blogs.juniper.net Open in urlscan Pro
44.230.249.41 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Submission: On October 12 via api (October 12th 2020, 3:12:35 pm UTC) from US

Summary HTTP 158 Redirects Links 125 Behaviour Indicators

Summary

This website contacted 28 IPs in 6 countries across 25 domains to perform 158 HTTP transactions. The main IP is 44.230.249.41, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is blogs.juniper.net.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on February 5th 2020. Valid for: 2 years.

This is the only time blogs.juniper.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
49	44.230.249.41 44.230.249.41	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:f1:... 2a02:26f0:f1:292::720	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:824::200a	15169 (GOOGLE) (GOOGLE)
26	2a02:26f0:10c... 2a02:26f0:10c:5b1::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.49.47.228 52.49.47.228	16509 (AMAZON-02) (AMAZON-02)
3	99.86.243.24 99.86.243.24	16509 (AMAZON-02) (AMAZON-02)
1	99.86.243.10 99.86.243.10	16509 (AMAZON-02) (AMAZON-02)
1	13.225.78.67 13.225.78.67	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	52.50.67.81 52.50.67.81	16509 (AMAZON-02) (AMAZON-02)
2	15.236.175.233 15.236.175.233	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1	52.213.168.74 52.213.168.74	16509 (AMAZON-02) (AMAZON-02)
4	99.86.243.85 99.86.243.85	16509 (AMAZON-02) (AMAZON-02)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	185.33.221.11 185.33.221.11	29990 (ASN-APPNEX) (ASN-APPNEX)
1	13.225.78.54 13.225.78.54	16509 (AMAZON-02) (AMAZON-02)
6	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1 1	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
8	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
8	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
4	34.200.205.48 34.200.205.48	14618 (AMAZON-AES) (AMAZON-AES)
5	143.204.94.44 143.204.94.44	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:819::2008	15169 (GOOGLE) (GOOGLE)
2	99.86.243.100 99.86.243.100	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:814::2002	15169 (GOOGLE) (GOOGLE)
2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
4	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:81b::2003	15169 (GOOGLE) (GOOGLE)
158	28

49 44.230.249.41 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-230-249-41.us-west-2.compute.amazonaws.com

blogs.juniper.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:f1:292::720 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

www.juniper.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a02:26f0:10c:5b1::1e80 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.47.228 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-47-228.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.243.24 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-243-24.vie50.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.243.10 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-243-10.vie50.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.67 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-67.fra2.r.cloudfront.net

api.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.67.81 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-67-81.eu-west-1.compute.amazonaws.com

junipernetworks.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.175.233 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-175-233.eu-west-3.compute.amazonaws.com

junipernetworks.d2.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.213.168.74 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-168-74.eu-west-1.compute.amazonaws.com

junipernetworks.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.86.243.85 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-243-85.vie50.r.cloudfront.net

secure.rmulus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.11 (Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.54 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-54.fra2.r.cloudfront.net

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:234:59:254c:406:2366:268c (United States) 1 redirects

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.200.205.48 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-205-48.compute-1.amazonaws.com

lookups.rmulus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 143.204.94.44 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-94-44.fra50.r.cloudfront.net

research.juniper.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.243.100 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-243-100.vie50.r.cloudfront.net

collect.rmulus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland)

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	juniper.net blogs.juniper.net www.juniper.net research.juniper.net	4 MB
26	adobedtm.com assets.adobedtm.com	115 KB
10	rmulus.com secure.rmulus.com lookups.rmulus.com collect.rmulus.com	37 KB
9	twitter.com 1 redirects platform.twitter.com analytics.twitter.com	2 KB
8	t.co t.co	1 KB
6	facebook.net connect.facebook.net	274 KB
4	google.de www.google.de	733 B
4	google.com www.google.com	294 B
4	doubleclick.net googleads.g.doubleclick.net	7 KB
4	ads-twitter.com static.ads-twitter.com	8 KB
4	gstatic.com fonts.gstatic.com	57 KB
3	facebook.com www.facebook.com	361 B
3	omtrdc.net junipernetworks.d2.sc.omtrdc.net junipernetworks.tt.omtrdc.net	1 KB
3	trustarc.com consent.trustarc.com	31 KB
3	demdex.net dpm.demdex.net junipernetworks.demdex.net	2 KB
2	linkedin.com px.ads.linkedin.com	107 B
2	googleadservices.com www.googleadservices.com	23 KB
2	googletagmanager.com www.googletagmanager.com	73 KB
2	bing.com bat.bing.com	9 KB
2	adnxs.com 2 redirects secure.adnxs.com	2 KB
2	demandbase.com scripts.demandbase.com api.demandbase.com	3 KB
1	ml-api.io attr.ml-api.io	484 B
1	ml-attr.com 1 redirects s.ml-attr.com	277 B
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	googleapis.com fonts.googleapis.com	3 KB
158	25

	Domain	Requested by
49	blogs.juniper.net	blogs.juniper.net www.juniper.net
26	assets.adobedtm.com	blogs.juniper.net assets.adobedtm.com
8	t.co	research.juniper.net
8	analytics.twitter.com	platform.twitter.com static.ads-twitter.com
6	connect.facebook.net	assets.adobedtm.com connect.facebook.net blogs.juniper.net
5	research.juniper.net	secure.rmulus.com research.juniper.net
4	www.google.de	research.juniper.net
4	www.google.com	research.juniper.net
4	googleads.g.doubleclick.net	www.googleadservices.com
4	lookups.rmulus.com	secure.rmulus.com
4	static.ads-twitter.com	assets.adobedtm.com blogs.juniper.net
4	secure.rmulus.com	assets.adobedtm.com secure.rmulus.com
4	fonts.gstatic.com	blogs.juniper.net
3	www.facebook.com	connect.facebook.net
3	consent.trustarc.com	assets.adobedtm.com consent.trustarc.com
2	px.ads.linkedin.com	research.juniper.net
2	www.googleadservices.com	www.googletagmanager.com
2	collect.rmulus.com	research.juniper.net
2	www.googletagmanager.com	research.juniper.net
2	bat.bing.com	assets.adobedtm.com
2	secure.adnxs.com	2 redirects
2	junipernetworks.d2.sc.omtrdc.net	assets.adobedtm.com blogs.juniper.net
2	dpm.demdex.net	assets.adobedtm.com blogs.juniper.net
2	www.juniper.net	blogs.juniper.net
1	platform.twitter.com	1 redirects
1	attr.ml-api.io
1	s.ml-attr.com	1 redirects
1	junipernetworks.tt.omtrdc.net	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	junipernetworks.demdex.net	assets.adobedtm.com
1	api.demandbase.com	assets.adobedtm.com
1	scripts.demandbase.com	assets.adobedtm.com
1	fonts.googleapis.com	blogs.juniper.net
158	33

This site contains links to these domains. Also see Links.

Domain
www.juniper.net
support.juniper.net
my.juniper.net
casemanager.juniper.net
license.juniper.net
entitlementsearch.juniper.net
kb.juniper.net
prsearch.juniper.net
apps.juniper.net
forums.juniper.net
learningportal.juniper.net
openlearning.juniper.net
cloud.contentraven.com
www.certmetrics.com
ispserver.com
malware-traffic-analysis.net
www.facebook.com
www.linkedin.com
twitter.com
investor.juniper.net
newsroom.juniper.net
events.juniper.net
junipercommunity.force.com
partners.juniper.net
forms.juniper.net
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
blogs.juniper.net Sectigo RSA Organization Validation Secure Server CA	`2020-02-05` - `2022-02-04`	2 years	crt.sh
www.juniper.net DigiCert SHA2 Secure Server CA	`2020-06-16` - `2021-09-15`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-10-22` - `2021-10-01`	2 years	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
*.gstatic.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
*.d2.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2020-02-28` - `2022-03-04`	2 years	crt.sh
*.tt.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2017-10-19` - `2020-11-25`	3 years	crt.sh
rmulus.com Amazon	`2020-04-08` - `2021-05-08`	a year	crt.sh
*.ml-api.io Amazon	`2020-02-06` - `2021-03-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
*.google.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh

This page contains 11 frames:

Primary Page: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Frame ID: 38FB43FED772FFA05CF38A9BB698B985
Requests: 113 HTTP requests in this frame

Frame: https://junipernetworks.demdex.net/dest5.html?d_nsid=0
Frame ID: 5F2D9355191033C6DDBE600EFCA9958E
Requests: 1 HTTP requests in this frame

Frame: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5ecd401064746d27dd001608.html
Frame ID: FA234899E7E8B4017BB116ABFF9BAC50
Requests: 1 HTTP requests in this frame

Frame: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5e7a2d4c64746d600b00241f.html
Frame ID: 0B19C77E48A0EBABE6602D3DC77D5E54
Requests: 1 HTTP requests in this frame

Frame: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5ed9078864746d6f25000019.html?INSERT_TRANSACTION_CURRENCY_HERE=undefined&INSERT_TRANSACTION_ID_HERE=undefined&INSERT_TRANSACTION_NAME_HERE=undefined&INSERT_TRANSACTION_QUANTITY_HERE=undefined&INSERT_TRANSACTION_TYPE_HERE=undefined&INSERT_TRANSACTION_VALUE_HERE=undefined&INSERT_U10_HERE=undefined&INSERT_U11_HERE=undefined&INSERT_U12_HERE=undefined&INSERT_U13_HERE=undefined&INSERT_U14_HERE=undefined&INSERT_U15_HERE=undefined&INSERT_U16_HERE=undefined&INSERT_U17_HERE=undefined&INSERT_U18_HERE=undefined&INSERT_U19_HERE=undefined&INSERT_U1_HERE=undefined&INSERT_U20_HERE=undefined&INSERT_U2_HERE=undefined&INSERT_U3_HERE=undefined&INSERT_U4_HERE=undefined&INSERT_U5_HERE=undefined&INSERT_U6_HERE=undefined&INSERT_U7_HERE=undefined&INSERT_U8_HERE=undefined&INSERT_U9_HERE=undefined
Frame ID: 5E54D46225A543FCBC90E5D908E0BFCE
Requests: 1 HTTP requests in this frame

Frame: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5caeb27864746d4fde0010d0.html
Frame ID: F2DCA61625E374CDCD788DA1645775E4
Requests: 1 HTTP requests in this frame

Frame: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5d487bc864746d25bd00073a.html
Frame ID: 37CCF216257A24D6C8DDD3C1ADE92A25
Requests: 1 HTTP requests in this frame

Frame: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5f4e37f064746d722b001c54.html
Frame ID: E4C5891D02F469158867C52D69DCC68A
Requests: 1 HTTP requests in this frame

Frame: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
Frame ID: 0C36C3DA8B7E7F5DEF8AF3D07799F496
Requests: 19 HTTP requests in this frame

Frame: https://secure.rmulus.com/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dpgvw%26_pdataSource%3Dweb%26_pqStr%3Denabled%26jnpr_vID%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclIp%3Dactive%26_pgetId%3Dtrue&_pclientId=jnpr&_peventName=pgvw&_pdataSource=web&_pqStr=Unavailable&jnpr_vID=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pgetId=true&_pevId=6dmBYPJp93FRBlxNHVEUjDVykoYIrjID-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pidSource=secure.rmulus.com&_pidName=rmulusId&_plkpPrfl=disabled
Frame ID: AFAF07F9A366EC155800820670852265
Requests: 1 HTTP requests in this frame

Frame: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
Frame ID: EF88E41FA85A6B77D8F122C26A768D8C
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i
script /\/wp-(?:content|includes)\//i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i

Red Hat (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Red Hat/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

158
Requests

100 %
HTTPS

41 %
IPv6

25
Domains

33
Subdomains

28
IPs

6
Countries

4305 kB
Transfer

9350 kB
Size

0
Cookies

125 Outgoing links

These are links going to different origins than the main page.

