
  • https://polo-v1.feathr.co/v1/analytics/match?f_id=5e8726c1dc5dff00088131d0&ttd_id=e4b22886-6360-4a36-9f45-35488a93b13d
Request Chain 95
  • https://api-52-26-12-4.b2c.com/api/x?0C892Ewuexpu6Cbb$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL25ld3MtYXJjaGl2ZS9jb3JvbmF2aXJ1cy9wYXNzd29yZC1mb3VuZC10by1yZXNjdWUtdmljdGltcy1vZi1tYWxpY2lvdXMtY292aWQtMTktdHJhY2tlci1hcHAvIiwicmVmZXJyZXIkMCQiLCJhbmNlc3Rvck9yaWdpbnMkMCQiLCJ2aWRlbyQwJDE2MDB4MTIwMHgyNCIsImZyYW1lJDAkMCIsImhpZGRlbiQwJDAiLCJ2aXNpYmlsaXR5U3RhdGUkMCR2aXNpYmxlIiwiaGFzRm9jdXMkMCQxIiwid2luZG93JDAkMTU4NXgxMjAwIiwiaW5uZXIkMCQxNjAweDEyMDAiLCJvdXRlciQwJDE2MDB4MTIwMCIsImxvY2FsU3RvcmFnZSQwJEVycm9yOiBUeXBlRXJyb3I6IENhbm5vdCByZWFkIHByb3BlcnR5ICdzZXRJdGVtJyBvZiBudWxsIiwic2Vzc2lvblN0b3JhZ2UkMSQxIiwiYXBwQ29kZU5hbWUkMSRNb3ppbGxhIiwiYXBwTmFtZSQxJE5ldHNjYXBlIiwiYXBwVmVyc2lvbiQxJDUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xNF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzQuMC4zNzI5LjE2OSBTYWZhcmkvNTM3LjM2IiwiY29va2llRW5hYmxlZCQxJHRydWUiLCJkb05vdFRyYWNrJDEkIiwiaGFyZHdhcmVDb25jdXJyZW5jeSQxJDE2IiwibGFuZ3VhZ2UkMSRlbi1VUyIsInBsYXRmb3JtJDEkTGludXggeDg2XzY0IiwicHJvZHVjdCQxJEdlY2tvIiwicHJvZHVjdFN1YiQxJDIwMDMwMTA3Iiwic2VuZEJlYWNvbiQxJDEiLCJ1c2VyQWdlbnQkMSRNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xNF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzQuMC4zNzI5LjE2OSBTYWZhcmkvNTM3LjM2IiwidmVuZG9yJDEkR29vZ2xlIEluYy4iLCJ2ZW5kb3JTdWIkMSQiLCJmb250cmVuZGVyJDYkMSIsIndlYmdsJDckbi9hIiwid2ViZ2wyJDckMCIsInRpbWUkOCQxNTg1OTE1NTg2MTE5IiwidGltZXpvbmUkOCQtMTIwIiwicGx1Z2lucyQ4JE5vbmUiLCJtZW0tdG90YWxKU0hlYXBTaXplJDgkMTIuODg5ODIiLCJtZW0tdXNlZEpTSGVhcFNpemUkOCQxMC43MjA4MjQiLCJtZW0tanNIZWFwU2l6ZUxpbWl0JDgkNDI5NC43MDUxNTIiLCJ0aW1lLWRvbWFpbkxvb2t1cFN0YXJ0JDgkMSIsInRpbWUtZG9tYWluTG9va3VwRW5kJDgkMjkiLCJ0aW1lLWNvbm5lY3RTdGFydCQ4JDI5IiwidGltZS1jb25uZWN0RW5kJDgkMjQ1IiwidGltZS1zZWN1cmVDb25uZWN0aW9uU3RhcnQkOCQ0MSIsInRpbWUtcmVxdWVzdFN0YXJ0JDgkMjQ1IiwidGltZS1yZXNwb25zZVN0YXJ0JDgkNDU3IiwidGltZS1yZXNwb25zZUVuZCQ4JDQ2NCIsInRpbWUtZG9tTG9hZGluZyQ4JDQ2NSIsInRpbWUtZG9tSW50ZXJhY3RpdmUkOCQxMjAwIiwibmF2aWdhdGlvbi1yZWRpcmVjdENvdW50JDgkMCIsIm5hdmlnYXRpb24tdHlwZSQ4JG5hdmlnYXRlIiwiZ2xvYmFscy10aW1lJDE0JDAuNzkiLCJnbG9iYWxzJDE0JDQwNThjNmY1IiwiZG9jdW1lbnQtdGltZSQxOSQxLjMwNSIsImRvY3VtZW50JDE5JDQ4MmJlMjhhIiwiY29ubmVjdGlvbiQxOSQiLCJkb3dubGlua01heCQxOSQiLCJnZXRVc2VyTWVkaWEkMTkkMiIsImNsb2NrJDI0JDI1MjQiLCJiYXR0ZXJ5JDEwNSQxIDEgMCBJbmZpbml0eSIsImludGVyc2VjdGlvbi1zaXplJDEwNSQxNTg1eDEyMDAiLCJpbnRlcnNlY3Rpb24kMTA1JDQwIiwiYXVkaW9jb250ZXh0JDEwNyRkYzY2YTYyOCIsInNvcnQkMTM1JDExLjQ1IiwiZnJhbWVyYXRlJDEzNSQzMA HTTP 302
  • https://api-52-26-12-4.b2c.com:444/api/4?0C892Ewuexpu6Cbb

151 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
91 KB
20 KB
Document
General
Full URL
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-250-24.compute-1.amazonaws.com
Software
nginx / WP Engine
Resource Hash
21aa2f360d3db72a42ff3fc73c4ed3b59cb0663821099fc8dcd54e7b82a1c75b

Request headers

:method
GET
:authority
www.scmagazine.com
:scheme
https
:path
/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
server
nginx
date
Fri, 03 Apr 2020 12:06:24 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding Accept-Encoding Accept-Encoding,Cookie,X-WPENGINE-SEGMENT
link
<https://www.scmagazine.com/wp-json/>; rel="https://api.w.org/" <https://www.scmagazine.com/?p=102615>; rel=shortlink
x-powered-by
WP Engine
x-cacheable
SHORT
cache-control
max-age=600, must-revalidate s-maxage=2592000
x-cache
HIT: 8
x-cache-group
normal
content-encoding
br
style.min.css
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-includes/css/dist/block-library/
40 KB
6 KB
Stylesheet
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-includes/css/dist/block-library/style.min.css?ver=5.3.2
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Tue, 05 Nov 2019 22:06:04 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5dc1f24c-a1fb"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
text/css
status
200
cache-control
public, max-age=30, s-maxage=2592000
shared-style.min.css
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/css/
48 KB
7 KB
Stylesheet
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/css/shared-style.min.css?ver=1576575436
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
33fe4fe8214760f15a5fdd753b5c396ee5b916e5d6f66f79d4765ed260706723

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Tue, 17 Dec 2019 09:37:16 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5df8a1cc-c05a"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
text/css
status
200
cache-control
public, max-age=30, s-maxage=2592000
olytics.css
olytics.omeda.com/olytics/css/v3/p/
14 KB
2 KB
Stylesheet
General
Full URL
https://olytics.omeda.com/olytics/css/v3/p/olytics.css?ver=1.0
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS
my.omedastaging.com
Software
Apache /
Resource Hash
b1dee28cc772eb1903b9c309483167354c1054136ccf16ef18908b2eecd4b980
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Fri, 03 Apr 2020 12:06:32 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 31 Jan 2020 16:30:36 GMT
Server
Apache
ETag
W/"13883-1580488236000"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=21600
Transfer-Encoding
chunked
Accept-Ranges
bytes
vary
accept-encoding
X-XSS-Protection
1; mode=block
Expires
Fri, 03 Apr 2020 18:06:33 GMT
style.min.css
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/css/
240 KB
32 KB
Stylesheet
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/css/style.min.css?ver=1584149012
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
828a9b7392d22c3f9dfaabb21b2e9c640df68c5035c01daf47a95a9d95f7b9d5

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Sat, 14 Mar 2020 01:23:32 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5e6c3214-3bf22"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
text/css
status
200
cache-control
public, max-age=30, s-maxage=2592000
css
fonts.googleapis.com/
3 KB
584 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
90bedfa7bbd2bb58b7f47611a77feaf852c117ed7e344885cdb34f7df940658f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 03 Apr 2020 12:06:24 GMT
server
ESF
date
Fri, 03 Apr 2020 12:06:24 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 03 Apr 2020 12:06:24 GMT
lytics.min.css
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/css/
37 KB
3 KB
Stylesheet
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/css/lytics.min.css?ver=1576575436
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
ece5f25bbc643556099a200aa2df5c428d74048e55db71c1880afd1adcb425a9

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Tue, 17 Dec 2019 09:37:16 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5df8a1cc-95f6"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
text/css
status
200
cache-control
public, max-age=30, s-maxage=2592000
css
fonts.googleapis.com/
825 B
494 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Bree+Serif&ver=0.1.1
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
19aa6c614f72f6bb67cb17a6169ca551686c2bab5475293c95880f5f32cd830e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 03 Apr 2020 12:06:24 GMT
server
ESF
date
Fri, 03 Apr 2020 12:06:24 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 03 Apr 2020 12:06:24 GMT
jquery.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-includes/js/jquery/
95 KB
34 KB
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Fri, 17 May 2019 04:25:54 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5cde37d2-17a69"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
jquery-migrate.min.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-includes/js/jquery/
10 KB
4 KB
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Fri, 20 May 2016 06:11:28 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"573eaa90-2748"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
cookie.min.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/mu-plugins/cookie-controller/js/
2 KB
1 KB
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/mu-plugins/cookie-controller/js/cookie.min.js?ver=1.2
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
e828282e92509efc0f7bc57888382c5816bd403e0abbb685eda5c4372cc7daa5

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Tue, 17 Dec 2019 09:37:13 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5df8a1c9-834"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
hm-olytics-beacon.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/plugins/hm-olytics-beacon/js/
1 KB
817 B
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/plugins/hm-olytics-beacon/js/hm-olytics-beacon.js?ver=1.0
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
90a260084cfdf97ada7a8e0650eb310a4206d79f1b3a53225d2b9053cc9e4c13

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Tue, 17 Dec 2019 09:37:14 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5df8a1ca-421"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
UtilityMove-custom.min.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/vendor/
2 KB
1 KB
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1576744511
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
cffef365e4b53f1a6e9d33a7d42c0d1542b573360f774069589240f75f0e84f1

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Thu, 19 Dec 2019 08:35:11 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5dfb363f-751"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
polyfill.min.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/js/frontend/
102 KB
35 KB
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/js/frontend/polyfill.min.js?ver=1576575436
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Tue, 17 Dec 2019 09:37:16 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5df8a1cc-19873"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
gpt.js
www.googletagservices.com/tag/js/
43 KB
14 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6451cee0b08779f930ed6e5abb3fcc22426d37474965112b826c26c83255e74b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"475 / 692 of 1000 / last-modified: 1585899490"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
14651
x-xss-protection
0
expires
Fri, 03 Apr 2020 12:06:24 GMT
head.min.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/
43 KB
13 KB
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/head.min.js?ver=1584542829
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
84fe87df0041db87059cf9c0c269909ea90f7c2d6d14cf048db79734f9f31858

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Wed, 18 Mar 2020 14:47:09 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5e72346d-ad2b"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
SC-MEDIACYBERSOURCEnotag.jpg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/uploads/sites/2/2020/01/
138 KB
138 KB
Image
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/uploads/sites/2/2020/01/SC-MEDIACYBERSOURCEnotag.jpg
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
ad6110f575081c4de945f980ccf2e045737f164ad2a3d294daffd192f7a5c914

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
last-modified
Tue, 21 Jan 2020 20:09:10 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
"5e275a66-227bb"
vary
Accept-Encoding
x-cache
HIT
content-type
image/jpeg
status
200
cache-control
public, max-age=30, s-maxage=2592000
accept-ranges
bytes
content-length
141243
gtm.js
www.googletagmanager.com/
130 KB
39 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
00d23e8a12aecc900ddea762314f70b11d1cae07fad025158c697b7c055b167e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
br
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
server
Google Tag Manager
access-control-allow-origin
*
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Cache-Control
content-length
39554
x-xss-protection
0
expires
Fri, 03 Apr 2020 12:06:24 GMT
CSAM.png
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/uploads/sites/2/2020/03/
9 KB
9 KB
Image
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/uploads/sites/2/2020/03/CSAM.png
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
a3326bcc413a9b2f40f263dc4fb4c5f9ef9a0907acf1bd60eb112cd8bbf7e814