URL: https://www.juniper.net/us/en/
Title: United States

Search URL Search Domain Scan URL

URL: https://www.juniper.net/br/pt/
Title: Brazil - Brasil

Search URL Search Domain Scan URL

URL: https://www.juniper.net/cn/zh/
Title: China - 中国

Search URL Search Domain Scan URL

URL: https://www.juniper.net/fr/fr/
Title: France

Search URL Search Domain Scan URL

URL: https://www.juniper.net/de/de/
Title: Germany - Deutschland

Search URL Search Domain Scan URL

URL: https://www.juniper.net/it/it/
Title: Italy - Italia

Search URL Search Domain Scan URL

URL: https://www.juniper.net/jp/jp/
Title: Japan - 日本

Search URL Search Domain Scan URL

URL: https://www.juniper.net/kr/kr/
Title: Korea - 대한민국

Search URL Search Domain Scan URL

URL: https://www.juniper.net/mx/es/
Title: Latin America

Search URL Search Domain Scan URL

URL: https://www.juniper.net/ru/ru/
Title: Russia - Россия

Search URL Search Domain Scan URL

URL: https://www.juniper.net/es/es/
Title: Spain - España

Search URL Search Domain Scan URL

URL: https://www.juniper.net/nl/nl/
Title: The Netherlands

Search URL Search Domain Scan URL

URL: https://www.juniper.net/uk/en/
Title: United Kingdom

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.juniper.net/search/login.page
Title: Log In

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/why-juniper/
Title: Why Juniper?

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/case-studies-customer-success/
Title: Customer Success

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/partners/
Title: Partnership

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/community/
Title: Community

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/how-to-buy/
Title: How to Buy

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/
Title: Products & Solutions

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/cloud-services/
Title: Cloud Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/ipc/
Title: Identity & Policy Control

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/network-automation/
Title: Network Automation

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/network-edge-services/
Title: Network Edge Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/nos/
Title: Network Operating System

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/packet-optical/
Title: Packet Optical

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/routing/
Title: Routers

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/management-operations-sdn/
Title: SDN, Management & Operations

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/security/
Title: Security

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/switching/
Title: Switches

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/access-points/
Title: Wireless Access Points

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products-services/a-z/
Title: All Products A-Z

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/eol/
Title: End of Life

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/
Title: Solutions

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/enterprise/
Title: Enterprise

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/cloud/
Title: Cloud Provider

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/service-provider/
Title: Service Provider

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/400g/
Title: 400G

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/5g-networking/
Title: 5G Networking

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/automation/
Title: Automation

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/contact-tracing/
Title: Contact Tracing

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/data-center/
Title: Data Center

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/metro/
Title: Metro

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/enterprise-at-home/
Title: Remote Work

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/security/
Title: Security

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/segment-routing/
Title: Segment Routing

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/sd-wan/
Title: SD-WAN

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/wired-wireless-access/
Title: Wired & Wireless Access

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/cable/
Title: Cable

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/financial/
Title: Financial Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/federal-government/
Title: Federal Government

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/healthcare/
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/telecommunications-service-provider/
Title: Telco

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/
Title: Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/advisory-services/
Title: Advisory Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/implementation-services/
Title: Implementation Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/maintenance-services/
Title: Maintenance Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/managed-services/
Title: Managed Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/onsite-technical-services/
Title: Onsite Technical Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/remote-operational-services/
Title: Remote Operational Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/taas/
Title: Testing as a Service

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/
Title: Support

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/up-and-running/
Title: Getting Started

Search URL Search Domain Scan URL

URL: https://my.juniper.net/#dashboard/overview
Title: MyJuniper

Search URL Search Domain Scan URL

URL: https://casemanager.juniper.net/
Title: Case and RMA Management

Search URL Search Domain Scan URL

URL: https://license.juniper.net/licensemanage/
Title: Product License Keys

Search URL Search Domain Scan URL

URL: https://entitlementsearch.juniper.net/entitlementsearch/
Title: Product Entitlement Search

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/uib/index.page
Title: Update Install Base

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/requesting-support/
Title: Contact Support

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/
Title: Downloads

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=ex
Title: EX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=mx
Title: MX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=ptx
Title: PTX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=qfx
Title: QFX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=srx
Title: SRX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=space
Title: Junos Space

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=ssg
Title: SSG Series

Search URL Search Domain Scan URL

URL: https://kb.juniper.net/InfoCenter/index?page=home
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: https://www.juniper.net/documentation/
Title: TechLibrary

Search URL Search Domain Scan URL

URL: https://prsearch.juniper.net/InfoCenter/index?page=prsearch
Title: Problem Report Search

Search URL Search Domain Scan URL

URL: https://apps.juniper.net/home/
Title: Pathfinder

Search URL Search Domain Scan URL

URL: https://forums.juniper.net/
Title: Community

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/security/
Title: Security Intelligence

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/security/report-vulnerability/
Title: Report a Vulnerability

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training/
Title: Training

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=JUNIPER-TRAINING-SCHEDULE-HOME
Title: Schedule of Classes

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=ALL-ACCESS-TRAINING-PASS-HOME
Title: All Access Training Pass

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=JUNIPER-ONDEMAND-TRAINING-HOME
Title: On-demand Courses

Search URL Search Domain Scan URL

URL: https://openlearning.juniper.net/
Title: Open Learning

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=JUNIPER-LEARNING-PATHS-HOME
Title: Learning Paths

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=FREE-JUNIPER-TRAINING-HOME
Title: Getting Started

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training/certification/
Title: Certification

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training/certification/getting-started/
Title: Getting Started

Search URL Search Domain Scan URL

URL: https://cloud.contentraven.com/junosgenius/login
Title: Practice Tests

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training/certification/exam-registration/
Title: Exam Registration

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training/certification/recertification/
Title: Recertification

Search URL Search Domain Scan URL

URL: https://www.certmetrics.com/juniper/login.aspx?ReturnUrl=%2fjuniper%2f
Title: Manage My Certs

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/try/
Title: Offers and Trials

Search URL Search Domain Scan URL

URL: https://ispserver.com/
Title: https://ispserver.com/

Search URL Search Domain Scan URL

URL: https://malware-traffic-analysis.net/2020/07/20/index.html
Title: https://malware-traffic-analysis.net/2020/07/20/index.html

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/corporate-responsibility/
Title: Corporate Responsibility

Search URL Search Domain Scan URL

URL: https://investor.juniper.net/investor-relations/default.aspx
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://newsroom.juniper.net/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://events.juniper.net/
Title: Events

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/press-center/images/
Title: Image Library

Search URL Search Domain Scan URL

URL: https://junipercommunity.force.com/prm/s/partnerlocator
Title: Find a Partner

Search URL Search Domain Scan URL

URL: https://junipercommunity.force.com/prm/s/distributorlocator
Title: Find a Distributor

Search URL Search Domain Scan URL

URL: https://junipercommunity.force.com/prm/s/onboarding
Title: Become a Partner

Search URL Search Domain Scan URL

URL: https://partners.juniper.net/partnercenter/index.page
Title: Partner Login

Search URL Search Domain Scan URL

URL: http://forms.juniper.net/?elqPURLPage=648
Title: Sign up

Search URL Search Domain Scan URL

URL: https://www.facebook.com/JuniperNetworks/
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/JuniperNetworks/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/junipernetworks
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/juniper-networks
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/junipernetworks/
Title:

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/feedback/
Title: Feedback

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/site-map/
Title: Site Map

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/legal-notices/
Title: Legal Notices

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62

https://cm.everesttech.net/cm/dd?d_uuid=36743440815373861152056202654549242100 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=X4RyUAAAB4M8MRTJ

Request Chain 95

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3djuniper.net%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3djuniper.net%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253djuniper.net%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=juniper.net&pId=1789714161795284342

Request Chain 98

https://platform.twitter.com/oct.js HTTP 301
https://static.ads-twitter.com/oct.js

158 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request iceid-campaign-strikes-back Show response
blogs.juniper.net/en-us/threat-research/ 88 KB
17 KB 1050ms
221ms Document
text/html 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 / PHP/7.1.33
Resource Hash: 02ffc9eb5cd56586a9aa30bdb399430a9c7f46823cd47cc1aa7c8f82042e4cdc

Request headers

:method: GET
:authority: blogs.juniper.net
:scheme: https
:path: /en-us/threat-research/iceid-campaign-strikes-back
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
vary: Accept-Encoding,Cookie
cache-control: max-age=3, must-revalidate
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Mon, 12 Oct 2020 15:12:14 GMT
accept-ranges: bytes
x-powered-by: PHP/7.1.33

GET
H2 200 dfd_icon_set.css
blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/ 75 KB
12 KB 207ms
202ms Stylesheet
text/css 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/dfd_icon_set.css?ver=5.4.2
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 89a733d708f3c1d4e9586f565282da135a31e93a9ad3da1611f64d1a112b457c

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 10:01:29 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[12dba-59956988a7040]"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes

GET
H2 200 style.min.css
blogs.juniper.net/wp-includes/css/dist/block-library/ 52 KB
7 KB 220ms
216ms Stylesheet
text/css 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-includes/css/dist/block-library/style.min.css?ver=5.4.2
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Sat, 06 Jun 2020 04:30:45 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[d159-5a762d75a929a]"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes