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
last-modified
Tue, 17 Mar 2020 21:29:07 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
"5e714123-22fc"
vary
Accept-Encoding
x-cache
HIT
content-type
image/png
status
200
cache-control
public, max-age=30, s-maxage=2592000
accept-ranges
bytes
content-length
8956
spinner.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src/
694 B
651 B
Image
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src/spinner.svg
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
abb1dd7905b3797711e15609800d43cabead4c0358dc0030a1932a20e82a37d7

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Tue, 17 Dec 2019 09:37:16 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5df8a1cc-2b6"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
status
200
cache-control
public, max-age=30, s-maxage=2592000
scvx-video-150x150.jpg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/uploads/sites/2/2020/03/
5 KB
5 KB
Image
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/uploads/sites/2/2020/03/scvx-video-150x150.jpg
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
d73d2bc9d03f69bdb9442501cd9c5616699768f2716a71695aca92acfe91df12

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
last-modified
Mon, 16 Mar 2020 15:20:06 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
"5e6f9926-14c5"
vary
Accept-Encoding
x-cache
HIT
content-type
image/jpeg
status
200
cache-control
public, max-age=30, s-maxage=2592000
accept-ranges
bytes
content-length
5317
2b6d39d680de90da3cea5ebacea7f74c744475a9-v3.js
content.maropost.com/uploads/1325/websites/1/
3 KB
3 KB
Script
General
Full URL
https://content.maropost.com/uploads/1325/websites/1/2b6d39d680de90da3cea5ebacea7f74c744475a9-v3.js?ver=1.1
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20eb:d400:a:1779:3180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0c7e4012cb73f8c0836fa8aee34bb0da2250b5af84d0c4a1959d60764597f05a

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 03:00:52 GMT
via
1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront)
last-modified
Thu, 13 Dec 2018 20:46:06 GMT
server
AmazonS3
age
32733
etag
"33bca5680760348835deea8e5dcbdb62"
x-cache
Hit from cloudfront
status
200
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
2565
x-amz-cf-id
V9RYAnbu04-fPTN7poFaypu2osQpiG-at6SXiUunOJQq5o9bHsvsww==
blocks.min.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/
7 KB
3 KB
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/blocks.min.js?ver=1580891445
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
5dfb849a3b8bcf3e07184092c4cc99a9f08f27f01e5de41a871d3ee8750303bd

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Wed, 05 Feb 2020 08:30:45 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5e3a7d35-1b54"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
feather-tool.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/plugins/hm-feathr-tool/js/
548 B
633 B
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/plugins/hm-feathr-tool/js/feather-tool.js?ver=1.2
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
579a9beff0c400b8b0e87f99d32c3ec8b2b3232232d6ac63438434a0a0d7a8b7

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Tue, 17 Dec 2019 09:37:14 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5df8a1ca-224"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
hm-olytics-page-tag.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/plugins/hm-olytics-beacon/js/
103 B
329 B
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/plugins/hm-olytics-beacon/js/hm-olytics-page-tag.js?ver=1.0
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
1b79426177f0c17d98c2ffe3aee5403f1f2a50b85d7177080cd06cfc37e2a300

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Tue, 17 Dec 2019 09:37:14 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5df8a1ca-67"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
hmi-registration-ui.manifest.js
s3.amazonaws.com/haymarket-reg-js/develop/production/
799 B
1 KB
Script
General
Full URL
https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.manifest.js?ver=0.1.1
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.248.206 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
4d3e9dbf75d761b4fc344b3be601971eb517ce533c7ce46e093539e03349616e

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 03 Apr 2020 12:06:26 GMT
Last-Modified
Wed, 12 Feb 2020 21:49:01 GMT
Server
AmazonS3
x-amz-request-id
B2052F017E02FE89
ETag
"6878a8fbe72bde4a3f8ecf5b16523972"
Content-Type
application/javascript
Content-Length
799
Accept-Ranges
bytes
x-amz-version-id
FP3SW71vA20BSgqiArAX.j7pMa0EJKOy
x-amz-id-2
DZp31Aj+i0TRceonBMAWu+LfjyYtQ2Oh7v9LcpADXZy/0x+Q98BT7WyDAu/HdSWfv7biDlwd5Pk=
hmi-registration-ui.vendor.js
s3.amazonaws.com/haymarket-reg-js/develop/production/
357 KB
357 KB
Script
General
Full URL
https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.vendor.js?ver=0.1.1
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.248.206 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
7ad20336a8307853dc49274515b01a6e154c0028e23f3868ca19b5934accfffc

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 03 Apr 2020 12:06:26 GMT
Last-Modified
Wed, 12 Feb 2020 21:49:01 GMT
Server
AmazonS3
x-amz-request-id
95DB8B4795E4E661
ETag
"6d58ae43141a010043649e2fd1f590c0"
Content-Type
application/javascript
Content-Length
365119
Accept-Ranges
bytes
x-amz-version-id
gDV5x7r8gWZYlxPw8bO7wni3U6LTB.1i
x-amz-id-2
ZiYF3L1fBvlPhvj9zbcAWd08KIcxIs66f3JTdjQ54mmdnCEsiOdBk6VA2J9860CLCeWFCB4yE4w=
hmi-registration-ui.bundle.js
s3.amazonaws.com/haymarket-reg-js/develop/production/
1 MB
1 MB
Script
General
Full URL
https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.bundle.js?ver=0.1.1
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.248.206 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
88b8c776fc89926dc0cc65d4a48d474bfe7f8f37924e799573ed0fff5193b0f2

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 03 Apr 2020 12:06:26 GMT
Last-Modified
Wed, 12 Feb 2020 21:49:01 GMT
Server
AmazonS3
x-amz-request-id
97EB78C8AD5DB9CF
ETag
"3a66e4d9eceb2cb1e6e6ca7e9ca96fdb"
Content-Type
application/javascript
Content-Length
1286890
Accept-Ranges
bytes
x-amz-version-id
GHVjyfKKvMDjNPvT7T1RqN_VMfTa9kyy
x-amz-id-2
H0tdVwn1XjTV5JvrjsD0hlha49RVDerHPUHaKBHE2DbIaXwROWTxM0YY3xWY62T0IIEH++bbjnU=
frontend.min.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/
146 KB
39 KB
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1580891445
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
4a5e9ddb7de073e40c06c4adf1ac055f3612ea07ca54daedf58d1d4758ab7cd8

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Wed, 05 Feb 2020 08:30:45 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5e3a7d35-246ba"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
iab.min.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/
8 KB
2 KB
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1580891445
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
d06646168f416ecb2c39087699341d4714ef31df7e6014a8d983c5bdb2527fd1

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Wed, 05 Feb 2020 08:30:45 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5e3a7d35-1edd"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
wp-embed.min.js
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-includes/js/
1 KB
1000 B
Script
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-includes/js/wp-embed.min.js?ver=5.3.2
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:24 GMT
content-encoding
gzip
last-modified
Sat, 05 Oct 2019 19:49:10 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5d98f3b6-577"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
application/javascript
status
200
cache-control
public, max-age=30, s-maxage=2592000
analytics.js
www.google-analytics.com/
44 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
5270
date
Fri, 03 Apr 2020 10:38:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
18174
expires
Fri, 03 Apr 2020 12:38:35 GMT
7341.js
script.crazyegg.com/pages/scripts/0034/
0
0
Script
General
Full URL
https://script.crazyegg.com/pages/scripts/0034/7341.js?440532
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
cf-cache-status
HIT
last-modified
Thu, 02 Apr 2020 11:39:56 GMT
server
cloudflare
age
87989
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
410
cache-control
max-age=86400
cf-ray
57e2a9d8fccad721-FRA
content-length
0
olytics.min.js
olytics.omeda.com/olytics/js/v3/p/
256 KB
72 KB
Script
General
Full URL
https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js
Requested by
Host: 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/plugins/hm-olytics-beacon/js/hm-olytics-beacon.js?ver=1.0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS
my.omedastaging.com
Software
Apache /
Resource Hash
591c03fa5d6aeafd8a894846669613efc6fa5103beba00fbada8d2b340039260
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 03 Apr 2020 12:06:33 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Apr 2020 00:50:52 GMT
Server
Apache
ETag
W/"262321-1585875052000"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=21600
Transfer-Encoding
chunked
Accept-Ranges
bytes
vary
accept-encoding
X-XSS-Protection
1; mode=block
Expires
Fri, 03 Apr 2020 18:06:33 GMT
src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

integrator.js
adservice.google.de/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.scmagazine.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.scmagazine.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
104
x-xss-protection
0
pubads_impl_2020032401.js
securepubads.g.doubleclick.net/gpt/
168 KB
62 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
sffe /
Resource Hash
123d4b411f97e36f72e2f44be0b18944489e908ff159f59ab8aba984c69517fe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 24 Mar 2020 13:43:01 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
62966
x-xss-protection
0
expires
Fri, 03 Apr 2020 12:06:25 GMT
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 05 Mar 2020 00:02:28 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:45:55 GMT
server
sffe
age
2549037
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
14044
x-xss-protection
0
expires
Fri, 05 Mar 2021 00:02:28 GMT
chevron-right-white.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src/
190 B
408 B
Image
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src/chevron-right-white.svg
Requested by
Host: 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1576744511
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
8e0da2e2d764c1a202d33dd39287784df8ac6bc20c7401ea14f2d62001292856

Request headers

Referer
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/css/style.min.css?ver=1584149012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
gzip
last-modified
Tue, 17 Dec 2019 09:37:16 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"5df8a1cc-be"
vary
Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
status
200
cache-control
public, max-age=30, s-maxage=2592000
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v16/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Requested by
Host: 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1576744511
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 01 Apr 2020 22:55:16 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:45:54 GMT
server
sffe
age
133869
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
14176
x-xss-protection
0
expires
Thu, 01 Apr 2021 22:55:16 GMT
S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
fonts.gstatic.com/s/lato/v16/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v16/S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
Requested by
Host: 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1576744511
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 05 Mar 2020 02:44:22 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:45:51 GMT
server
sffe
age
2539323
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
14864
x-xss-protection
0
expires
Fri, 05 Mar 2021 02:44:22 GMT
src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
0
0

lio.js
c.lytics.io/api/tag//
40 B
386 B
Script
General
Full URL
https://c.lytics.io/api/tag//lio.js
Requested by
Host: 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1580891445
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6557812bb342a14c23635e24733f11e5752f9807a85053be80b6fbd955a34ed9

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
via
1.1 google
cf-cache-status
HIT
server
cloudflare
age
6169
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
content-encoding
br
cache-control
max-age=7200
cf-ray
57e2a9d96dbb1786-FRA
access-control-allow-origin
*
most-widget
www.scmagazine.com/wp-json/haymarket/v1/
5 KB
2 KB
XHR
General
Full URL
https://www.scmagazine.com/wp-json/haymarket/v1/most-widget?id=most-5
Requested by
Host: 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1580891445
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-250-24.compute-1.amazonaws.com
Software
nginx / WP Engine
Resource Hash
5f809c6f696862d44a02738d736313df5ca26a7747c4813b20f3cdfd88aa8e61
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cacheable
SHORT
x-powered-by
WP Engine
x-cache
HIT: 25
status
200
x-cache-group
normal
access-control-allow-headers
Authorization, Content-Type
allow
GET
server
nginx
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
content-type
application/json; charset=UTF-8
access-control-expose-headers
X-WP-Total, X-WP-TotalPages
cache-control
max-age=600, must-revalidate, s-maxage=2592000
x-robots-tag
noindex
link
<https://www.scmagazine.com/wp-json/>; rel="https://api.w.org/"
/
accounts.haymarketmedia.com/sso/check/
45 B
617 B
XHR
General
Full URL
https://accounts.haymarketmedia.com/sso/check/?gn=106
Requested by
Host: 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1580891445
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.211.216.130 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-211-216-130.compute-1.amazonaws.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
916b46685de3064525220ba828d946e60ab332f5e65c62d7df5fe9877f9c54b2