GET
H2 200 mobile-responsive.css
blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/css/ 108 KB
13 KB 221ms
217ms Stylesheet
text/css 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/css/mobile-responsive.css?ver=5.4.2
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: d8b3973b02fe90470f2307111fba8e4b66a16796d10f37befdb4f954eea7a467

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 10:01:29 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[1ae31-59956988a7040]"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes

GET
H2 200 global-nav.css
www.juniper.net/assets/styles/ 12 KB
3 KB 35ms
7ms Stylesheet
text/css 2a02:26f0:f1:292::720
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/styles/global-nav.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:292::720 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

e253109e6d843fd0dd5887c79ec1340e56913d38ad179499aeb55163875de6a7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
content-encoding: gzip
vary: Accept-Encoding
status: 200
strict-transport-security: max-age=31536000
content-length: 2799
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
last-modified: Thu, 07 May 2020 03:44:53 GMT
server: Apache
date: Mon, 12 Oct 2020 15:12:15 GMT
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: text/css
access-control-allow-origin: *
cache-control: public, must-revalidate, max-age=9300
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Mon, 12 Oct 2020 17:47:15 GMT

GET
H2 200 visual-composer.css
blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/css/ 617 KB
66 KB 221ms
217ms Stylesheet
text/css 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/css/visual-composer.css
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: b43bb3b833b8a0946d96295f42fbe72220d6eac378b7cf4d1ccdc73dfe30b607

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 10:01:29 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[9a33a-59956988a7040]"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes

GET
H2 200 font.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/ 3 KB
578 B 220ms
216ms Stylesheet
text/css 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 9e01cd9d5c99f2550fff5002f1b7fcc1402aa88b84f471214b032a7cde0f42b2

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Mon, 06 Jan 2020 11:39:55 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[c14-59b771e47f8c0]"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes

GET
H2 200 app.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/ 1 MB
114 KB 221ms
217ms Stylesheet
text/css 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/app.css
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 7af2c659d6f3451b1d60b59d07e71f8b6ddcba906f882bf363c5c8532b01f5ed

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Thu, 30 Jan 2020 08:55:32 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[138090-59d579e978900]"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes

GET
H2 200 jnpr.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/ 18 KB
3 KB 221ms
217ms Stylesheet
text/css 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/jnpr.css
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: fa0d4a0ea2015ff7752448a9f6eef25d8e1f6834aee21bbb73857cc99bccbb5e

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Mon, 10 Aug 2020 13:24:16 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[4696-5ac85df0e4da7]"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes

GET
H2 200 mobile-responsive.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/ 108 KB
13 KB 221ms
218ms Stylesheet
text/css 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/mobile-responsive.css
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: ed93f4b57dbafc1b959d886fcaba2d1fcfb4b94d390531cdcf8fcc079521a0e9

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Tue, 17 Dec 2019 12:28:36 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[1ae53-599e5778f6500]"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes

GET
H2 200 style.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/ 669 B
470 B 221ms
219ms Stylesheet
text/css 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/style.css
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 4d966ffbf39121ce17dca578684dda721702d20ee534cf9beeeb947b9a4cda12

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Tue, 24 Dec 2019 06:25:19 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[29d-59a6d353f31c0]"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes

GET
H2 200 css
fonts.googleapis.com/ 99 KB
3 KB 20ms
17ms Stylesheet
text/css 2a00:1450:4001:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CRaleway%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CDroid+Serif%3A400%2C700%2C400italic%2C700italic%7CLora%3A400%2C700%2C400italic%2C700italic%7CRoboto%3A100%2C300%2C400%2C500%2C700%2C900%2C100italic%2C300italic%2C400italic%2C500italic%2C700italic%2C900italic&subset=latin&ver=1581418109

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

01e027231971c208e402b1852eabdc60b56c489bf52ca1a4e0a26e998e5e41da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 12 Oct 2020 15:12:15 GMT
server: ESF
date: Mon, 12 Oct 2020 15:12:15 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 12 Oct 2020 15:12:15 GMT

GET
H2 200 jquery.js Show response
blogs.juniper.net/wp-includes/js/jquery/ 95 KB
33 KB 229ms
227ms Script
application/javascript 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 08:25:55 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[17a69-5995542c48ac0]"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes

GET
H2 200 jquery-migrate.min.js Show response
blogs.juniper.net/wp-includes/js/jquery/ 10 KB
4 KB 403ms
401ms Script
application/javascript 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 08:25:55 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[2748-5995542c48ac0]"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes

GET
H2 200 satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/ 296 KB
62 KB 31ms
9ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 608d4f2b108fc8b64a77c1a8b7fb7e6bb59ad03fc101be79863b040be2ea6589

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Fri, 09 Oct 2020 18:00:38 GMT
server: AkamaiNetStorage
status: 200
etag: "2a1dd544af0e22dcd20c835bbe045a50:1602266438.507588"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 63155
expires: Mon, 12 Oct 2020 16:12:15 GMT

GET
H2 200 Anchor-1024x573.png
blogs.juniper.net/wp-content/uploads/2020/08/ 268 KB
268 KB 394ms
389ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/Anchor-1024x573.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: dc136a289331929be72cc5c26b7f1455a39c4c94a058f65fb6d3ef72c4c10a6d

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 11:38:25 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[43011-5acaca0366756]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 phishing1.png
blogs.juniper.net/wp-content/uploads/2020/08/ 29 KB
29 KB 398ms
392ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/phishing1.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 6c08ca0ac875c6c3477f36d366c80f3b0fbb5fd39ad35bd2dc8addb06efc072b

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:55:14 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[758e-5aca6fe457562]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 phishing2.png
blogs.juniper.net/wp-content/uploads/2020/08/ 16 KB
15 KB 397ms
392ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/phishing2.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: e07b39e211351c340b153d15aeb20aa9d80403edf761f105bfa59b268d92acef

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:55:13 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[3f49-5aca6fe368186]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 phishing3.png
blogs.juniper.net/wp-content/uploads/2020/08/ 21 KB
20 KB 397ms
391ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/phishing3.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 9dcd95b63c6ec41ea7817e407443f087470229fd02d94f89288dc366a5c833a3

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:55:12 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[553c-5aca6fe271748]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 document_macro-768x211.png
blogs.juniper.net/wp-content/uploads/2020/08/ 92 KB
92 KB 397ms
392ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/document_macro-768x211.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: bd111ed6b28e5f880f55d6e8f43b4e10d6d011dd291c8e5dcd7f8ca10d51c44c

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:55:11 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[16e6f-5aca6fe19838b]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 macro_code-768x756.png
blogs.juniper.net/wp-content/uploads/2020/08/ 372 KB
372 KB 394ms
389ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/macro_code-768x756.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: c4a75c8a159f2823efcc6b6e1f5db35bd37a724c58cdcd483a2365b9c724a51b

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:55:09 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[5d093-5aca6fdff1cd3]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 macros_code2-768x306.png
blogs.juniper.net/wp-content/uploads/2020/08/ 182 KB
181 KB 401ms
396ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/macros_code2-768x306.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: ab79bd243b8d4eacffdcf83bec52f77d589435cb58f2926b5a914604b1b473a6

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:55:07 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[2d67a-5aca6fde68b59]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 VT1.png
blogs.juniper.net/wp-content/uploads/2020/08/ 5 KB
5 KB 401ms
396ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/VT1.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 08fcec81b5d70ae12772d652042b25031a06796047a99a17fb3eaa3cf7980ae8

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:55:06 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[14be-5aca6fdd1a394]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 VT2.png
blogs.juniper.net/wp-content/uploads/2020/08/ 5 KB
5 KB 401ms
396ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/VT2.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 329f426f91b1b1fabaceceeef6a70ce5dec5d0f675fe1761c5ffb94aa390d779

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:55:05 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[1461-5aca6fdc19dbe]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 domain-768x541.png
blogs.juniper.net/wp-content/uploads/2020/08/ 374 KB
375 KB 401ms
397ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/domain-768x541.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 8de75e52c8a9c8f8fd3f5c06e8f0a5c1a86d5c05ce90f4dcf1ff4ef372e8f425

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 05:15:22 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[5d783-5aca7465334b2]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 pcap-768x482.png
blogs.juniper.net/wp-content/uploads/2020/08/ 168 KB
167 KB 401ms
397ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/pcap-768x482.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 1bb5349b7a70b0f67c2594b88592de1c1ba04d5c7195a0d9f924672b0b626788

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:55:04 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[2a0a3-5aca6fdae3d72]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 VT3-768x187.png
blogs.juniper.net/wp-content/uploads/2020/08/ 65 KB
65 KB 1317ms
1312ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/VT3-768x187.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 5656333217b27d77301c96148ecb05d9edbfd166c0a0474a1a9e29a98606efd2

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:55:00 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[103ea-5aca6fd78ad7f]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 CheckPNG.png
blogs.juniper.net/wp-content/uploads/2020/08/ 22 KB
21 KB 402ms
397ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/CheckPNG.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: d64a73a7c9fb6edef0e36d4a938235f574cb7526f90f4043286575822427a5cb

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:54:59 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[5705-5aca6fd63c5b0]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 DNS_queries.png
blogs.juniper.net/wp-content/uploads/2020/08/ 15 KB
15 KB 1317ms
1313ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/DNS_queries.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 6ad89035a6df10812be76c15137e826e2121d53a6386ff7b4a4e959f794f067d

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:54:58 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[3dec-5aca6fd52fccd]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 ATP-1024x379.png
blogs.juniper.net/wp-content/uploads/2020/08/ 207 KB
207 KB 401ms
397ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/08/ATP-1024x379.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: bf0503c77003e76d864720c16be655d647e3e5e019482a46243c6a257c635abd

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 04:54:54 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[33a4b-5aca6fd1f4177]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 wp-emoji-release.min.js Show response
blogs.juniper.net/wp-includes/js/ 14 KB
5 KB 1316ms
1312ms Script
application/javascript 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-includes/js/wp-emoji-release.min.js?ver=5.4.2
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Sat, 06 Jun 2020 04:30:45 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[364d-5a762d75b9850]"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes

GET
H2 200 Blog-Comand-and-Control-900x600.gif
blogs.juniper.net/wp-content/uploads/2020/10/ 128 KB
128 KB 2369ms
2365ms Image
image/gif 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/10/Blog-Comand-and-Control-900x600.gif
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: e77120238f61ac355534e89b7fad3a5fa9c9544851196a7a6a012ed1c4b07a42