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
x-aspnetmvc-version
4.0
server
Microsoft-IIS/8.5
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
status
200
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.scmagazine.com
cache-control
private
access-control-allow-credentials
true
content-length
45
js
www.google-analytics.com/gtm/
62 KB
23 KB
Script
General
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-TCMLVLP&t=gtm1&cid=880951314.1585915585
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c68519093d7cd76545ae83315f881aab39b4e190b4f2c867813b5d5436332c70
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
br
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
server
Google Tag Manager
access-control-allow-origin
*
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Cache-Control
content-length
23659
x-xss-protection
0
expires
Fri, 03 Apr 2020 12:06:25 GMT
boomerang.min.js
cdn.feathr.co/js/
113 KB
34 KB
Script
General
Full URL
https://cdn.feathr.co/js/boomerang.min.js
Requested by
Host: 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/plugins/hm-feathr-tool/js/feather-tool.js?ver=1.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2077 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
880dd1410cf9bfe0f45193fe975b05e6915df228c6304d3b8f279f4e2275351c

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 09 Jan 2020 04:21:07 GMT
server
cloudflare
age
5907
etag
W/"875ba0ef01af6581f7677611021de48a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57e2a9d9aeb79760-FRA
x-amz-request-id
CC6861E473FD2264
x-amz-id-2
cSXQLI8MB00FAnnifmKRkukdYCA8s29rUOCugEgJLaJE2cxHLlnpz5cEPNB82Wko+G9TVnhoL/U=
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1775146832&t=pageview&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1290429-10&cid=880951314.1585915585&jid=1767165818&_gid=1976381246.1585915585&gjid=1312709652&_v=j81&z=1909349960
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=880951314.1585915585&jid=1767165818&_v=j81&z=1909349960
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=880951314.1585915585&jid=1767165818&_v=j81&z=1909349960&slf_rd=1&random=2495688024
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=880951314.1585915585&jid=1767165818&_v=j81&z=1909349960&slf_rd=1&random=2495688024
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Apr 2020 12:06:25 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 03 Apr 2020 12:06:25 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=880951314.1585915585&jid=1767165818&_v=j81&z=1909349960&slf_rd=1&random=2495688024
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
406 B
728 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=222972313474354&correlator=3592593041031062&output=ldjh&impl=fif&adsid=NT&eid=44716867&vrg=2020032401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200403&iu_parts=21883553441%2CSkin&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&prev_scp=pos%3D&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D102615%26env%3Dlive%26sid%3DCoronavirus%252CCybercrime%252CMalware%252CMobile_Security%252CRansomware%252CSecurity_News%26cat%3DCoronavirus%252CCybercrime%252CMalware%252CMobile_Security%252CRansomware%26isnht%3Dfalse&cookie_enabled=1&bc=31&abxe=1&lmt=1585915585&dt=1585915585555&dlt=1585915584755&idt=782&frm=20&biw=1585&bih=1200&oid=3&adxs=0&adys=2962&adks=1385187290&ucis=1&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&dssz=49&icsg=2323644416&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x2962&msz=1585x1&ga_vid=880951314.1585915585&ga_sid=1585915586&ga_hid=1775146832&fws=4&ohw=1585&btvi=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
cafe /
Resource Hash
f4177dd7940eea793fa49298c75a145ed29966700f45077647ef448ed2ea06a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
216
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.scmagazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2020032401.js
securepubads.g.doubleclick.net/gpt/
66 KB
24 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
sffe /
Resource Hash
0290a012deb1b25451f5211d8cb8b40d8fa6f3942d23ecc12d96670e4c0ed7a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 24 Mar 2020 13:43:01 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
24573
x-xss-protection
0
expires
Fri, 03 Apr 2020 12:06:25 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/
0
0
Other
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

ads
securepubads.g.doubleclick.net/gampad/
7 KB
3 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=222972313474354&correlator=3592593041031062&output=ldjh&impl=fif&adsid=NT&eid=44716867&vrg=2020032401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200403&iu_parts=21883553441%2CPrestitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&prev_scp=pos%3D&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D102615%26env%3Dlive%26sid%3DCoronavirus%252CCybercrime%252CMalware%252CMobile_Security%252CRansomware%252CSecurity_News%26cat%3DCoronavirus%252CCybercrime%252CMalware%252CMobile_Security%252CRansomware%26isnht%3Dfalse&cookie_enabled=1&bc=31&abxe=1&lmt=1585915585&dt=1585915585565&dlt=1585915584755&idt=782&frm=20&biw=1585&bih=1200&oid=3&adxs=0&adys=2963&adks=1753008912&ucis=2&ifi=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&dssz=50&icsg=2323644416&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x2963&msz=1585x1&ga_vid=880951314.1585915585&ga_sid=1585915586&ga_hid=1775146832&fws=4&ohw=1585&btvi=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
cafe /
Resource Hash
5e8bfb02c6d330cc9887b984c706db94aafce605a1cb5d05ac9bac77ef22ce7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
2844
x-xss-protection
0
google-lineitem-id
5339436138
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138308376520
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.scmagazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
up_loader.1.1.0.js
js.adsrvr.org/
4 KB
2 KB
Script
General
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.94.29 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-94-29.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 03 Apr 2020 01:16:34 GMT
Content-Encoding
gzip
Last-Modified
Mon, 13 Jan 2020 19:16:48 GMT
Server
AmazonS3
Age
46737
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/x-javascript
Via
1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
X-Amz-Cf-Pop
FRA50-C1
Connection
keep-alive
X-Amz-Cf-Id
sEK5y8FmQl-hKqtu9INbZfyOixZhDs2vhdpQmUzW--RlHDvrwe3CKg==
insight.min.js
snap.licdn.com/li.lms-analytics/
3 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:39e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 03 Apr 2020 12:06:25 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=66851
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
init-131xlxqjsfx7lh82dpc.js
api.b2c.com/api/
12 KB
5 KB
Script
General
Full URL
https://api.b2c.com/api/init-131xlxqjsfx7lh82dpc.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHZ6C39
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f14:e96:5802:dcc1:9a65:ce8d:a47f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
4943644570f20244e42e807fdabc3d11c04594b17ca6f628f2de75543af1ac16

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Fri, 03 Apr 2020 12:06:26 GMT
content-encoding
gzip
server
openresty
content-type
text/javascript
status
200
cache-control
no-cache, no-store, must-revalidate
expires
-1
dpm_00fd4b4549a1094aae926ef62e9dbd3cdcc2e456.min.js
s.dpmsrv.com/
107 KB
38 KB
Script
General
Full URL
https://s.dpmsrv.com/dpm_00fd4b4549a1094aae926ef62e9dbd3cdcc2e456.min.js
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.97.40 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-97-40.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f04e142a312cc60fc9bafd85e3dd67ad8cd6ca28f4ebf77a9c62e3e1872d6c93

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Thu, 02 Apr 2020 19:33:21 GMT
Content-Encoding
gzip
Last-Modified
Tue, 25 Feb 2020 16:30:12 GMT
Server
AmazonS3
Age
59585
ETag
"a6de55794f80705064671cc01598f1a2"
X-Cache
Hit from cloudfront
Content-Type
application/x-javascript
Via
1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA50-C1
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
38003
X-Amz-Cf-Id
OW8i7gs8lAZKqLPRsJVh2HaRL21n1wJhn2H0E-hpJF3LukhAh7W1qA==
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-cov...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68780%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity-news%2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-cov...
0
63 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&time=1585915585580&liSync=true
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 03 Apr 2020 12:06:26 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
0aCAqNJNAhaw+ahNiCsAAA==

Redirect headers

date
Fri, 03 Apr 2020 12:06:25 GMT
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action
1
status
302
strict-transport-security
max-age=2592000
content-length
0
x-xss-protection
1; mode=block
server
Play
pragma
no-cache
x-li-pop
prod-efr5
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options
sameorigin
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid
wao9nNJNAhbAsWQM1CoAAA==
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&time=1585915585580&liSync=true
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto
http/2
x-li-fabric
prod-lor1
expires
Thu, 01 Jan 1970 00:00:00 GMT
integrations
polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/
54 B
387 B
XHR
General
Full URL
https://polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/integrations
Requested by
Host: cdn.feathr.co
URL: https://cdn.feathr.co/js/boomerang.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.22.20.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-22-20-103.compute-1.amazonaws.com
Software
nginx/1.15.10 /
Resource Hash
68795cb80606f19d4ec0d92744af85048164f53500ad9535229c470fe24fe28a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
server
nginx/1.15.10
status
200
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
GET, POST, PUT, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length
54
refresh
marco.feathr.co/v1/
43 B
583 B
Image
General
Full URL
https://marco.feathr.co/v1/refresh
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.73.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-73-22.fra2.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amz-apigw-id
KaL-SEBUIAMF_ng=
x-amzn-requestid
052fa0d9-0c34-49bb-8e1f-18b649960f78
access-control-allow-methods
*
content-type
image/gif
status
200
x-amzn-trace-id
Root=1-5e8726c1-ac7ec366256557a4c70c3f7a;Sampled=0
x-cache
Miss from cloudfront
access-control-allow-origin
*
content-length
43
x-amz-cf-id
LRdnkGrXBdOToT28GynZksIoIUkNuwu-cqcdukaI71N9QtlWgiXy7Q==
access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key
truncated
/ Frame F297
211 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
508e623c0e5b23f8bcda5d1dca261a5229968ad7ef50f6f4c880170dab7a8a91

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
osd.js
www.googletagservices.com/activeview/js/current/
74 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c7c6430070f3f1f2f426c9d1cc1096a85880df46a13effd2e6f2c3cc51e03e3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1585759507325766"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
27920
x-xss-protection
0
expires
Fri, 03 Apr 2020 12:06:25 GMT
imgad
tpc.googlesyndication.com/pagead/
Redirect Chain
  • https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss5fN4wYbX9eh8nrmQXFxoF4PfmN9l0fPczGs_5wQ1vzSFQLtQgIPpBKcjYg03Fm3ndxojY53AHGZW53g3RRRxt0i1_fxYJXpBewVXq4eNg2WLeIqsHV8RU3pVQw9V6Rrz9xvDzlDZtR...
  • https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDn5vzuURABGAEyCIpg8wtxFUxf&b2s=false
226 KB
227 KB
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDn5vzuURABGAEyCIpg8wtxFUxf&b2s=false
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f1b47041dccbe06b5f4ea1a15ccfc55d5e9cf670fd054751cababe75142c2633
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 02 Apr 2020 23:27:59 GMT
x-content-type-options
nosniff
server
cafe
age
45506
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
public, max-age=604800
content-type
image/jpeg
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
231725
x-xss-protection
0
expires
Thu, 09 Apr 2020 23:27:59 GMT

Redirect headers

date
Fri, 03 Apr 2020 12:06:25 GMT
x-content-type-options
nosniff
content-type
text/html; charset=UTF-8
server
cafe
access-control-allow-origin
*
location
https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDn5vzuURABGAEyCIpg8wtxFUxf&b2s=false
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
B23930244.270774553;dc_pre=CI_9gfmbzOgCFbrDuwgdZrMCPQ;dc_trk_aid=465774920;dc_trk_cid=130306048;ord=709913250;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N510001.130598SCMAGAZINEUS2/
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N510001.130598SCMAGAZINEUS2/B23930244.270774553;dc_trk_aid=465774920;dc_trk_cid=130306048;ord=709913250;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
  • https://ad.doubleclick.net/ddm/trackimp/N510001.130598SCMAGAZINEUS2/B23930244.270774553;dc_pre=CI_9gfmbzOgCFbrDuwgdZrMCPQ;dc_trk_aid=465774920;dc_trk_cid=130306048;ord=709913250;dc_lat=;dc_rdid=;ta...
42 B
120 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/trackimp/N510001.130598SCMAGAZINEUS2/B23930244.270774553;dc_pre=CI_9gfmbzOgCFbrDuwgdZrMCPQ;dc_trk_aid=465774920;dc_trk_cid=130306048;ord=709913250;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.6 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s20-in-f6.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Apr 2020 12:06:25 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 03 Apr 2020 12:06:25 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://ad.doubleclick.net/ddm/trackimp/N510001.130598SCMAGAZINEUS2/B23930244.270774553;dc_pre=CI_9gfmbzOgCFbrDuwgdZrMCPQ;dc_trk_aid=465774920;dc_trk_cid=130306048;ord=709913250;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
index.php
a.dpmsrv.com/dpmpxl/
Redirect Chain
  • https://ib.adnxs.com/getuid?https://a.dpmsrv.com/dpmpxl/index.php?id=$UID&q%3DxImp%26v%3D1.x%26cl%3D1122%26pixelIndex%3D0%26r%3D391474%26tzOffset%3D-120%26url%3Dhttps%253A%252F%252Fwww.scmagazine.c...
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fa.dpmsrv.com%2Fdpmpxl%2Findex.php%3Fid%3D%24UID%26q%253DxImp%2526v%253D1.x%2526cl%253D1122%2526pixelIndex%253D0%2526r%253D391474%2526tzOffset%2...
  • https://a.dpmsrv.com/dpmpxl/index.php?id=4463431617475281923&q=xImp&v=1.x&cl=1122&pixelIndex=0&r=391474&tzOffset=-120&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fco...
249 B
951 B
Script
General
Full URL
https://a.dpmsrv.com/dpmpxl/index.php?id=4463431617475281923&q=xImp&v=1.x&cl=1122&pixelIndex=0&r=391474&tzOffset=-120&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&_=1585915585703
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.175.86.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-175-86-40.compute-1.amazonaws.com
Software
/
Resource Hash
c8bb3b9353ff0833a5882a92a1d6f76c3e6fe1fcbdc356e489ffa682d797275c

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Content-Encoding
gzip
Access-Control-Max-Age
10
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
text/javascript
Access-Control-Allow-Headers
content-type, accept
Content-Length
218
Expires
0

Redirect headers

Pragma
no-cache
Date
Fri, 03 Apr 2020 12:06:27 GMT
AN-X-Request-Uuid
159c1264-aa77-4838-a268-9f0027e34209
Content-Type
text/html; charset=utf-8
Server
nginx/1.13.4
Location
https://a.dpmsrv.com/dpmpxl/index.php?id=4463431617475281923&q=xImp&v=1.x&cl=1122&pixelIndex=0&r=391474&tzOffset=-120&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&_=1585915585703
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
85.159.237.67; 85.159.237.67; 307.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.42:80
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
0
0
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

timing-allow-origin
*
date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
etag
14040473416781760607
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
private, max-age=3600
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
expires
Fri, 03 Apr 2020 12:06:25 GMT
olytics
oqs.omeda.com/oqs/rest/
0
470 B
XHR
General
Full URL
https://oqs.omeda.com/oqs/rest/olytics
Requested by
Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.180.130.165 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Access-Control-Request-Method
POST
Origin
https://www.scmagazine.com
Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Fri, 03 Apr 2020 12:06:26 GMT
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain
Access-Control-Allow-Origin
*
Access-Control-Max-Age
600
Access-Control-Allow-Headers
Access-Control-Request-Headers, Content-Type, Origin, Accept, Accept-Encoding, Accept-Language, HOST, User-Agent, Access-Control-Request-Method, Access-Control-Max-Age
Content-Length
0
X-XSS-Protection
1; mode=block
script.js
polo.feathr.co/v1/analytics/match/
290 B
675 B
Script
General
Full URL
https://polo.feathr.co/v1/analytics/match/script.js?pk=feathr
Requested by
Host: cdn.feathr.co
URL: https://cdn.feathr.co/js/boomerang.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.22.20.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-22-20-103.compute-1.amazonaws.com
Software
nginx/1.15.10 /
Resource Hash
ecb514f9b61338b08639019a27bc01cc5c5b28536025a1d5d4aaa7c831ce10d2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:26 GMT
server
nginx/1.15.10
access-control-allow-origin
*
etag
"5e8726c1dc5dff00088131d0"
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
GET, POST, PUT, OPTIONS
content-type
text/javascript
status
200
cache-control
no-cache, max-age=0
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length
290
pixel.js
polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/
32 B
399 B
Script
General
Full URL
https://polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/pixel.js?pk=feathr
Requested by
Host: cdn.feathr.co
URL: https://cdn.feathr.co/js/boomerang.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.22.20.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-22-20-103.compute-1.amazonaws.com
Software
nginx/1.15.10 /
Resource Hash
eacfa4f711eaca1336ff82619c8a2d310dec11266d594fbc7e5a91259cebf848
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:26 GMT
server
nginx/1.15.10
access-control-allow-origin
*
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
GET, POST, PUT, OPTIONS
content-type
text/javascript
status
200
cache-control
must-revalidate, max-age=14400
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length
32
gpt.js
www.googletagservices.com/tag/js/
0
0
Fetch
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

date
Fri, 03 Apr 2020 12:06:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"475 / 24 of 1000 / last-modified: 1585899490"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
expires
Fri, 03 Apr 2020 12:06:25 GMT
ad.gif
api-52-26-12-4.b2c.com/api/
43 B
233 B
Image
General
Full URL
https://api-52-26-12-4.b2c.com/api/ad.gif
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f14:e96:5800:4201:2bf9:d06:e4dd Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 03 Apr 2020 12:06:26 GMT
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
openresty
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
index.php
a.dpmsrv.com/dpmpxl/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=datapoint_dmp&google_cm&ap_id=4463431617475281923&pixelIndex=0&_=1585915585704
  • https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=4463431617475281923&pixelIndex=0&_=1585915585704&google_gid=CAESEOjB5ylVUcvfJ1mO0-ICcUA&google_cver=1
0
575 B
Script
General
Full URL
https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=4463431617475281923&pixelIndex=0&_=1585915585704&google_gid=CAESEOjB5ylVUcvfJ1mO0-ICcUA&google_cver=1
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.175.86.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-175-86-40.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Access-Control-Max-Age
10
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
text/javascript
Access-Control-Allow-Headers
content-type, accept
Content-Length
0
Expires
0

Redirect headers

pragma
no-cache
date
Fri, 03 Apr 2020 12:06:26 GMT
server
HTTP server (unknown)
location
https://a.dpmsrv.com/dpmpxl/index.php?q=dfp&ap_id=4463431617475281923&pixelIndex=0&_=1585915585704&google_gid=CAESEOjB5ylVUcvfJ1mO0-ICcUA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
368
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
423396.gif
idsync.rlcdn.com/
0
40 B
Image
General
Full URL
https://idsync.rlcdn.com/423396.gif?partner_uid=4463431617475281923
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.72.21 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
21.72.190.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

status
204
date
Fri, 03 Apr 2020 12:06:26 GMT
via
1.1 google
alt-svc
clear
match
polo-v1.feathr.co/v1/analytics/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5e8726c1dc5dff00088131d0&gdpr=0
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5e8726c1dc5dff00088131d0&gdpr=0
  • https://polo-v1.feathr.co/v1/analytics/match?f_id=5e8726c1dc5dff00088131d0&ttd_id=e4b22886-6360-4a36-9f45-35488a93b13d
43 B
404 B
Image
General
Full URL
https://polo-v1.feathr.co/v1/analytics/match?f_id=5e8726c1dc5dff00088131d0&ttd_id=e4b22886-6360-4a36-9f45-35488a93b13d
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.22.20.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-22-20-103.compute-1.amazonaws.com
Software
nginx/1.15.10 /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 03 Apr 2020 12:06:26 GMT
server
nginx/1.15.10
access-control-allow-origin
*
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
GET, POST, PUT, OPTIONS
content-type
image/gif
status
200
cache-control
max-age=0,no-cache,no-store
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length
43

Redirect headers

pragma
no-cache
date
Fri, 03 Apr 2020 12:06:26 GMT
x-aspnet-version
4.0.30319
location
https://polo-v1.feathr.co/v1/analytics/match?f_id=5e8726c1dc5dff00088131d0&ttd_id=e4b22886-6360-4a36-9f45-35488a93b13d
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status
302
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
267
crumb
polo.feathr.co/v1/analytics/
43 B
403 B
Image
General
Full URL
https://polo.feathr.co/v1/analytics/crumb?cb=1585915586265&a_id=5c2d2a2366bba411c7d26e37&f_id=5e8726c1dc5dff00088131d0&ses_id=5e8726c15d688559ab170d05&flvr=page_view&loc_url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&s_w=1600&s_h=1200&b_w=1600&b_h=1200&cust_params=e30=
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.22.20.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-22-20-103.compute-1.amazonaws.com
Software
nginx/1.15.10 /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 12:06:26 GMT
server
nginx/1.15.10
access-control-allow-origin
*
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
GET, POST, PUT, OPTIONS
content-type
image/gif
status
200
cache-control
max-age=0,no-cache,no-store
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length
43
4
api-52-26-12-4.b2c.com/api/
Redirect Chain
  • https://api-52-26-12-4.b2c.com/api/x?0C892Ewuexpu6Cbb$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL25ld3MtYXJjaGl2ZS9jb3JvbmF2aXJ1cy9wYXNzd29yZC1mb3VuZC10by1yZXNjdWUtdmljdGl...
  • https://api-52-26-12-4.b2c.com:444/api/4?0C892Ewuexpu6Cbb
0
-1 B
XHR
General
Full URL
https://api-52-26-12-4.b2c.com:444/api/4?0C892Ewuexpu6Cbb
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f14:e96:5800:4201:2bf9:d06:e4dd Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 03 Apr 2020 12:06:26 GMT
Server
openresty
Access-Control-Allow-Origin
https://www.scmagazine.com
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/html
Location
https://api-52-26-12-4.b2c.com:444/api/4?0C892Ewuexpu6Cbb
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
142

Redirect headers

Date
Fri, 03 Apr 2020 12:06:26 GMT
Server
openresty
Location
https://api-52-26-12-4.b2c.com:444/api/4?0C892Ewuexpu6Cbb
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/html
Access-Control-Allow-Origin
https://www.scmagazine.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
142
olytics
oqs.omeda.com/oqs/rest/
15 B
307 B
XHR
General
Full URL
https://oqs.omeda.com/oqs/rest/olytics
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.180.130.165 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS
Software
Apache /
Resource Hash
754c94388315799ee1eb0338fa7163a26d71dcb96c7767c14bcb7cd7d1901fc9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

Date
Fri, 03 Apr 2020 12:06:27 GMT
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
sodar
pagead2.googlesyndication.com/getconfig/
7 KB
5 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020032401&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7dba85f37de7e53df0515c9b7bd72a909576b39e712249ba580caf3cc53928a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 03 Apr 2020 12:06:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5196
x-xss-protection
0
up
insight.adsrvr.org/track/ Frame 7960
0
0
Document
General
Full URL
https://insight.adsrvr.org/track/up?adv=znpsh7f&ref=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&upid=e4qkh98&upv=1.1.0
Requested by
Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.51.196.250 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-46-51-196-250.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
insight.adsrvr.org
:scheme
https
:path
/track/up?adv=znpsh7f&ref=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&upid=e4qkh98&upv=1.1.0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
TDID=e4b22886-6360-4a36-9f45-35488a93b13d; TDCPM=CAEYBSABKAIyCwiygYynxfSrOBAFOAE.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/

Response headers

status
200
date
Fri, 03 Apr 2020 12:06:26 GMT
content-type
text/html
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
src.svg
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/
33 KB
10 KB
XHR
General
Full URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Requested by
Host: 3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1580891445
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
866e74600600f8647c979414828f3538d646101dc8504de84c2ed00e30460811