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
last-modified: Thu, 08 Oct 2020 16:06:24 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "1ffb8-5b12b0380c7d2"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 131000

GET
H2 200 ATP-blogimage-900x600.png
blogs.juniper.net/wp-content/uploads/2020/10/ 276 KB
276 KB 1316ms
1313ms Image
image/png 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/10/ATP-blogimage-900x600.png
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 9ff05dd0c63650e8a37b0de882f31af32904ae5ae1cdf3154a62b8bf6ee8f1df

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Wed, 07 Oct 2020 11:45:30 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[44f21-5b11340a0a662]"
vary: Accept-Encoding
content-type: image/png
status: 200
accept-ranges: bytes

GET
H2 200 Threat-Labs-blog-Pastebin-900x600.gif
blogs.juniper.net/wp-content/uploads/2020/10/ 136 KB
136 KB 2369ms
2365ms Image
image/gif 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/10/Threat-Labs-blog-Pastebin-900x600.gif
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 0b961216817d9fce974f25978f65071de06569be4760f644deec56bbb2977c7c

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
last-modified: Mon, 05 Oct 2020 13:10:54 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "21f0a-5b0ec36573b50"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 139018

GET
H2 200 js_composer.min.css
blogs.juniper.net/wp-content/plugins/js_composer/assets/css/ 473 KB
44 KB 224ms
223ms Stylesheet
text/css 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: bf376bda577cabdec91f4e3f27597af77cb736bd548e87e987e1ee97e0549f1c

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 10:09:43 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[765f9-59956b5fc47c0]"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes

GET
H2 200 utils.js Show response
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/js/ 2 KB
676 B 222ms
222ms Script
application/javascript 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/js/utils.js
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: e4ccf32b4d570f678ef818d0ab645defe462926db4e3a7eb1985430e25a71d96

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Tue, 03 Mar 2020 10:37:20 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[722-59ff0e3718f2d]"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes

GET
H2 200 jquery.form.min.js Show response
blogs.juniper.net/wp-includes/js/jquery/ 16 KB
6 KB 396ms
396ms Script
application/javascript 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-includes/js/jquery/jquery.form.min.js?ver=4.2.1
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 3b20c7f4231183b11371d9122369cd5a961ee58a5372cd9f841da82b73ddb0be

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 08:25:55 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[3f41-5995542c48ac0]"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes

GET
H2 200 global-nav.js Show response
www.juniper.net/assets/scripts/ 218 KB
60 KB 906ms
900ms Script
application/javascript 2a02:26f0:f1:292::720
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:292::720 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

f2c7893ac812052986f341c6651cb1f291f6d283d92437e00e424ffe08e68b08

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
content-encoding: gzip
vary: Accept-Encoding
status: 200
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
pragma: no-cache
last-modified: Thu, 07 May 2020 03:43:51 GMT
server: Apache
date: Mon, 12 Oct 2020 15:12:17 GMT
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token
expires: Mon, 12 Oct 2020 15:12:17 GMT

GET
H2 200 uncompresed.js Show response
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/js_pub/ 721 KB
186 KB 394ms
387ms Script
application/javascript 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/js_pub/uncompresed.js
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: bbd96c67188ee6d1977bd7bfc382000eff01010cb8656023d6bdf8b77ab91c95

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Tue, 03 Mar 2020 10:34:32 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[b43eb-59ff0d9735fb1]"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes

GET
H2 200 wp-embed.min.js Show response
blogs.juniper.net/wp-includes/js/ 1 KB
829 B 394ms
388ms Script
application/javascript 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-includes/js/wp-embed.min.js?ver=5.4.2
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Sat, 06 Jun 2020 04:30:45 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[59a-5a762d75b7cf8]"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes

GET
H2 200 js_composer_front.min.js Show response
blogs.juniper.net/wp-content/plugins/js_composer/assets/js/dist/ 20 KB
6 KB 394ms
388ms Script
application/javascript 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 43cdf46f331fec5ba92e402e3d5cad473099892cbdafca02e607cd03705104bf

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 10:09:44 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[5079-59956b60b8a00]"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 374 B
1 KB 556ms
64ms XHR
application/json 52.49.47.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=D206123F524450F50A490D45%40AdobeOrg&d_nsid=0&ts=1602515535880

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.49.47.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-49-47-228.eu-west-1.compute.amazonaws.com

Software

Resource Hash

a822aa262f8d7674018c1a2761bae9b528fde5408e4994a54770dfd131f8a33c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v083-0daa3f21a.edge-irl1.demdex.com 5.78.1.20201008074624 2ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: oiGyj1WTTs8=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://blogs.juniper.net
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 308
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 mbox-contents-ba151bac91f2b7214d881fb194e167b525fadece.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/ 74 KB
27 KB 16ms
15ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/mbox-contents-ba151bac91f2b7214d881fb194e167b525fadece.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9912c03b52a7cb0fc11bde58e200010eca671219552929b31be4c2e26c0e10c3

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 17:06:42 GMT
server: AkamaiNetStorage
status: 200
etag: "b8f6521187f987f1e079c5d7031aabec:1600880802.805584"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 27369
expires: Mon, 12 Oct 2020 16:12:15 GMT

GET
H2 200 notice Show response
consent.trustarc.com/ 10 KB
4 KB 248ms
111ms Script
text/javascript 99.86.243.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=juniper.net&c=teconsent&text=true&noticeType=bb&js=nj&gtm=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.24 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-24.vie50.r.cloudfront.net

Software

nginx /

Resource Hash

63aa9e013f1ec13fd691e8db8281f87b5e2cb39ab2966dbd722296d5b7172688

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 3542
x-xss-protection: 1; mode=block
access-control-allow-origin: *
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
via: 1.1 cc6cd0f2b9d4d88785ea5a737059a4ff.cloudfront.net (CloudFront)
cache-control: no-cache
x-amz-cf-id: 3VXxmGyUwOrRD1DcLgklVUKPrHrQmnuO4YnOfa7oIRfrd2cBQODQ9A==
expires: Mon, 12 Oct 2020 15:12:15 GMT

GET
H2 200 satellite-5e274cf864746d62d400121f.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 843 B
1 KB 13ms
9ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5e274cf864746d62d400121f.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 14a424043d648390ade4358c71cc7088dcaf2d3ad96d562dd62a7f111273ae3e

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
last-modified: Tue, 15 Sep 2020 11:13:26 GMT
server: AkamaiNetStorage
etag: "949207843133225d60e7b8c4139b6d23:1600168406.146716"
status: 200
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 843
expires: Mon, 12 Oct 2020 16:12:16 GMT

GET
H2 200 satellite-5e7cce4264746d122b00213f.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 283 B
529 B 13ms
10ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5e7cce4264746d122b00213f.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 682a441c52a2aa06995a26d82b96607f35fd68fe75c58532076ee7f9ca2dbcf6

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
last-modified: Wed, 23 Sep 2020 17:07:01 GMT
server: AkamaiNetStorage
etag: "905d79e7290deb5119af46207af85c1a:1600880821.657687"
status: 200
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 283
expires: Mon, 12 Oct 2020 16:12:16 GMT

GET
H2 200 satellite-57b12a8364746d4d41000291.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 3 KB
1 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-57b12a8364746d4d41000291.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 619b3afc152f1e76ec40eff7c5e1e97136caf8a0420b19e5fd570b6ffe61998d

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 14:32:32 GMT
server: AkamaiNetStorage
status: 200
etag: "734fc85216dd4d611cfbbbb6b37764a9:1600871552.244617"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 987
expires: Mon, 12 Oct 2020 16:12:15 GMT

GET
H2 200 wRPiG49f.min.js Show response
scripts.demandbase.com/adobeanalytics/ 5 KB
2 KB 132ms
33ms Script
application/javascript 99.86.243.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/adobeanalytics/wRPiG49f.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.10 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-10.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b1f5052d047f70ba8f8721e86c1a5f8760f829a75e3dcb72e5452c312d9066b1

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 11 Oct 2020 15:42:11 GMT
content-encoding: gzip
last-modified: Thu, 27 Feb 2020 18:54:12 GMT
server: AmazonS3
age: 84606
etag: W/"eade7e2d13cfb2aa134d80109d627b20"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: zKhlKX3C1MJdKamx0zBIFs.gQNHcgOXC
status: 200
x-amz-cf-pop: VIE50-C1
content-type: application/javascript
x-amz-cf-id: ktAIA01TlN4XZQN2iacDBxQ1-h_adcTerZ-k1Zh30nxLuGmR0VYDug==
via: 1.1 2ada7fef339aac482bc92d45b7dff5f8.cloudfront.net (CloudFront)

GET
H/1.1 200
OK ip.json Show response
api.demandbase.com/api/v2/ 465 B
930 B 190ms
87ms Script
application/javascript 13.225.78.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.demandbase.com/api/v2/ip.json?key=364bbfa27ca300ef9638e9d163c1fb03&callback=Dmdbase_CDC.callback
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.67 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-67.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 0018c64098f92022d1b7bdc4736a36d215beb67cda743c6931bbbf8334acbbd8

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 12 Oct 2020 15:12:16 GMT
Identification-Source: CENTRAL
X-Amz-Cf-Pop: FRA2-C2
Transfer-Encoding: chunked
X-Cache: Miss from cloudfront
Connection: keep-alive
Request-ID: 837b8502-037c-40ae-8acb-fdee7e94a591
Content-Encoding: gzip
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding, Origin
Content-Type: application/javascript;charset=utf-8
Via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Api-Version: v2
X-Amz-Cf-Id: gLZn9cZOy6Di2_cuIMm5x6-m9Jyp-eLwwL4hWYlfpTJnDQlk0cC-bw==
Expires: Sun, 11 Oct 2020 15:12:16 GMT

GET
H2 200 satellite-5bd31e9364746d6b860045a0.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 883 B
700 B 10ms
9ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5bd31e9364746d6b860045a0.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 179f42988ae4cab77687b27656fc69ab3fa07efbcf6279ac1bef85ac0688e69d

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 17:06:47 GMT
server: AkamaiNetStorage
status: 200
etag: "b3998ca07afe5ed1d91aa042d31218db:1600880807.804068"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 434
expires: Mon, 12 Oct 2020 16:12:15 GMT

GET
H2 200 satellite-57d9c57464746d4d3e010a86.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 2 KB
1022 B 11ms
10ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-57d9c57464746d4d3e010a86.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7ee39e6b76207efc841a6882a2af5241490e1a2161c4e13790f78fb4dbfdde28