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 03 Apr 2020 12:06:26 GMT
content-encoding
gzip
last-modified
Tue, 17 Dec 2019 09:37:16 GMT
server
NetDNA-cache/2.2
status
200
etag
W/"5df8a1cc-8317"
vary
Accept-Encoding, Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=30, s-maxage=2592000
collect
www.google-analytics.com/
35 B
102 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&a=1775146832&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&ul=en-us&de=UTF-8&dt=Password%20found%20to%20rescue%20victims%20of%20malicious%20COVID-19%20tracker%20app&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Scroll%20Depth&ea=%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&el=25%25&ev=25&_u=aGDAAAADQ~&jid=&gjid=&cid=880951314.1585915585&tid=UA-1290429-10&_gid=1976381246.1585915585&gtm=2wg3p1MHZ6C39&z=606859900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Thu, 05 Mar 2020 02:58:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2538493
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/
14 KB
5 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
5456
x-xss-protection
0
expires
Fri, 03 Apr 2020 12:06:26 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 2E29
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 03 Apr 2020 11:40:42 GMT
expires
Sat, 03 Apr 2021 11:40:42 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1544
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
index.php
a.dpmsrv.com/dpmpxl/
5 B
1005 B
Script
General
Full URL
https://a.dpmsrv.com/dpmpxl/index.php?q=xSeg&v=1.x&ep%5Bids%5D=20986004&cl=1122&pixelIndex=0&r=818053&tzOffset=-120&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&id=4463431617475281923&_=1585915585705
Requested by
Host: s.dpmsrv.com
URL: https://s.dpmsrv.com/dpm_00fd4b4549a1094aae926ef62e9dbd3cdcc2e456.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.175.86.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-175-86-40.compute-1.amazonaws.com
Software
/
Resource Hash
fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
no-cache
Content-Encoding
gzip
Access-Control-Max-Age
10
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
text/javascript
Access-Control-Allow-Headers
content-type, accept
Content-Length
31
Expires
0
seg
ib.adnxs.com/
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/seg?member=827&add=20986004
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.223.210 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
307.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Fri, 03 Apr 2020 12:06:28 GMT
AN-X-Request-Uuid
13772200-07d1-4d4e-9f1a-6fe2a19b1921
Content-Type
image/gif
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
85.159.237.67; 85.159.237.67; 307.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.141:80
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
58 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020032401&jk=222972313474354&bg=!dHeld29Y5Gg19roxm1cCAAAAOVIAAAAJmQFeXTXB2nJNKWKiUhTYSvngBsCnGAws8VYHE5uz9jyMmlTtaUGXuADMVaHkpbEyVlNxbfml0I3Pff6L3ktH2I4Qc26_lGG1gSuqHspMuLr0Ft-SdTGZY03_lO6QNUed2kmpXyX_XFeVz_Wyro9YepzLCcwRikHa1ZkH2gD70N-2LW3gAjF-ZKPz0hKi3kZosAjM6oizB6se5NRSpAUX-kRi87E1oWRyzM_1Kqw2JQ87ybPOb8tHNIl_kOpZkOK4BsBCjvoeshrpRuFsVX5F9W9wB-MArQM8QjYF5N36Em80w6x4Cml9BiJcKZWpHqkXd4bWAy8QOwFQwm-COB53YUzpQyNqJrrOaZRCwHdTeppy9oEcNbknC34j0V4w8x1wOAAjh6xjcj2wig5infk5hyWTN3FUIxWM5Z_O3NBvO9b0xm_n93RE3gfGqVTMTKEYXYxxWuklb5wI6exO0NhwpbM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 03 Apr 2020 12:06:26 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
x
api-52-26-12-4.b2c.com/api/
0
388 B
Other
General
Full URL
https://api-52-26-12-4.b2c.com/api/x?0C892Ewuexpu6Cbb$YWRibG9jayQ1NDEkMA
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f14:e96:5800:4201:2bf9:d06:e4dd Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Fri, 03 Apr 2020 12:06:27 GMT
Server
openresty
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.scmagazine.com
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Expires
-1
p
olytics.omeda.com/olytics/segments/
0
521 B
XHR
General
Full URL
https://olytics.omeda.com/olytics/segments/p
Requested by
Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS
my.omedastaging.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://www.scmagazine.com
Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Fri, 03 Apr 2020 12:06:35 GMT
Server
Apache
vary
Access-Control-Request-Headers,Access-Control-Request-Headers,access-control-request-method
Access-Control-Allow-Methods
HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin
*
Access-Control-Max-Age
1800
Access-Control-Allow-Headers
access-control-max-age,accept-language,origin,x-requested-with,access-control-request-headers,host,content-type,access-control-request-method,accept-encoding,accept,user-agent
Content-Length
0
/
olytics.omeda.com/olytics/segments/form/check/
0
521 B
XHR
General
Full URL
https://olytics.omeda.com/olytics/segments/form/check/
Requested by
Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS
my.omedastaging.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://www.scmagazine.com
Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Fri, 03 Apr 2020 12:06:35 GMT
Server
Apache
vary
Access-Control-Request-Headers,Access-Control-Request-Headers,access-control-request-method
Access-Control-Allow-Methods
HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin
*
Access-Control-Max-Age
1800
Access-Control-Allow-Headers
access-control-max-age,accept-language,origin,x-requested-with,access-control-request-headers,host,content-type,access-control-request-method,accept-encoding,accept,user-agent
Content-Length
0
4
api-52-26-12-4.b2c.com/api/
43 B
441 B
XHR
General
Full URL
https://api-52-26-12-4.b2c.com:444/api/4?0C892Ewuexpu6Cbb
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.12.4 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-12-4.us-west-2.compute.amazonaws.com
Software
openresty /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
null
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 03 Apr 2020 12:06:27 GMT
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
openresty
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
null
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
43
Expires
-1
ads
securepubads.g.doubleclick.net/gampad/
16 KB
5 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=222972313474354&correlator=3592593041031062&output=ldjh&impl=fif&adsid=NT&eid=21064502%2C44716867&vrg=2020032401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200403&iu_parts=21883553441%2CLeaderboard&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x250&prev_scp=pos%3Dleaderboard1&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D102615%26env%3Dlive%26sid%3DCoronavirus%252CCybercrime%252CMalware%252CMobile_Security%252CRansomware%252CSecurity_News%26cat%3DCoronavirus%252CCybercrime%252CMalware%252CMobile_Security%252CRansomware%26isnht%3Dfalse&cookie=ID%3D6b5f95ec53ab5d97%3AT%3D1585915585%3AS%3DALNI_MYicggazmSXa2cEugnISiPWNXxeHA&cookie_enabled=1&bc=31&abxe=1&lmt=1585915587&dt=1585915587274&dlt=1585915584755&idt=782&frm=20&biw=1585&bih=1200&oid=3&adxs=193&adys=202&adks=490734277&ucis=3&ifi=3&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&dssz=61&icsg=2379411881988&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1200x106&msz=1200x90&psts=AKB7eCKavm0y-7DFBxajSnt_l1rf%2CAKB7eCKJsa5uNzUF2WPBX7VAOehdczytzOyQShL-YMfU5F3fYNeNq7Xjgw7w353n_dk6gm7LH2Yc6Dll4Rr15Rc&ga_vid=880951314.1585915585&ga_sid=1585915586&ga_hid=1775146832&fws=4&ohw=1585&btvi=0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
cafe /
Resource Hash
cc5eab16db7cd93e48f407916cc52ca20e6b28a33c6ad580337aaaea7901b9b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 03 Apr 2020 12:06:27 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
4489
x-xss-protection
0
google-lineitem-id
5316231304
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138304720149
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.scmagazine.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003171848440/ Frame E1C2
200 KB
56 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f9fd34967713bfb93d2edcf4eac2d5436be891f32f6c80a09b17c42b0246a004
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
9359
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55861
x-xss-protection
0
server
sffe
date
Fri, 03 Apr 2020 09:30:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"66e23296f665ec26"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Apr 2021 09:30:28 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003171848440/ Frame E1C2
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f9fd34967713bfb93d2edcf4eac2d5436be891f32f6c80a09b17c42b0246a004
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
9359
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55861
x-xss-protection
0
server
sffe
date
Fri, 03 Apr 2020 09:30:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"66e23296f665ec26"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Apr 2021 09:30:28 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012003171848440/v0/ Frame E1C2
92 KB
28 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003171848440/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d61b6fa5a24a2cc4b7aa62a2a6271a13800b99d30016c4e09f38cf47f8490ea3
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
9347
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28362
x-xss-protection
0
server
sffe
date
Fri, 03 Apr 2020 09:30:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"6205ff224420b8da"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Apr 2021 09:30:40 GMT
truncated
/ Frame E1C2
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e659980974553514973bb81b81f9961affcee17fb148110adfe8f1a90266a3fc

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012003171848440/
20 KB
8 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003171848440/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
064282bdfcb1d589a67f8940076741fd9b90c43baaae421a71a5a96a226b9e71
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
9213
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
7178
x-xss-protection
0
server
sffe
date
Fri, 03 Apr 2020 09:32:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"8728c2475be0528f"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Apr 2021 09:32:54 GMT
7163262657316980773
tpc.googlesyndication.com/simgad/ Frame E1C2
28 KB
29 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/7163262657316980773
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c5ae643db6a152f9345a9d650bdc4be324a563cb15098891212fa86dc58753cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 16:14:42 GMT
x-content-type-options
nosniff
age
2058705
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
29085
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 19:59:08 GMT
server
sffe
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 10 Mar 2021 16:14:42 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame E1C2
0
65 B
Image
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst7aEZwR8u6pOM42S4Sa6AhvNZDkacEl6UrkD9PKl7KFe5x-rfA4EkLDM8nfapk6DxDm3HCuqC3gfr9OQ_fEz1jT_R2IXNthj9YfsPwHIb2jfNJHsD69-Qu6enR62ODjrlIBl1uFresXqk7jyGxc7cRP_2lU8AlvYAPxrr3l_e1n515a7of18aHsQ9xIuWizEDHguYKNMNnp_0hCAk5g2l5IONn19oM1J8RsY9pxJ2HT_rgPyZ3WekpBYumSi-6mfyT0D_q8Pw&sig=Cg0ArKJSzJQtPOGIkEH4EAE&adurl=
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 12:06:27 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
l
www.google.com/ads/measurement/ Frame E1C2
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRc5T8EY0qz6g6boWy4AgxODS3cRcgIyAxsaf2HhLKlHT0OU6evB3Ot2cHCgsWaYBExJZm7Su-EfPpHIw02uDnekiAkfA
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

p
olytics.omeda.com/olytics/segments/
20 B
313 B
XHR
General
Full URL
https://olytics.omeda.com/olytics/segments/p
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS
my.omedastaging.com
Software
Apache /
Resource Hash
a8e427db11a8744bebbcdfd050f7b9d0a84b5a1754d086f1787c40db21955264
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

Date
Fri, 03 Apr 2020 12:06:35 GMT
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
/
olytics.omeda.com/olytics/segments/form/check/
20 B
313 B
XHR
General
Full URL
https://olytics.omeda.com/olytics/segments/form/check/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.180.130.159 Chicago, United States, ASN53866 (QTS-AS, US),
Reverse DNS
my.omedastaging.com
Software
Apache /
Resource Hash
a8e427db11a8744bebbcdfd050f7b9d0a84b5a1754d086f1787c40db21955264
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