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 17:06:45 GMT
server: AkamaiNetStorage
status: 200
etag: "458ad1cb95d004fd440d76d56ca277df:1600880805.812554"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 755
expires: Mon, 12 Oct 2020 16:12:15 GMT

GET
H2 200 satellite-58a48a3864746d025c00d79f.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 156 B
394 B 11ms
10ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-58a48a3864746d025c00d79f.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7da66ec546c027bfe5b9ca59aa2225cfaa5f0d68f96801f31186878c0fa853f8

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 12 Oct 2020 15:12:15 GMT
content-encoding: gzip
last-modified: Fri, 09 Oct 2020 18:00:41 GMT
server: AkamaiNetStorage
status: 200
etag: "bbf4e24515459a70357a852ca14861ff:1602266441.416107"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 129
expires: Mon, 12 Oct 2020 16:12:15 GMT

GET
H2 200 v1.7-218 Show response
consent.trustarc.com/asset/notice.js/v/ 68 KB
22 KB 174ms
83ms Script
text/javascript 99.86.243.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.trustarc.com/asset/notice.js/v/v1.7-218
Requested by: Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=juniper.net&c=teconsent&text=true&noticeType=bb&js=nj&gtm=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.24 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-24.vie50.r.cloudfront.net
Software: nginx /
Resource Hash: e319db56a8d7bbeda259af9540107b72dd326ddbc17facfbcadebff0603db1fb

Request headers

Origin: https://blogs.juniper.net
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Tue, 6 Oct 2020 02:13:25 GMT
server: nginx
x-amz-cf-pop: VIE50-C1
status: 200
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-id: 2JDqhJRhcFfZTvREA8cdVS-EEYQ0YzLjcCfxYd_mGFKxi2lz9H2amw==
via: 1.1 03f23a59e296041c07602d699fc87484.cloudfront.net (CloudFront)
expires: Wed, 11 Nov 2020 15:12:16 GMT

GET
H2 200 Juniper-Networks-518251288-GREEN.jpg
blogs.juniper.net/wp-content/uploads/2020/01/ 397 KB
340 KB 377ms
377ms Image
image/jpeg 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/wp-content/uploads/2020/01/Juniper-Networks-518251288-GREEN.jpg
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: e140beffd54616292cdd8060a530be3bf2b03f0d8186233186474b8e267db1bb

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Fri, 24 Jan 2020 07:09:48 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[6324f-59cdd71698700]"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
accept-ranges: bytes

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v14/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3b3c4f67bf2b44294215e2be76f12794e6b142edec201e199c93c38739f2bfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blogs.juniper.net
Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 13:43:16 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:24:00 GMT
server: sffe
age: 5340
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14076
x-xss-protection: 0
expires: Tue, 12 Oct 2021 13:43:16 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v14/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52726fb580d6bffc46615863ddbf4c319524b5a68fb484be2972bdad4fd0310d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blogs.juniper.net
Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 06 Oct 2020 15:17:11 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:23:20 GMT
server: sffe
age: 518105
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13944
x-xss-protection: 0
expires: Wed, 06 Oct 2021 15:17:11 GMT

GET
H2 200 S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
fonts.gstatic.com/s/lato/v14/ 14 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

155ef7601d4af029d8b6f3efa4ed4984748ea0a36c85f038f129ffdc6fb83b66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blogs.juniper.net
Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 08:39:09 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:23:01 GMT
server: sffe
age: 23587
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14824
x-xss-protection: 0
expires: Tue, 12 Oct 2021 08:39:09 GMT

GET
H2 200 S6u_w4BMUTPHjxsI5wq_Gwftx9897g.woff2
fonts.gstatic.com/s/lato/v14/ 14 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6u_w4BMUTPHjxsI5wq_Gwftx9897g.woff2

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fc6b71fecae57ad350ffe89e9059442916fa401c3d3441e8aeb4c20d7a34ec3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://blogs.juniper.net
Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 07 Oct 2020 23:48:05 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:24:07 GMT
server: sffe
age: 401051
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14812
x-xss-protection: 0
expires: Thu, 07 Oct 2021 23:48:05 GMT

GET
H2 200 soc-icons.woff
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/fonts/ 34 KB
35 KB 371ms
371ms Font
application/font-woff 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/fonts/soc-icons.woff
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/app.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 21ac17720285646169355f26dc7e527c20d2882a8d1de2a902e429dc94f9acd5

Request headers

Origin: https://blogs.juniper.net
Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/app.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 10:01:29 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[899c-59956988a7040]"
vary: Accept-Encoding
content-type: application/font-woff
status: 200
accept-ranges: bytes

GET
H2 200 search-icon.svg
blogs.juniper.net/assets/svg/ 445 B
405 B 240ms
240ms Image
image/svg+xml 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogs.juniper.net/assets/svg/search-icon.svg
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/jnpr.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 2ad4e96fb2e21b58c32607429b7597950140dee740489604ba141308622b8929

Request headers

Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/jnpr.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Thu, 13 Feb 2020 10:18:32 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[1bd-59e7269338e00]"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
accept-ranges: bytes

GET
H2 200 dfd_icon_set.woff
blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/ 573 KB
232 KB 223ms
222ms Font
application/font-woff 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/dfd_icon_set.woff?t0y29j
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/dfd_icon_set.css?ver=5.4.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: eb8b8bd903a4e388dca1baac5a72110f4eb1f479ee7b655ca53490081726680c

Request headers

Origin: https://blogs.juniper.net
Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/dfd_icon_set.css?ver=5.4.2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 10:01:29 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[8f374-59956988a7040]"
vary: Accept-Encoding
content-type: application/font-woff
status: 200
accept-ranges: bytes

GET
H/1.1 200
OK Cookie set dest5.html
junipernetworks.demdex.net/ Frame 5F2D 0
0 250ms
61ms Document
text/html 52.50.67.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://junipernetworks.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.50.67.81 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-67-81.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: junipernetworks.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=36743440815373861152056202654549242100
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Thu, 08 Oct 2020 10:37:53 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=36743440815373861152056202654549242100;Path=/;Domain=.demdex.net;Expires=Sat, 10-Apr-2021 15:12:16 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: Y9kppD6uS8g=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 id Show response
junipernetworks.d2.sc.omtrdc.net/ 2 B
319 B 145ms
43ms XHR
application/x-javascript 15.236.175.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://junipernetworks.d2.sc.omtrdc.net/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=D206123F524450F50A490D45%40AdobeOrg&mid=42588505397457222121544320235442604307&ts=1602515536442

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-175-233.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Mon, 12 Oct 2020 15:12:16 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-58d4c4cffc-6f9qk
vary: Origin
x-c: master-1388.I1d56d5.M0-459
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://blogs.juniper.net
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=X4RyUAAAB4M8MRTJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=36743440815373861152056202654549242100
https://dpm.demdex.net/ibs:dpid=411&dpuuid=X4RyUAAAB4M8MRTJ

42 B
915 B

62ms
61ms

Image
image/gif

52.49.47.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=X4RyUAAAB4M8MRTJ

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.49.47.228 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-49-47-228.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v083-0a1922e47.edge-irl1.demdex.com 5.78.1.20201008074624 0ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: +QsiC6z1QJ4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Mon, 12 Oct 2020 15:12:16 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=X4RyUAAAB4M8MRTJ
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2 200 json Show response
junipernetworks.tt.omtrdc.net/m2/junipernetworks/mbox/ 537 B
712 B 190ms
72ms XHR
application/json 52.213.168.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://junipernetworks.tt.omtrdc.net/m2/junipernetworks/mbox/json?mbox=target-global-mbox&mboxSession=54115e8abba7409893ad702b4699e03a&mboxPC=&mboxPage=71a6133857824b50bbe35aca1cbb9609&mboxRid=01200f2ef32d4fe9b0736ef4155d036c&mboxVersion=1.6.2&mboxCount=1&mboxTime=1602522736710&mboxHost=blogs.juniper.net&mboxURL=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&mboxReferrer=&browserHeight=1200&browserWidth=1600&browserTimeOffset=120&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&at_property=731b0e75-98c0-3152-d94c-88331af4fd48&mboxMCSDID=55C6A2CC516B6B54-79D6829C09C3B30D&vst.trk=junipernetworks.d2.sc.omtrdc.net&vst.trks=junipernetworks.d2.sc.omtrdc.net&mboxMCGVID=42588505397457222121544320235442604307&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/mbox-contents-ba151bac91f2b7214d881fb194e167b525fadece.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.168.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-168-74.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2b10603de476387f576c81c7eabe849bb2b65ed182b12f0463c5a3479baa4af6

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
status: 200
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://blogs.juniper.net
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
x-request-id: 01200f2ef32d4fe9b0736ef4155d036c

GET
H2 200 notice Show response
consent.trustarc.com/ 15 KB
5 KB 92ms
92ms Script
text/javascript 99.86.243.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=juniper.net&country=cz&js=nj2&c=teconsent&text=true&noticeType=bb&gtm=1

Requested by

Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=juniper.net&c=teconsent&text=true&noticeType=bb&js=nj&gtm=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.24 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-24.vie50.r.cloudfront.net

Software

nginx /

Resource Hash

ae2eddef5e061eec479c96e03ccc24b279fdaba1f6e675d3627cc44e15127502

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://blogs.juniper.net
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 4841
x-xss-protection: 1; mode=block
access-control-allow-origin: *
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
via: 1.1 03f23a59e296041c07602d699fc87484.cloudfront.net (CloudFront)
cache-control: no-cache
x-amz-cf-id: zmi8FstomIhomIiCWS7guUlT0RMdFr-H2GjsdurFVOtN4QB13IMaZg==
expires: Mon, 12 Oct 2020 15:12:15 GMT

GET
H2 200 jnpr-logo.svg Show response
blogs.juniper.net/assets/svg/ 3 KB
2 KB 330ms
330ms XHR
image/svg+xml 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/assets/svg/jnpr-logo.svg
Requested by: Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 57f53d1b65316e7362b02a42d2a07319fcd3a8d75f2dc91d0094caf98181c741

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Wed, 08 Jan 2020 07:06:05 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[c3b-59b9b86a8d140]"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
accept-ranges: bytes

GET
H2 200 jnpr-social-icon_blog.svg Show response
blogs.juniper.net/assets/icons/social/ 3 KB
1 KB 320ms
320ms XHR
image/svg+xml 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/assets/icons/social/jnpr-social-icon_blog.svg
Requested by: Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 4ac6f3f96ba95b41a75dace029d6f460e9721949d91b2680723394f1c8ecce29

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 09:49:56 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[de8-59eeab5fdee5f]"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
accept-ranges: bytes

GET
H2 200 jnpr-social-icon_jnet.svg Show response
blogs.juniper.net/assets/icons/social/ 976 B
630 B 327ms
326ms XHR
image/svg+xml 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/assets/icons/social/jnpr-social-icon_jnet.svg
Requested by: Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 6b8797e0cf30f8a00ff41912ebcc895055ffeb426b34f70c4933b9828b1ca720

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Tue, 17 Dec 2019 11:03:41 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[3d0-599e447dfdd40]"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
accept-ranges: bytes

GET
H2 200 jnpr-social-icon_facebook.svg Show response
blogs.juniper.net/assets/icons/social/ 366 B
330 B 330ms
329ms XHR
image/svg+xml 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/assets/icons/social/jnpr-social-icon_facebook.svg
Requested by: Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 7ff5a2ce1b7603d6e9f61f85587efe96cbed61d71ace91bcc6ca7d0bc07cc7ce

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Tue, 17 Dec 2019 11:03:41 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[16e-599e447dfdd40]"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
accept-ranges: bytes

GET
H2 200 jnpr-social-icon_twitter.svg Show response
blogs.juniper.net/assets/icons/social/ 582 B
429 B 330ms
329ms XHR
image/svg+xml 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/assets/icons/social/jnpr-social-icon_twitter.svg
Requested by: Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 15c14a35beeabe632f718ce14189ade1b8b6760b977e1e8149b5e1211d3efde5

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Tue, 17 Dec 2019 11:03:41 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[246-599e447dfdd40]"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
accept-ranges: bytes

GET
H2 200 jnpr-social-icon_youtube.svg Show response
blogs.juniper.net/assets/icons/social/ 451 B
365 B 330ms
330ms XHR
image/svg+xml 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/assets/icons/social/jnpr-social-icon_youtube.svg
Requested by: Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: c6846556479addb85175eb801d75cd64485ccec53b42fac54441fef1895c0408

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Tue, 17 Dec 2019 11:03:41 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[1c3-599e447dfdd40]"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
accept-ranges: bytes

GET
H2 200 jnpr-social-icon_linkedin.svg Show response
blogs.juniper.net/assets/icons/social/ 724 B
497 B 333ms
332ms XHR
image/svg+xml 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/assets/icons/social/jnpr-social-icon_linkedin.svg
Requested by: Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: 70349fe86be7c6dcd4062011d02d91185a4a45b60e2826f05985d67f8ae43bd3

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Tue, 17 Dec 2019 11:03:41 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[2d4-599e447dfdd40]"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
accept-ranges: bytes

GET
H2 200 jnpr-social-icon_instgram.svg Show response
blogs.juniper.net/assets/icons/social/ 1 KB
630 B 333ms
333ms XHR
image/svg+xml 44.230.249.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://blogs.juniper.net/assets/icons/social/jnpr-social-icon_instgram.svg
Requested by: Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.230.249.41 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-230-249-41.us-west-2.compute.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33 /
Resource Hash: e8d5b01af589f68a0f2da663d3efc472fabb22d9ede91a7ffcf74d21e6295506

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Tue, 17 Dec 2019 11:03:41 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.1.33
etag: "gz[40d-599e447dfdd40]"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
accept-ranges: bytes

GET
H2 200 s-code-contents-aa1e4404cdb04849f2f22e6dd3789ac4f10a9afd.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/ 35 KB
13 KB 12ms
11ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/s-code-contents-aa1e4404cdb04849f2f22e6dd3789ac4f10a9afd.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: e931faaef092c8d98a58ac536216378f58e2a17a4833bbe5f9a29e5bbed849f6

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Tue, 15 Sep 2020 11:13:02 GMT
server: AkamaiNetStorage
status: 200
etag: "0c13f2b0bfa3779da7f5bdb2ff4d1d29:1600168382.837206"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 13480
expires: Mon, 12 Oct 2020 16:12:17 GMT

GET
H2 200 satellite-5bcddff864746d2178001914.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 762 B
626 B 10ms
9ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5bcddff864746d2178001914.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5cac16aba0efd09aa09da73f61a0f9b9c930f5100695ac9f8783f0cc938ca5e6

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 17:06:56 GMT
server: AkamaiNetStorage
status: 200
etag: "c36a5a49df54568ab4f61f4172ae3d30:1600880816.899471"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 359
expires: Mon, 12 Oct 2020 16:12:17 GMT

GET
H2 200 s18073790950908
junipernetworks.d2.sc.omtrdc.net/b/ss/jnprod/1/JS-2.12.0-D7QN/ 43 B
244 B 45ms
44ms Image
image/gif 15.236.175.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://junipernetworks.d2.sc.omtrdc.net/b/ss/jnprod/1/JS-2.12.0-D7QN/s18073790950908?AQB=1&ndh=1&pf=1&t=12%2F9%2F2020%2017%3A12%3A17%201%20-120&sdid=55C6A2CC516B6B54-79D6829C09C3B30D&D=D%3D&mid=42588505397457222121544320235442604307&aamlh=6&ce=UTF-8&pageName=blogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&g=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=blogs.juniper.net&v5=jjh0Lh1Pz71zpWeMhKWPyHAvCqjRH15n-1602515536&v15=D%3DpageName&v30=ISP%20Visitor&v31=ISP%20Visitor&v32=ISP%20Visitor&v33=ISP%20Visitor&v34=ISP%20Visitor&v35=ISP%20Visitor&v36=ISP%20Visitor&v37=ISP%20Visitor&v38=ISP%20Visitor&v39=ISP%20Visitor&v40=ISP%20Visitor&v41=ISP%20Visitor&v42=ISP%20Visitor&v43=ISP%20Visitor&v44=ISP%20Visitor&v45=Bot&v46=ISP%20Visitor&v84=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=D206123F524450F50A490D45%40AdobeOrg&AQE=1

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-175-233.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:17 GMT
x-content-type-options: nosniff
x-c: master-1388.I1d56d5.M0-459
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 13 Oct 2020 15:12:17 GMT
server: jag
xserver: anedge-58d4c4cffc-hlnx4
etag: 3441375911458734080-4621691295816177919
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 11 Oct 2020 15:12:17 GMT

GET
H2 200 satellite-5c4d601564746d128d00351a.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 2 KB
1 KB 10ms
10ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5c4d601564746d128d00351a.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8a3e8d4242f53959806c3ebf262affb1bd5a78e361acb2d5bf14be201ee56a3e

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
content-encoding: gzip
last-modified: Tue, 15 Sep 2020 11:13:24 GMT
server: AkamaiNetStorage
status: 200
etag: "ef3e8222ffd66f5f29d86b509a85a361:1600168404.456715"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 802
expires: Mon, 12 Oct 2020 16:12:18 GMT

GET
H2 200 satellite-5c86baad64746d44c9006139.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 2 KB
1 KB 10ms
10ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5c86baad64746d44c9006139.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5855809ae723b4a35f3120be99dccfc8403b3dd379fd86efeacdad8767ea6320

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
content-encoding: gzip
last-modified: Tue, 15 Sep 2020 11:13:24 GMT
server: AkamaiNetStorage
status: 200
etag: "64cd50749dbcff7576118000c8ee8376:1600168404.657104"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 831
expires: Mon, 12 Oct 2020 16:12:18 GMT

GET
H2 200 satellite-5a1c307e64746d671f007214.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 1 KB
784 B 10ms
10ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5a1c307e64746d671f007214.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: e162889fa44c8481b71824be282a069d84d592847fe8e4dd5b6eff8fa70294eb

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 17:06:59 GMT
server: AkamaiNetStorage
status: 200
etag: "0b34c8249ff695e360d221f0894249d6:1600880819.830864"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 517
expires: Mon, 12 Oct 2020 16:12:18 GMT

GET
H2 200 satellite-5ecd401064746d27dd001608.html
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ Frame FA23 0
0 11ms
11ms Document
text/html 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5ecd401064746d27dd001608.html
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

:method: GET
:authority: assets.adobedtm.com
:scheme: https
:path: /998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5ecd401064746d27dd001608.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Response headers

status: 200
accept-ranges: bytes
content-type: text/html
etag: "11b2b9c7591313e861f1f123ee26d441:1600880818.257842"
last-modified: Wed, 23 Sep 2020 17:06:58 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 12 Oct 2020 16:12:18 GMT
date: Mon, 12 Oct 2020 15:12:18 GMT
content-length: 786
access-control-allow-origin: https://blogs.juniper.net
timing-allow-origin: *

GET
H2 200 satellite-57e2f6c764746d7a990154e8.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 1 KB
696 B 11ms
10ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-57e2f6c764746d7a990154e8.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0b30b39cc04a7922ed34d3d567d814c6ea9c8cea7e4ba2302b5d45272c13a483

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 17:06:55 GMT
server: AkamaiNetStorage
status: 200
etag: "143f04ca053bbbb67e7e7db60384c44e:1600880815.9763"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 431
expires: Mon, 12 Oct 2020 16:12:18 GMT

GET
H2 200 satellite-586d49e464746d11fd002f2c.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 414 B
660 B 11ms
10ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-586d49e464746d11fd002f2c.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f0ebf94842d7584c1c3c4925765c776bc6acc5345d1c01bdb846b416bad07877

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
last-modified: Wed, 23 Sep 2020 17:06:56 GMT
server: AkamaiNetStorage
etag: "73f8288b3e1da89f3ff0360bfca03245:1600880816.131187"
status: 200
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 414
expires: Mon, 12 Oct 2020 16:12:18 GMT

GET
H2 200 satellite-5e7a2d4c64746d600b00241f.html
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ Frame 0B19 0
0 10ms
9ms Document
text/html 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5e7a2d4c64746d600b00241f.html
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

:method: GET
:authority: assets.adobedtm.com
:scheme: https
:path: /998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5e7a2d4c64746d600b00241f.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Response headers

status: 200
accept-ranges: bytes
content-type: text/html
etag: "b6d1b79d4053113bfe7efcbe9e928564:1600168395.343829"
last-modified: Tue, 15 Sep 2020 11:13:15 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 12 Oct 2020 16:12:18 GMT
date: Mon, 12 Oct 2020 15:12:18 GMT
content-length: 694
access-control-allow-origin: https://blogs.juniper.net
timing-allow-origin: *