Date
Fri, 03 Apr 2020 12:06:35 GMT
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
7163262657316980773
tpc.googlesyndication.com/simgad/ Frame E1C2
28 KB
28 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/7163262657316980773
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c5ae643db6a152f9345a9d650bdc4be324a563cb15098891212fa86dc58753cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 10 Mar 2020 16:14:42 GMT
x-content-type-options
nosniff
age
2058705
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
29085
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 19:59:08 GMT
server
sffe
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 10 Mar 2021 16:14:42 GMT
ads
securepubads.g.doubleclick.net/gampad/
16 KB
4 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=222972313474354&correlator=3592593041031062&output=ldjh&impl=fif&adsid=NT&eid=21064502%2C44716867&vrg=2020032401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200403&iu_parts=21883553441%2CLeaderboard&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x250&prev_scp=pos%3Dleaderboard2%26lid%3D5316231304&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D102615%26env%3Dlive%26sid%3DCoronavirus%252CCybercrime%252CMalware%252CMobile_Security%252CRansomware%252CSecurity_News%26cat%3DCoronavirus%252CCybercrime%252CMalware%252CMobile_Security%252CRansomware%26isnht%3Dfalse&cookie=ID%3D6b5f95ec53ab5d97%3AT%3D1585915585%3AS%3DALNI_MYicggazmSXa2cEugnISiPWNXxeHA&cookie_enabled=1&bc=31&abxe=1&lmt=1585915588&dt=1585915588412&dlt=1585915584755&idt=782&frm=20&biw=1585&bih=1200&oid=3&adxs=429&adys=2528&adks=2588316086&ucis=4&ifi=4&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&dssz=61&icsg=2379411881988&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x2310&msz=1585x90&psts=AKB7eCKavm0y-7DFBxajSnt_l1rf%2CAKB7eCKJsa5uNzUF2WPBX7VAOehdczytzOyQShL-YMfU5F3fYNeNq7Xjgw7w353n_dk6gm7LH2Yc6Dll4Rr15Rc%2CAKB7eCIR9F2UaMZreCaXwXlWQmGCfJsGhT6nAhhIWi4IaoDWfXVT49kavCs1HghUGeA1vrIEq9tfatqms_5o3BI&ga_vid=880951314.1585915585&ga_sid=1585915586&ga_hid=1775146832&fws=4&ohw=1585&btvi=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
cafe /
Resource Hash
424c308c6df6fabbc6709adae5150b9da4f843402830917069c6c417cdb222a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 03 Apr 2020 12:06:28 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
4486
x-xss-protection
0
google-lineitem-id
5316231304
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138304744601
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.scmagazine.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003171848440/ Frame 402C
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f9fd34967713bfb93d2edcf4eac2d5436be891f32f6c80a09b17c42b0246a004
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
9360
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55861
x-xss-protection
0
server
sffe
date
Fri, 03 Apr 2020 09:30:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"66e23296f665ec26"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Apr 2021 09:30:28 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003171848440/ Frame 402C
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f9fd34967713bfb93d2edcf4eac2d5436be891f32f6c80a09b17c42b0246a004
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
9360
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55861
x-xss-protection
0
server
sffe
date
Fri, 03 Apr 2020 09:30:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"66e23296f665ec26"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Apr 2021 09:30:28 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012003171848440/v0/ Frame 402C
92 KB
28 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003171848440/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d61b6fa5a24a2cc4b7aa62a2a6271a13800b99d30016c4e09f38cf47f8490ea3
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
9348
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28362
x-xss-protection
0
server
sffe
date
Fri, 03 Apr 2020 09:30:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"6205ff224420b8da"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Apr 2021 09:30:40 GMT
truncated
/ Frame 402C
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
15ae787886cf0c7f7441c508f314a7c6c238745513d0b2d6246dc33547244e8d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
13165993228982257041
tpc.googlesyndication.com/simgad/ Frame 402C
24 KB
24 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/13165993228982257041
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2f282bd7cd05c705683fdeb3cf3b41d1a770e8ed5146260b63067b7a4326357
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 05 Mar 2020 03:11:58 GMT
x-content-type-options
nosniff
age
2537670
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
24427
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 20:22:11 GMT
server
sffe
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 05 Mar 2021 03:11:58 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 402C
0
48 B
Image
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssTCy-OoaNG6SeTT4_sEX62uj2IBd63ls-vx33RP-4qBoeJf0HOcZD6W2PcDF4Ijqm6-3nuqHRBRhkpQhWVWA1nDnCrensyRioQd2nJ411HAAH_EpqgqLCqbg36wo2AdSybr3L7wgSXHatTfScb9hYotNnm41jEcJPfdSWacWYtmSaQ8ZzR7Cm2CnvGkN0MNGjMi0wbypZGQ1Gzsam15wdU8fjOFKt3VIG7n3oJhnx9mw4C2SScLfA7CJOJpT0tBc2PHEBW21Q&sig=Cg0ArKJSzPLadFHICN0AEAE&adurl=
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 12:06:28 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
l
www.google.com/ads/measurement/ Frame 402C
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTWoy0l4y7FlXFH9N0QLMgv6eiAqDYob5B1NEbxup3XQ9Gf_ZqNqZiYf0QOLtfqWBW2FDH8N2eSLsLD8wPMAAenQzXKuQ
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

activeview
pagead2.googlesyndication.com/pcs/ Frame E1C2
42 B
110 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst67NaYdUrMnigU8iv9foZGejgZo3FzLZZr0k93h2oS56NzngDtasOdR6qCfrTnuFa6Slwdj55MkLg7i5pfiuS_KtXB8zZHtyngj7qel8Q&sig=Cg0ArKJSzMDL4or4JMvoEAE&id=ampim&o=429,202&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=98&tls=1098&g=100&h=100&tt=1098&r=v&adk=490734277&avms=ampa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 03 Apr 2020 12:06:28 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
13165993228982257041
tpc.googlesyndication.com/simgad/ Frame 402C
24 KB
24 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/13165993228982257041
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2f282bd7cd05c705683fdeb3cf3b41d1a770e8ed5146260b63067b7a4326357
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 05 Mar 2020 03:11:58 GMT
x-content-type-options
nosniff
age
2537670
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
24427
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 20:22:11 GMT
server
sffe
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 05 Mar 2021 03:11:58 GMT
ads
securepubads.g.doubleclick.net/gampad/
16 KB
4 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=222972313474354&correlator=3592593041031062&output=ldjh&impl=fif&adsid=NT&eid=21064502%2C44716867&vrg=2020032401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200403&iu_parts=21883553441%2CBox&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600%7C300x1050&prev_scp=pos%3Dbox1%26lid%3D5316231304&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D102615%26env%3Dlive%26sid%3DCoronavirus%252CCybercrime%252CMalware%252CMobile_Security%252CRansomware%252CSecurity_News%26cat%3DCoronavirus%252CCybercrime%252CMalware%252CMobile_Security%252CRansomware%26isnht%3Dfalse&cookie=ID%3D6b5f95ec53ab5d97%3AT%3D1585915585%3AS%3DALNI_MYicggazmSXa2cEugnISiPWNXxeHA&cookie_enabled=1&bc=31&abxe=1&lmt=1585915589&dt=1585915589492&dlt=1585915584755&idt=782&frm=20&biw=1585&bih=1200&oid=3&adxs=1053&adys=759&adks=607498164&ucis=5&ifi=5&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&dssz=60&icsg=2379411881988&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x283&msz=300x250&psts=AKB7eCKavm0y-7DFBxajSnt_l1rf%2CAKB7eCKJsa5uNzUF2WPBX7VAOehdczytzOyQShL-YMfU5F3fYNeNq7Xjgw7w353n_dk6gm7LH2Yc6Dll4Rr15Rc%2CAKB7eCIR9F2UaMZreCaXwXlWQmGCfJsGhT6nAhhIWi4IaoDWfXVT49kavCs1HghUGeA1vrIEq9tfatqms_5o3BI%2CAKB7eCLUnSW5QfAEUAXXZFK_DkGY6Pxok0-xGx96gE4cIee0elDYNrU0YmHzDDEC1VF7kB6u-q_UmtbqfNArHLs&ga_vid=880951314.1585915585&ga_sid=1585915586&ga_hid=1775146832&fws=4&ohw=1585&btvi=0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
cafe /
Resource Hash
40fae710b28d4d60b2d06bb9302f66e893948cb50973fceb1cf4cc3a524871ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 03 Apr 2020 12:06:29 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
4464
x-xss-protection
0
google-lineitem-id
5316231304
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138304720020
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.scmagazine.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003171848440/ Frame 3C04
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f9fd34967713bfb93d2edcf4eac2d5436be891f32f6c80a09b17c42b0246a004
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
9361
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55861
x-xss-protection
0
server
sffe
date
Fri, 03 Apr 2020 09:30:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"66e23296f665ec26"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Apr 2021 09:30:28 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012003171848440/ Frame 3C04
200 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f9fd34967713bfb93d2edcf4eac2d5436be891f32f6c80a09b17c42b0246a004
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
9361
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
55861
x-xss-protection
0
server
sffe
date
Fri, 03 Apr 2020 09:30:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"66e23296f665ec26"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Apr 2021 09:30:28 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012003171848440/v0/ Frame 3C04
92 KB
28 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012003171848440/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d61b6fa5a24a2cc4b7aa62a2a6271a13800b99d30016c4e09f38cf47f8490ea3
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
9349
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28362
x-xss-protection
0
server
sffe
date
Fri, 03 Apr 2020 09:30:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"6205ff224420b8da"
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Apr 2021 09:30:40 GMT
truncated
/ Frame 3C04
209 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3d3056731d047b3234ae05c7ad873dd8680bdc7919b7c77968000560312c60fa

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
15589356930874882127
tpc.googlesyndication.com/simgad/ Frame 3C04
28 KB
28 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/15589356930874882127
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
346b2e6f83cdb1479df2c3c14a6252c1b613309f4b06c2158e7a4c7967c826e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 05 Mar 2020 07:26:50 GMT
x-content-type-options
nosniff
age
2522379
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28204
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 20:22:33 GMT
server
sffe
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 05 Mar 2021 07:26:50 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 3C04
0
48 B
Image
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstx0-13z4PbkJglCctqwRuhOS-oLNzsCUesTyalJdwJX8w9ahpYn-aSSm6T74Fli7u4eXn7hzH6GTbN8ec1Ppdjquikj19vDOLBTXd4BsTIB04hZ-2wlgOOykC248eJIA0lPo4xcQw9WNUyisJmhsmd06cj7WjIE3aiVOVbG9SJc6NL7QcqoaDnyoYT8iqsBVUPu6_769WMObUyKcayfH-D4GoTZ6JsPGCOYM8AHfi1CWKs7jgezf-9TYvlCWjV7PA4YA&sig=Cg0ArKJSzHdj0HFmiTrtEAE&adurl=
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 12:06:29 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
l
www.google.com/ads/measurement/ Frame 3C04
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQQGOfm67WdEv-DOxkRzZivQ7v92h5nwxS-BlidcWU1spZiuIEVHhl5iQtY6pbiSdNM00H0prgFvJDcbeoaJgglYDJq3w
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

15589356930874882127
tpc.googlesyndication.com/simgad/ Frame 3C04
28 KB
28 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/15589356930874882127
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
346b2e6f83cdb1479df2c3c14a6252c1b613309f4b06c2158e7a4c7967c826e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 05 Mar 2020 07:26:50 GMT
x-content-type-options
nosniff
age
2522379
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28204
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 20:22:33 GMT
server
sffe
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 05 Mar 2021 07:26:50 GMT
ads
securepubads.g.doubleclick.net/gampad/
4 KB
2 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=222972313474354&correlator=3592593041031062&output=ldjh&impl=fif&adsid=NT&eid=21064502%2C44716867&vrg=2020032401&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200403&iu_parts=21883553441%2CBox&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&prev_scp=pos%3Dbox2%26lid%3D5316231304&eri=1&cust_params=pagetype%3Dpost%26author%3DBradley%2520Barth%26postID%3D102615%26env%3Dlive%26sid%3DCoronavirus%252CCybercrime%252CMalware%252CMobile_Security%252CRansomware%252CSecurity_News%26cat%3DCoronavirus%252CCybercrime%252CMalware%252CMobile_Security%252CRansomware%26isnht%3Dfalse&cookie=ID%3D6b5f95ec53ab5d97%3AT%3D1585915585%3AS%3DALNI_MYicggazmSXa2cEugnISiPWNXxeHA&cookie_enabled=1&bc=31&abxe=1&lmt=1585915590&dt=1585915590571&dlt=1585915584755&idt=782&frm=20&biw=1585&bih=1200&oid=3&adxs=1053&adys=1683&adks=1048971383&ucis=6&ifi=6&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F&dssz=60&icsg=2379411881988&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x283&msz=300x250&psts=AKB7eCKavm0y-7DFBxajSnt_l1rf%2CAKB7eCKJsa5uNzUF2WPBX7VAOehdczytzOyQShL-YMfU5F3fYNeNq7Xjgw7w353n_dk6gm7LH2Yc6Dll4Rr15Rc%2CAKB7eCJ0155AwNgE5tJGI9mGOVh3xultfMs59z3oC3ii71RijGPQOCKe5qTCtH0bOrggP3Vh5OuUjbq1Wjmabrc%2CAKB7eCIR9F2UaMZreCaXwXlWQmGCfJsGhT6nAhhIWi4IaoDWfXVT49kavCs1HghUGeA1vrIEq9tfatqms_5o3BI%2CAKB7eCLUnSW5QfAEUAXXZFK_DkGY6Pxok0-xGx96gE4cIee0elDYNrU0YmHzDDEC1VF7kB6u-q_UmtbqfNArHLs&ga_vid=880951314.1585915585&ga_sid=1585915586&ga_hid=1775146832&fws=4&ohw=1585&btvi=4
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
cafe /
Resource Hash
ea80ac9fe137cb895ff3a68131a34f151699ac0e81c7426b34b000578dd0723b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 03 Apr 2020 12:06:30 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
2178
x-xss-protection
0
google-lineitem-id
5247876202
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138298244635
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.scmagazine.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 084B
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv02UzG8JVbNDJ8R7873DvIlDfe1rAZ_MU1YgyChyt3bnNskAjKBZk6e_dtNyJdd8Y15Dp5I-FaIOTWzbHdNA2PEtl57MA74uv_CKnl1asZD_ZBny5M8k5fhDjd8my--XMZCXSFGSkptEKNYyckQQ8waJs5GllHQh9lwJyI3RwspNzd-wx2rQ89opKyV5Itp_8hxyQvnoH85vmDraYeWRPpoeOjxA6m3iqDE7Ekcwdq_MJLKPdhZnBFzElS7s-NqYeKOQ&sig=Cg0ArKJSzDvwoPjuNIh-EAE&urlfix=1&adurl=
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