GET
H2 200 satellite-5ed9078864746d6f25000019.html
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ Frame 5E54 0
0 10ms
9ms Document
text/html 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5ed9078864746d6f25000019.html?INSERT_TRANSACTION_CURRENCY_HERE=undefined&INSERT_TRANSACTION_ID_HERE=undefined&INSERT_TRANSACTION_NAME_HERE=undefined&INSERT_TRANSACTION_QUANTITY_HERE=undefined&INSERT_TRANSACTION_TYPE_HERE=undefined&INSERT_TRANSACTION_VALUE_HERE=undefined&INSERT_U10_HERE=undefined&INSERT_U11_HERE=undefined&INSERT_U12_HERE=undefined&INSERT_U13_HERE=undefined&INSERT_U14_HERE=undefined&INSERT_U15_HERE=undefined&INSERT_U16_HERE=undefined&INSERT_U17_HERE=undefined&INSERT_U18_HERE=undefined&INSERT_U19_HERE=undefined&INSERT_U1_HERE=undefined&INSERT_U20_HERE=undefined&INSERT_U2_HERE=undefined&INSERT_U3_HERE=undefined&INSERT_U4_HERE=undefined&INSERT_U5_HERE=undefined&INSERT_U6_HERE=undefined&INSERT_U7_HERE=undefined&INSERT_U8_HERE=undefined&INSERT_U9_HERE=undefined
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

:method: GET
:authority: assets.adobedtm.com
:scheme: https
:path: /998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5ed9078864746d6f25000019.html?INSERT_TRANSACTION_CURRENCY_HERE=undefined&INSERT_TRANSACTION_ID_HERE=undefined&INSERT_TRANSACTION_NAME_HERE=undefined&INSERT_TRANSACTION_QUANTITY_HERE=undefined&INSERT_TRANSACTION_TYPE_HERE=undefined&INSERT_TRANSACTION_VALUE_HERE=undefined&INSERT_U10_HERE=undefined&INSERT_U11_HERE=undefined&INSERT_U12_HERE=undefined&INSERT_U13_HERE=undefined&INSERT_U14_HERE=undefined&INSERT_U15_HERE=undefined&INSERT_U16_HERE=undefined&INSERT_U17_HERE=undefined&INSERT_U18_HERE=undefined&INSERT_U19_HERE=undefined&INSERT_U1_HERE=undefined&INSERT_U20_HERE=undefined&INSERT_U2_HERE=undefined&INSERT_U3_HERE=undefined&INSERT_U4_HERE=undefined&INSERT_U5_HERE=undefined&INSERT_U6_HERE=undefined&INSERT_U7_HERE=undefined&INSERT_U8_HERE=undefined&INSERT_U9_HERE=undefined
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Response headers

status: 200
accept-ranges: bytes
content-type: text/html
etag: "7d2245f482371e5fec8204e403d7eea7:1600168391.348741"
last-modified: Tue, 15 Sep 2020 11:13:11 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 12 Oct 2020 16:12:18 GMT
date: Mon, 12 Oct 2020 15:12:18 GMT
content-length: 1477
access-control-allow-origin: https://blogs.juniper.net
timing-allow-origin: *

GET
H2 200 satellite-5630f65f64746d185c002af5.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 503 B
749 B 9ms
9ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5630f65f64746d185c002af5.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 1fee2fb3eb1831930f4e325e6f05dc0d322ce37f53cc7da4cd2cdde999ed0b1d

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
last-modified: Wed, 23 Sep 2020 17:06:45 GMT
server: AkamaiNetStorage
etag: "902ab4d82e29bb124a4127654ea7be62:1600880805.659587"
status: 200
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 503
expires: Mon, 12 Oct 2020 16:12:18 GMT

GET
H2 200 satellite-5cb8c2a664746d2308000a38.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 628 B
693 B 11ms
10ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5cb8c2a664746d2308000a38.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c74679537a89890b260d93e19aad5f4cc95a230623a945ffcc3d981fc13a1adf

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
content-encoding: gzip
last-modified: Tue, 15 Sep 2020 11:13:04 GMT
server: AkamaiNetStorage
status: 200
etag: "d0c9f868e386e1a9e35ae77ce39994c4:1600168384.390799"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 427
expires: Mon, 12 Oct 2020 16:12:18 GMT

GET
H2 200 satellite-5ced369c64746d5ad2000705.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 848 B
689 B 11ms
11ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5ced369c64746d5ad2000705.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: be86a0ee8aca88c429719a6e6181a9fda8dc84aa9fea96da59273d250b514f9d

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 17:06:44 GMT
server: AkamaiNetStorage
status: 200
etag: "668f24ce8a01e1b7cee5767b652f5724:1600880804.728054"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 423
expires: Mon, 12 Oct 2020 16:12:18 GMT

GET
H2 200 satellite-5da0c41564746d1a08001540.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 421 B
535 B 10ms
9ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5da0c41564746d1a08001540.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: e28195ef556c2e1f2d22ff939f487f10a32e608255bbd541be3eda5883b414c3

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
content-encoding: gzip
last-modified: Tue, 15 Sep 2020 11:13:05 GMT
server: AkamaiNetStorage
status: 200
etag: "c6bf9762b7fcef23638a4087e99a0057:1600168385.066258"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 270
expires: Mon, 12 Oct 2020 16:12:18 GMT

GET
H2 200 satellite-5f046cbb64746d13500008f1.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ 499 B
611 B 14ms
11ms Script
application/x-javascript 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5f046cbb64746d13500008f1.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d5fa4bdf6b870e2bf053eaf071824141dd12ee8fae091501af42537506ed7b44

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 17:06:45 GMT
server: AkamaiNetStorage
status: 200
etag: "ada37bd7972c28a548cda089ee259ac0:1600880805.315509"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 345
expires: Mon, 12 Oct 2020 16:12:18 GMT

GET
H2 200 satellite-5caeb27864746d4fde0010d0.html
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ Frame F2DC 0
0 14ms
9ms Document
text/html 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5caeb27864746d4fde0010d0.html
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

:method: GET
:authority: assets.adobedtm.com
:scheme: https
:path: /998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5caeb27864746d4fde0010d0.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Response headers

status: 200
accept-ranges: bytes
content-type: text/html
etag: "99efb13f2ce40bcc3d8c60d4557d2185:1600168384.215249"
last-modified: Tue, 15 Sep 2020 11:13:04 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 12 Oct 2020 16:12:18 GMT
date: Mon, 12 Oct 2020 15:12:18 GMT
content-length: 810
access-control-allow-origin: https://blogs.juniper.net
timing-allow-origin: *

GET
H2 200 satellite-5d487bc864746d25bd00073a.html
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ Frame 37CC 0
0 16ms
12ms Document
text/html 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5d487bc864746d25bd00073a.html
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

:method: GET
:authority: assets.adobedtm.com
:scheme: https
:path: /998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5d487bc864746d25bd00073a.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Response headers

status: 200
accept-ranges: bytes
content-type: text/html
etag: "6f794f7bf8d2cbee9f48532e60fe0435:1600880804.906095"
last-modified: Wed, 23 Sep 2020 17:06:44 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 12 Oct 2020 16:12:18 GMT
date: Mon, 12 Oct 2020 15:12:18 GMT
content-length: 654
access-control-allow-origin: https://blogs.juniper.net
timing-allow-origin: *

GET
H2 200 satellite-5f4e37f064746d722b001c54.html
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/ Frame E4C5 0
0 14ms
11ms Document
text/html 2a02:26f0:10c:5b1::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5f4e37f064746d722b001c54.html
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:5b1::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

:method: GET
:authority: assets.adobedtm.com
:scheme: https
:path: /998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5f4e37f064746d722b001c54.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Response headers

status: 200
accept-ranges: bytes
content-type: text/html
etag: "ac27de6926c0fa7f449044f84fa2f3e3:1600871546.18462"
last-modified: Wed, 23 Sep 2020 14:32:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 12 Oct 2020 16:12:18 GMT
date: Mon, 12 Oct 2020 15:12:18 GMT
content-length: 600
access-control-allow-origin: https://blogs.juniper.net
timing-allow-origin: *

GET
H2 200 pntheon.min.js Show response
secure.rmulus.com/ 11 KB
12 KB 149ms
71ms Script
application/javascript 99.86.243.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.rmulus.com/pntheon.min.js?_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=enabled&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=active&_pqStr=active&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5c4d601564746d128d00351a.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-85.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b55ad8340a1d691f102b1e3f4a0ce107d4fd6dda552f4c648f3f3f520c981314

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
via: 1.1 db5fd46eeb9457ed138e2c8651664df5.cloudfront.net (CloudFront)
last-modified: Sat, 27 Jun 2020 23:22:00 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C1
etag: "fd028c747bcdf7f03f40535edb4f0bed"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 11589
x-amz-cf-id: ipdkzvBjHNdlIZdF3DChcmk_wrepf5VHGX4jJIzHGjS2ne61_sXRyQ==

GET
H2 200 pntheon.min.js Show response
secure.rmulus.com/ 11 KB
12 KB 149ms
72ms Script
application/javascript 99.86.243.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.rmulus.com/pntheon.min.js?_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=enabled&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=active&_pclIp=active&_pqStr=active&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5c86baad64746d44c9006139.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-85.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b55ad8340a1d691f102b1e3f4a0ce107d4fd6dda552f4c648f3f3f520c981314

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
via: 1.1 db5fd46eeb9457ed138e2c8651664df5.cloudfront.net (CloudFront)
last-modified: Sat, 27 Jun 2020 23:22:00 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C1
etag: "fd028c747bcdf7f03f40535edb4f0bed"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 11589
x-amz-cf-id: kqod_2aB_Z0aDPTUHAjh790ZinS8TNjsdCOBw4audONXYAn9vUrbVg==

GET
H2 200 pntheon.min.js Show response
secure.rmulus.com/ 11 KB
12 KB 147ms
72ms Script
application/javascript 99.86.243.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.rmulus.com/pntheon.min.js?_pclientId=jnpr&_peventName=pgvw&_pdataSource=web&_pqStr=enabled&jnpr_vID=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclIp=active&_pgetId=true
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5a1c307e64746d671f007214.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-85.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b55ad8340a1d691f102b1e3f4a0ce107d4fd6dda552f4c648f3f3f520c981314

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
via: 1.1 db5fd46eeb9457ed138e2c8651664df5.cloudfront.net (CloudFront)
last-modified: Sat, 27 Jun 2020 23:22:00 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C1
etag: "fd028c747bcdf7f03f40535edb4f0bed"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 11589
x-amz-cf-id: zzAwCbFQd5vcfAT4ctv-Cg7UFzI8y-Sz03DXssLNSmWQmzBUeEA-fA==