timing-allow-origin
*
date
Fri, 03 Apr 2020 12:06:30 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
dcmads.js
www.googletagservices.com/dcm/ Frame 084B
4 KB
2 KB
Script
General
Full URL
https://www.googletagservices.com/dcm/dcmads.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc0069dab5b1c410fc8bb1a109f8ceb4792e4780bbe7ea9e969662a7d6e49915
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 11:18:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 24 Oct 2019 14:04:48 GMT
server
sffe
age
2879
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=3600
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
2032
x-xss-protection
0
expires
Fri, 03 Apr 2020 12:18:31 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 084B
74 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020032401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7485b48525748adc0ca3a0cf9c6f9dd0bf5d01f0e6ee6b7cd0e2acf1fb0b9b8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1585759507325766"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28224
x-xss-protection
0
expires
Fri, 03 Apr 2020 12:06:30 GMT
impl_v55.js
www.googletagservices.com/dcm/ Frame 084B
22 KB
9 KB
Script
General
Full URL
https://www.googletagservices.com/dcm/impl_v55.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0ec7c1eac6e0f82237b25ed509bf0e48b3cd7f9d989e8e8cac94e8b39edcca46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 10:18:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 21 Oct 2019 14:05:29 GMT
server
sffe
age
6470
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
9535
x-xss-protection
0
expires
Sat, 03 Apr 2021 10:18:40 GMT
B23394980.262586449;dc_ver=55.153;sz=300x250;u_sd=1;dc_adk=1575238846;ord=nklve0;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsts08bPdUD47pVGNY_DZV9K2G_GclxZZ__C-HQ5_PVx...
ad.doubleclick.net/ddm/adj/N510001.130598SCMAGAZINEUS1/ Frame 084B
26 KB
13 KB
Script
General
Full URL
https://ad.doubleclick.net/ddm/adj/N510001.130598SCMAGAZINEUS1/B23394980.262586449;dc_ver=55.153;sz=300x250;u_sd=1;dc_adk=1575238846;ord=nklve0;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsts08bPdUD47pVGNY_DZV9K2G_GclxZZ__C-HQ5_PVxX23RHCxIIACQ9dSLWWjX2NwlEPvoDh9HMg5TVlSWvH236ctAUAaLnl7BxwKG0WM_hiohdPH9q6YoXOwFe7vCvf1G83Zx1eWKVs-p3XpfNcirobM256pv3mI64Gs9ypV4fbpDMLK50Gzn5OFvkvuj_MVTnBJRR3JZCxacIW4bsTDVFro_Acl_W51kiCyt4YjTxnUN0dEQ1ZxI1YPWrKGWIg%26sig%3DCg0ArKJSzADddw8Y8FT2EAE%26urlfix%3D1%26adurl%3D;dc_rfl=1,https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F$0;xdt=0;crlt=gqEGddkmPY;osda=2;sttr=10;prcl=s?
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v55.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.6 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s20-in-f6.1e100.net
Software
cafe /
Resource Hash
09f294d4a68ba778591ddaf4dbb7da04080e0d2c74ff85ea9cd0b04edc18ab52
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Fri, 03 Apr 2020 12:06:30 GMT
content-encoding
br
x-content-type-options
nosniff
content-type
text/javascript; charset=UTF-8
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
12784
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 3C04
42 B
110 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvyh7nv4lQa-4oRZBcWM9HN6jZKO7MQ1qc-pxJLkP1dt3A8Wss8WLqtq1oRofqKR9Tzl5V123WP3A9oNEniVh7AtDjRcTv7qN5lhsUpjeY&sig=Cg0ArKJSzEUThebmuZpQEAE&id=ampim&o=1053,759&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=89&tls=1089&g=100&h=100&tt=1089&r=v&adk=607498164&avms=ampa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 03 Apr 2020 12:06:30 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
lidar.js
www.googletagservices.com/activeview/js/current/ Frame 084B
75 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/lidar.js?cache=r20110914
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N510001.130598SCMAGAZINEUS1/B23394980.262586449;dc_ver=55.153;sz=300x250;u_sd=1;dc_adk=1575238846;ord=nklve0;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsts08bPdUD47pVGNY_DZV9K2G_GclxZZ__C-HQ5_PVxX23RHCxIIACQ9dSLWWjX2NwlEPvoDh9HMg5TVlSWvH236ctAUAaLnl7BxwKG0WM_hiohdPH9q6YoXOwFe7vCvf1G83Zx1eWKVs-p3XpfNcirobM256pv3mI64Gs9ypV4fbpDMLK50Gzn5OFvkvuj_MVTnBJRR3JZCxacIW4bsTDVFro_Acl_W51kiCyt4YjTxnUN0dEQ1ZxI1YPWrKGWIg%26sig%3DCg0ArKJSzADddw8Y8FT2EAE%26urlfix%3D1%26adurl%3D;dc_rfl=1,https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F$0;xdt=0;crlt=gqEGddkmPY;osda=2;sttr=10;prcl=s?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
24d5b70f6e46cd077b08e9b0096ee8d8d6b300f03297865ee2bdd50270ea98eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 12:06:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1585759507325766"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
27833
x-xss-protection
0
expires
Fri, 03 Apr 2020 12:06:30 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 084B
0
119 B
Other
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstBaQ0LNtymAexbzPe9UOxmMvPE79kMtnfPwaogyXWBQRtPqjwvPmaVqbpgJs7_4ffY1O5apluRfhJXbF_Mm1xYlvOjhT8QgydvHVUsk9L1Mid9rs76f6bXHlid9lrTOjpni-rdGJbC8IwqLyme&sig=Cg0ArKJSzDnfwOzD2NS9EAE&urlfix=1&omid=0&rm=1&ctpt=3&cstd=1&cisv=r20200401.80179&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N510001.130598SCMAGAZINEUS1/B23394980.262586449;dc_ver=55.153;sz=300x250;u_sd=1;dc_adk=1575238846;ord=nklve0;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsts08bPdUD47pVGNY_DZV9K2G_GclxZZ__C-HQ5_PVxX23RHCxIIACQ9dSLWWjX2NwlEPvoDh9HMg5TVlSWvH236ctAUAaLnl7BxwKG0WM_hiohdPH9q6YoXOwFe7vCvf1G83Zx1eWKVs-p3XpfNcirobM256pv3mI64Gs9ypV4fbpDMLK50Gzn5OFvkvuj_MVTnBJRR3JZCxacIW4bsTDVFro_Acl_W51kiCyt4YjTxnUN0dEQ1ZxI1YPWrKGWIg%26sig%3DCg0ArKJSzADddw8Y8FT2EAE%26urlfix%3D1%26adurl%3D;dc_rfl=1,https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F$0;xdt=0;crlt=gqEGddkmPY;osda=2;sttr=10;prcl=s?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 03 Apr 2020 12:06:30 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 084B
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N510001.130598SCMAGAZINEUS1/B23394980.262586449;dc_ver=55.153;sz=300x250;u_sd=1;dc_adk=1575238846;ord=nklve0;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsts08bPdUD47pVGNY_DZV9K2G_GclxZZ__C-HQ5_PVxX23RHCxIIACQ9dSLWWjX2NwlEPvoDh9HMg5TVlSWvH236ctAUAaLnl7BxwKG0WM_hiohdPH9q6YoXOwFe7vCvf1G83Zx1eWKVs-p3XpfNcirobM256pv3mI64Gs9ypV4fbpDMLK50Gzn5OFvkvuj_MVTnBJRR3JZCxacIW4bsTDVFro_Acl_W51kiCyt4YjTxnUN0dEQ1ZxI1YPWrKGWIg%26sig%3DCg0ArKJSzADddw8Y8FT2EAE%26urlfix%3D1%26adurl%3D;dc_rfl=1,https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F$0;xdt=0;crlt=gqEGddkmPY;osda=2;sttr=10;prcl=s?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 10:18:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6463
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Apr 2021 10:18:47 GMT
02242020-100647812-banners_b_300x250-new.jpg
s0.2mdn.net/9736922/ Frame 084B
59 KB
59 KB
Image
General
Full URL
https://s0.2mdn.net/9736922/02242020-100647812-banners_b_300x250-new.jpg
Requested by
Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
23cc1afa79dbdc3a6d101aab8decfd8637ddbfa2e857fd85544b2facdccd3e79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 05:17:02 GMT
x-content-type-options
nosniff
last-modified
Mon, 24 Feb 2020 18:06:47 GMT
server
sffe
age
24568
content-type
image/jpeg
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=86400
accept-ranges
bytes
access-control-allow-origin
*
content-length
60146
x-xss-protection
0
expires
Sat, 04 Apr 2020 05:17:02 GMT
truncated
/ Frame 084B
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
99616366fbec7077c22c943ae48e682619c107d050aaa5cd373c4e56d3281769

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame ADFB
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
timing-allow-origin
*
content-length
8395
date
Fri, 03 Apr 2020 10:18:29 GMT
expires
Sat, 03 Apr 2021 10:18:29 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
6481
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
view
googleads4.g.doubleclick.net/pcs/ Frame 084B
0
57 B
Other
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstBaQ0LNtymAexbzPe9UOxmMvPE79kMtnfPwaogyXWBQRtPqjwvPmaVqbpgJs7_4ffY1O5apluRfhJXbF_Mm1xYlvOjhT8QgydvHVUsk9L1Mid9rs76f6bXHlid9lrTOjpni-rdGJbC8IwqLyme&sig=Cg0ArKJSzDnfwOzD2NS9EAE&urlfix=1&omid=0&rm=1&ctpt=51&vt=11&dtpt=48&dett=2&cstd=1&cisv=r20200401.80179&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N510001.130598SCMAGAZINEUS1/B23394980.262586449;dc_ver=55.153;sz=300x250;u_sd=1;dc_adk=1575238846;ord=nklve0;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsts08bPdUD47pVGNY_DZV9K2G_GclxZZ__C-HQ5_PVxX23RHCxIIACQ9dSLWWjX2NwlEPvoDh9HMg5TVlSWvH236ctAUAaLnl7BxwKG0WM_hiohdPH9q6YoXOwFe7vCvf1G83Zx1eWKVs-p3XpfNcirobM256pv3mI64Gs9ypV4fbpDMLK50Gzn5OFvkvuj_MVTnBJRR3JZCxacIW4bsTDVFro_Acl_W51kiCyt4YjTxnUN0dEQ1ZxI1YPWrKGWIg%26sig%3DCg0ArKJSzADddw8Y8FT2EAE%26urlfix%3D1%26adurl%3D;dc_rfl=1,https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fnews-archive%2Fcoronavirus%2Fpassword-found-to-rescue-victims-of-malicious-covid-19-tracker-app%2F$0;xdt=0;crlt=gqEGddkmPY;osda=2;sttr=10;prcl=s?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
Origin
https://www.scmagazine.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 03 Apr 2020 12:06:30 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436
Domain
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
URL
https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1576575436

Verdicts & Comments Add Verdict or Comment

122 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate number| pamEnabled object| hmAds object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga undefined| $ function| jQuery function| cookie string| method object| olytics object| a function| UtilityMove object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| googletag function| hmHeaderLoginState object| dfpAdSlots object| mapping object| adSlotsConfig object| allowedSlots string| hmHomeUrl string| hmAccountUrl object| hmRegisteredAds boolean| hmAdsLazyload number| hmAdsActiveRefresh boolean| hmDmdAimEnabled boolean| hmProclivityEnabled boolean| hmAdsActiveRefreshAll boolean| hmAdsCommentsHouse boolean| hmAdsBoxReposition boolean| hmAdsLytics number| hmAdsPrestitialCooldown object| adSlots number| adDebug object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken object| hm_feathr object| hmOlytics object| hm_localize object| hm_gated object| TenUp object| liosetup object| jstag object| hmAuthNoncePromise function| disqus_config object| hmRegisterPrompt function| hmSetLyticsData object| adblockDetector object| pageVars object| wp function| webpackJsonp object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| maropostInitTracking string| name_funnel function| _132510 string| name_funnel1 function| _13251 function| feathr function| FeathrBoomerang object| google_optimize number| google_srt undefined| google_measure_js_timing number| __google_ad_urls_id number| google_unique_id function| retry function| isIE10OrLater function| detectPrivateMode string| _linkedin_data_partner_id function| lintrk boolean| _already_called_lintrk undefined| feathr_account_id object| __feathrs function| __feathr function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter object| ampInaboxIframes object| ampInaboxPendingMessages object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired boolean| initialized function| ttd_dom_ready function| TTDUniversalPixelApi function| Dpxl object| dpmPixels object| jQuery1111004208144885343379 function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| JSON3 function| normalize function| __$PP object| dataLayerService function| HMIRegistration object| GoogleGcLKhOms object| google_image_requests object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| AMP

11 Cookies

Domain/Path Name / Value
.scmagazine.com/ Name: oly_anon_id
Value: %22F-acda3a2e-dc64-4240-b673-57e6383ab5fd%22
.scmagazine.com/ Name: oly_enc_id
Value: null
www.scmagazine.com/ Name: dpm_url_count
Value: 1
.scmagazine.com/ Name: __gads
Value: ID=6b5f95ec53ab5d97:T=1585915585:S=ALNI_MYicggazmSXa2cEugnISiPWNXxeHA
.www.scmagazine.com/ Name: feathr_session_id
Value: 5e8726c15d688559ab170d05
www.scmagazine.com/ Name: prestitial_shown
Value: 1
.scmagazine.com/ Name: _ga
Value: GA1.2.880951314.1585915585
.scmagazine.com/ Name: _gat_UA-1290429-10
Value: 1
www.scmagazine.com/ Name: hmSsoCheck
Value: true
.scmagazine.com/ Name: _gid
Value: GA1.2.1976381246.1585915585
www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app Name: hasLiveRampMatch
Value: true

11 Console Messages

Source Level URL
Text
console-api log URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1
console-api log URL: https://c.lytics.io/api/tag//lio.js(Line 1)
Message:
Missing required params.
console-api log URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js(Line 1)
Message:
olytics fire called
console-api log URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1580891445(Line 1)
Message:
[ABD] start beginTest
console-api log URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1580891445(Line 1)
Message:
[ABD] adding bait node to DOM
console-api log URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1580891445(Line 1)
Message:
[ABD] start beginTest
console-api log URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1580891445(Line 1)
Message:
[ABD] adding bait node to DOM
console-api log URL: https://3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1580891445(Line 1)
Message:
[ABD] exiting test loop - value: false
console-api info URL: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js(Line 407)
Message:
Powered by AMP ⚡ HTML – Version 2003171848440 https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
console-api info URL: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js(Line 407)
Message:
Powered by AMP ⚡ HTML – Version 2003171848440 https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/
console-api info URL: https://cdn.ampproject.org/rtv/012003171848440/amp4ads-v0.js(Line 407)
Message:
Powered by AMP ⚡ HTML – Version 2003171848440 https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
a.dpmsrv.com
accounts.haymarketmedia.com
ad.doubleclick.net
adservice.google.com
adservice.google.de
api-52-26-12-4.b2c.com
api.b2c.com
c.lytics.io
cdn.ampproject.org
cdn.feathr.co
cm.g.doubleclick.net
content.maropost.com
fonts.googleapis.com
fonts.gstatic.com
googleads4.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
insight.adsrvr.org
js.adsrvr.org
marco.feathr.co
match.adsrvr.org
olytics.omeda.com
oqs.omeda.com
pagead2.googlesyndication.com
polo-v1.feathr.co
polo.feathr.co
px.ads.linkedin.com
s.dpmsrv.com
s0.2mdn.net
s3.amazonaws.com
script.crazyegg.com
securepubads.g.doubleclick.net
snap.licdn.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
www.scmagazine.com
3nc2bv3lji21khc3stzk0z17-wpengine.netdna-ssl.com
108.161.188.228
13.225.73.22
143.204.94.29
143.204.97.40
172.217.18.98
185.33.223.210
204.180.130.159
204.180.130.165
216.58.206.6
216.58.207.66
2600:1f14:e96:5800:4201:2bf9:d06:e4dd
2600:1f14:e96:5802:dcc1:9a65:ce8d:a47f
2600:9000:20eb:d400:a:1779:3180:93a1
2606:4700:20::681a:216
2606:4700:3036::6812:2077
2606:4700::6813:9408
2a00:1450:4001:808::2001
2a00:1450:4001:808::2003
2a00:1450:4001:814::2003
2a00:1450:4001:815::2006
2a00:1450:4001:817::200e
2a00:1450:4001:818::200a
2a00:1450:4001:819::2002
2a00:1450:4001:81d::2002
2a00:1450:4001:81d::2008
2a00:1450:4001:81e::2004
2a00:1450:400c:c0b::9c
2a02:26f0:10c:39e::25ea
2a05:f500:10:101::b93f:9101
2a05:f500:11:101::b93f:9005
3.211.216.130
34.197.250.24
35.175.86.40
35.190.72.21
46.51.196.250
52.216.248.206
52.22.20.103
52.26.12.4
99.81.223.179
00d23e8a12aecc900ddea762314f70b11d1cae07fad025158c697b7c055b167e
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b
0290a012deb1b25451f5211d8cb8b40d8fa6f3942d23ecc12d96670e4c0ed7a5
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b
064282bdfcb1d589a67f8940076741fd9b90c43baaae421a71a5a96a226b9e71
09f294d4a68ba778591ddaf4dbb7da04080e0d2c74ff85ea9cd0b04edc18ab52
0c7e4012cb73f8c0836fa8aee34bb0da2250b5af84d0c4a1959d60764597f05a
0ec7c1eac6e0f82237b25ed509bf0e48b3cd7f9d989e8e8cac94e8b39edcca46
123d4b411f97e36f72e2f44be0b18944489e908ff159f59ab8aba984c69517fe
15ae787886cf0c7f7441c508f314a7c6c238745513d0b2d6246dc33547244e8d
19aa6c614f72f6bb67cb17a6169ca551686c2bab5475293c95880f5f32cd830e
1b79426177f0c17d98c2ffe3aee5403f1f2a50b85d7177080cd06cfc37e2a300
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
21aa2f360d3db72a42ff3fc73c4ed3b59cb0663821099fc8dcd54e7b82a1c75b
23cc1afa79dbdc3a6d101aab8decfd8637ddbfa2e857fd85544b2facdccd3e79
24d5b70f6e46cd077b08e9b0096ee8d8d6b300f03297865ee2bdd50270ea98eb
33fe4fe8214760f15a5fdd753b5c396ee5b916e5d6f66f79d4765ed260706723
346b2e6f83cdb1479df2c3c14a6252c1b613309f4b06c2158e7a4c7967c826e5
3d3056731d047b3234ae05c7ad873dd8680bdc7919b7c77968000560312c60fa
40fae710b28d4d60b2d06bb9302f66e893948cb50973fceb1cf4cc3a524871ba
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
424c308c6df6fabbc6709adae5150b9da4f843402830917069c6c417cdb222a9
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4943644570f20244e42e807fdabc3d11c04594b17ca6f628f2de75543af1ac16
4a5e9ddb7de073e40c06c4adf1ac055f3612ea07ca54daedf58d1d4758ab7cd8
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d3e9dbf75d761b4fc344b3be601971eb517ce533c7ce46e093539e03349616e
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
508e623c0e5b23f8bcda5d1dca261a5229968ad7ef50f6f4c880170dab7a8a91
579a9beff0c400b8b0e87f99d32c3ec8b2b3232232d6ac63438434a0a0d7a8b7
59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a
591c03fa5d6aeafd8a894846669613efc6fa5103beba00fbada8d2b340039260
5dfb849a3b8bcf3e07184092c4cc99a9f08f27f01e5de41a871d3ee8750303bd
5e8bfb02c6d330cc9887b984c706db94aafce605a1cb5d05ac9bac77ef22ce7e
5f809c6f696862d44a02738d736313df5ca26a7747c4813b20f3cdfd88aa8e61
6451cee0b08779f930ed6e5abb3fcc22426d37474965112b826c26c83255e74b
6557812bb342a14c23635e24733f11e5752f9807a85053be80b6fbd955a34ed9
68795cb80606f19d4ec0d92744af85048164f53500ad9535229c470fe24fe28a
7485b48525748adc0ca3a0cf9c6f9dd0bf5d01f0e6ee6b7cd0e2acf1fb0b9b8c
754c94388315799ee1eb0338fa7163a26d71dcb96c7767c14bcb7cd7d1901fc9
7ad20336a8307853dc49274515b01a6e154c0028e23f3868ca19b5934accfffc
7dba85f37de7e53df0515c9b7bd72a909576b39e712249ba580caf3cc53928a0
828a9b7392d22c3f9dfaabb21b2e9c640df68c5035c01daf47a95a9d95f7b9d5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84fe87df0041db87059cf9c0c269909ea90f7c2d6d14cf048db79734f9f31858
866e74600600f8647c979414828f3538d646101dc8504de84c2ed00e30460811
880dd1410cf9bfe0f45193fe975b05e6915df228c6304d3b8f279f4e2275351c
88b8c776fc89926dc0cc65d4a48d474bfe7f8f37924e799573ed0fff5193b0f2
8e0da2e2d764c1a202d33dd39287784df8ac6bc20c7401ea14f2d62001292856
90a260084cfdf97ada7a8e0650eb310a4206d79f1b3a53225d2b9053cc9e4c13
90bedfa7bbd2bb58b7f47611a77feaf852c117ed7e344885cdb34f7df940658f
916b46685de3064525220ba828d946e60ab332f5e65c62d7df5fe9877f9c54b2
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99616366fbec7077c22c943ae48e682619c107d050aaa5cd373c4e56d3281769
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
a3326bcc413a9b2f40f263dc4fb4c5f9ef9a0907acf1bd60eb112cd8bbf7e814
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
a8e427db11a8744bebbcdfd050f7b9d0a84b5a1754d086f1787c40db21955264
abb1dd7905b3797711e15609800d43cabead4c0358dc0030a1932a20e82a37d7
ad6110f575081c4de945f980ccf2e045737f164ad2a3d294daffd192f7a5c914
b1dee28cc772eb1903b9c309483167354c1054136ccf16ef18908b2eecd4b980
c5ae643db6a152f9345a9d650bdc4be324a563cb15098891212fa86dc58753cc
c68519093d7cd76545ae83315f881aab39b4e190b4f2c867813b5d5436332c70
c7c6430070f3f1f2f426c9d1cc1096a85880df46a13effd2e6f2c3cc51e03e3f
c8bb3b9353ff0833a5882a92a1d6f76c3e6fe1fcbdc356e489ffa682d797275c
cc0069dab5b1c410fc8bb1a109f8ceb4792e4780bbe7ea9e969662a7d6e49915
cc5eab16db7cd93e48f407916cc52ca20e6b28a33c6ad580337aaaea7901b9b7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cffef365e4b53f1a6e9d33a7d42c0d1542b573360f774069589240f75f0e84f1
d06646168f416ecb2c39087699341d4714ef31df7e6014a8d983c5bdb2527fd1
d61b6fa5a24a2cc4b7aa62a2a6271a13800b99d30016c4e09f38cf47f8490ea3
d73d2bc9d03f69bdb9442501cd9c5616699768f2716a71695aca92acfe91df12
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f
e2f282bd7cd05c705683fdeb3cf3b41d1a770e8ed5146260b63067b7a4326357
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e659980974553514973bb81b81f9961affcee17fb148110adfe8f1a90266a3fc
e828282e92509efc0f7bc57888382c5816bd403e0abbb685eda5c4372cc7daa5
ea80ac9fe137cb895ff3a68131a34f151699ac0e81c7426b34b000578dd0723b
eacfa4f711eaca1336ff82619c8a2d310dec11266d594fbc7e5a91259cebf848
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ecb514f9b61338b08639019a27bc01cc5c5b28536025a1d5d4aaa7c831ce10d2
ece5f25bbc643556099a200aa2df5c428d74048e55db71c1880afd1adcb425a9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f04e142a312cc60fc9bafd85e3dd67ad8cd6ca28f4ebf77a9c62e3e1872d6c93
f1b47041dccbe06b5f4ea1a15ccfc55d5e9cf670fd054751cababe75142c2633
f4177dd7940eea793fa49298c75a145ed29966700f45077647ef448ed2ea06a2
f9fd34967713bfb93d2edcf4eac2d5436be891f32f6c80a09b17c42b0246a004
fbc45fe018830de401f0cf801177a57d0039bc72d922b8ff2c82af7af05dd32b
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382