GET
H/1.1

200
OK

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3djuniper.net%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3djuniper.net%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253djuniper.net%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=juniper.net&pId=1789714161795284342

4 B
484 B

547ms
435ms

Image
image/jpeg

13.225.78.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=juniper.net&pId=1789714161795284342
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.54 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-54.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 12 Oct 2020 15:12:19 GMT
Via: 1.1 6c9a2d99a25484f38efa27d58a726b2d.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
x-amzn-RequestId: 592fd98d-7d6e-451b-af24-2356f968d3ab
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
X-Amzn-Trace-Id: Root=1-5f847253-635499816fe1188407e83b44;Sampled=0
Connection: keep-alive
x-amz-apigw-id: UTbNGGUKIAMFztQ=
Content-Length: 4
X-Amz-Cf-Id: D6ecKQDTIP9q5nN3DKy67HjwficHEIjPjvDQ1dLpvequbDUkcxEv2g==

Redirect headers

Pragma: no-cache
Date: Mon, 12 Oct 2020 15:12:19 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 733.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.102:80
AN-X-Request-Uuid: b2716947-7cd2-474f-a87b-9cd563b48486
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://attr.ml-api.io/?domain=juniper.net&pId=1789714161795284342
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 88 KB
23 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5cb8c2a664746d2308000a38.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23070
x-xss-protection: 0
pragma: public
x-fb-debug: laVeHurfQUqH3UaYIVJJ1RrgugzUFOwaH1gXguy6HHfgjTuyUmpGtjP49ZUC2bzYlxlNgTH2UqZRkAKnAhsV7Q==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 12 Oct 2020 15:12:18 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 62ms
61ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5ced369c64746d5ad2000705.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
content-encoding: gzip
age: 63590
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-hhn4071-HHN
last-modified: Mon, 10 Aug 2020 18:10:59 GMT
x-timer: S1602515539.812408,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2

200

oct.js Show response
static.ads-twitter.com/
Redirect Chain

https://platform.twitter.com/oct.js
https://static.ads-twitter.com/oct.js

5 KB
2 KB

32ms
32ms

Script
application/javascript

151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/oct.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
content-encoding: gzip
age: 63588
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-hhn4071-HHN
last-modified: Mon, 10 Aug 2020 18:10:59 GMT
x-timer: S1602515539.840295,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

Redirect headers

x-tw-cdn: VZ
Date: Mon, 12 Oct 2020 15:12:18 GMT
Server: ECS (fcn/41A2)
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Location: https://static.ads-twitter.com/oct.js
Content-Length: 0

GET
H2 200 bat.js Show response
bat.bing.com/ 27 KB
8 KB 63ms
45ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5f046cbb64746d13500008f1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 3cb5162e19d9c6ecb634881fc079ab3aa8e9855a7bc164a830730a752a73e440

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
content-encoding: gzip
last-modified: Thu, 08 Oct 2020 02:14:47 GMT
x-msedge-ref: Ref A: 42996CCF6EDF4AB58EAC38D89B04F5D9 Ref B: FRAEDGE1221 Ref C: 2020-10-12T15:12:18Z
status: 200
etag: "80553cb189dd61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8318

GET
H2 200 437764526963678 Show response
connect.facebook.net/signals/config/ 234 KB
69 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/437764526963678?v=2.9.27&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fa7b3330d702000532d7043351e7eafce91af34ae416930c0ef82e46267728c4

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 69802
x-xss-protection: 0
pragma: public
x-fb-debug: k8dTnPEE8zfBfBlV1gI6gi2dOhHqn/0NJ2LpnZxW49jkPpgIGl5elvg1AxEYLQ9jDe+c4u7l80gLSg775LZIAA==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 12 Oct 2020 15:12:18 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
257 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=437764526963678&ev=PageView&dl=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&rl=&if=false&ts=1602515538875&cd[jnpr_vId]=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&sw=1600&sh=1200&v=2.9.27&r=stable&ec=0&o=29&fbp=fb.1.1602515538873.33067702&it=1602515538816&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:18 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 12 Oct 2020 15:12:18 GMT

GET
H2 204 0
bat.bing.com/action/ 0
147 B 28ms
28ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=56185393&Ver=2&mid=50dde55e-9671-48cc-82d6-c003f923053e&sid=51edcf400c9d11eb9369637d660ba9ac&vid=51ee1b300c9d11ebbec6372f1f314036&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=IcedID%20Campaign%20Strikes%20Back%20%7C%20Official%20Juniper%20Networks%20Blogs&p=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&r=&lt=4937&evt=pageLoad&msclkid=N&sv=1&rn=700814
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Mon, 12 Oct 2020 15:12:18 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 27910C195B8845D3A41FCC6FA0461DDC Ref B: FRAEDGE1221 Ref C: 2020-10-12T15:12:18Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
237 B 170ms
167ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o1lnh&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/oct.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1eb9b1df5617707c5e6a40c79ad4caec
x-transaction: 00820921001fe1fd
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
237 B 175ms
170ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/oct.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 123
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1eb9b1df5617707c5e6a40c79ad4caec
x-transaction: 00adb43100a0986d
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
233 B 168ms
163ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nvrg6&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/oct.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 115
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1eb9b1df5617707c5e6a40c79ad4caec
x-transaction: 00f09e3f009e0f49
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
237 B 170ms
166ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o29di&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/oct.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1eb9b1df5617707c5e6a40c79ad4caec
x-transaction: 007162640047c1b4
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
282 B 165ms
161ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o31hc&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/oct.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 113
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1eb9b1df5617707c5e6a40c79ad4caec
x-transaction: 007d20530073aa65
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
233 B 171ms
168ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o2i9x&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/oct.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:18 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1eb9b1df5617707c5e6a40c79ad4caec
x-transaction: 00c5d9a900c0aca3
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
170 B 163ms
163ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o1lnh&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 116
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:19 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 29e3f16b343ab6a3e44d2d18426c9e75
x-transaction: 00f391dc000b545a
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
124 B 179ms
176ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 130
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:19 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 29e3f16b343ab6a3e44d2d18426c9e75
x-transaction: 00724eec0086863f
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
119 B 162ms
161ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nvrg6&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 115
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:19 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 29e3f16b343ab6a3e44d2d18426c9e75
x-transaction: 005c0ef5006e1aa3
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
124 B 168ms
168ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o29di&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 122
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:19 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 29e3f16b343ab6a3e44d2d18426c9e75
x-transaction: 00262d1e00dcd24c
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
119 B 163ms
162ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o31hc&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 116
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:19 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 29e3f16b343ab6a3e44d2d18426c9e75
x-transaction: 009cab8000327e92
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
124 B 176ms
176ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o2i9x&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 129
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:19 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 29e3f16b343ab6a3e44d2d18426c9e75
x-transaction: 00efd3ea0042d2bc
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK profiler Show response
lookups.rmulus.com/pntheon/profiles/ 25 B
205 B 542ms
158ms XHR
application/json 34.200.205.48
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lookups.rmulus.com/pntheon/profiles/profiler?_pclientId=jnpr&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vid&_plkpPrfl=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539
Requested by: Host: secure.rmulus.com
URL: https://secure.rmulus.com/pntheon.min.js?_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=enabled&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=active&_pqStr=active&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.205.48 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-205-48.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 851bd834d24a84c0f4780789e868a65f9db8d9655a7a0cac039dbf3b65ad873f

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Oct 2020 15:12:19 GMT
Server: Apache
Connection: keep-alive
Content-Length: 25
Content-Type: application/json

GET
H/1.1 200
OK jnpr Show response
lookups.rmulus.com/pntheon/ip/ 404 B
593 B 614ms
233ms XHR
text/html 34.200.205.48
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lookups.rmulus.com/pntheon/ip/jnpr
Requested by: Host: secure.rmulus.com
URL: https://secure.rmulus.com/pntheon.min.js?_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=enabled&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=active&_pqStr=active&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.205.48 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-205-48.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 28b0868c36d74049defed3a9207367a1e4f77752ab7cb8bb60ff0285afbe55aa

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Oct 2020 15:12:19 GMT
Server: Apache
Connection: keep-alive
Content-Length: 404
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK jnpr Show response
lookups.rmulus.com/pntheon/ip/ 404 B
593 B 651ms
272ms XHR
text/html 34.200.205.48
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lookups.rmulus.com/pntheon/ip/jnpr
Requested by: Host: secure.rmulus.com
URL: https://secure.rmulus.com/pntheon.min.js?_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=enabled&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=active&_pqStr=active&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.205.48 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-205-48.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 28b0868c36d74049defed3a9207367a1e4f77752ab7cb8bb60ff0285afbe55aa

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Oct 2020 15:12:19 GMT
Server: Apache
Connection: keep-alive
Content-Length: 404
Content-Type: text/html; charset=UTF-8

GET
H2 200 / Show response
research.juniper.net/ Frame 0C36 11 KB
12 KB 130ms
39ms Document
text/html 143.204.94.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
Requested by: Host: secure.rmulus.com
URL: https://secure.rmulus.com/pntheon.min.js?_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=enabled&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=active&_pqStr=active&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.94.44 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-44.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3d6b3953b124cb6ac8a75f128ed8f0a3fee56eedd0e4bfcd15b59d5fcfd3efa0

Request headers

:method: GET
:authority: research.juniper.net
:scheme: https
:path: /?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: jnpr_vID=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539; _fbp=fb.1.1602515538873.33067702; _uetsid=51edcf400c9d11eb9369637d660ba9ac; _uetvid=51ee1b300c9d11ebbec6372f1f314036
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Response headers

status: 200
content-type: text/html
content-length: 11443
last-modified: Sun, 05 Jul 2020 06:41:15 GMT
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Oct 2020 14:39:19 GMT
etag: "9298ec6bf0cf0ee0aaa984dc72ec8bf4"
cache-control: max-age=3600
x-cache: Hit from cloudfront
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: wx9UEzJq8EuZHtiTv5vA3W34HdET8B1mR7Yd1yCzD7QE9vqAtpVl9Q==
age: 1980

GET
H2 200 /
secure.rmulus.com/ Frame AFAF 0
0 82ms
82ms Document
text/html 99.86.243.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.rmulus.com/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dpgvw%26_pdataSource%3Dweb%26_pqStr%3Denabled%26jnpr_vID%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclIp%3Dactive%26_pgetId%3Dtrue&_pclientId=jnpr&_peventName=pgvw&_pdataSource=web&_pqStr=Unavailable&jnpr_vID=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pgetId=true&_pevId=6dmBYPJp93FRBlxNHVEUjDVykoYIrjID-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pidSource=secure.rmulus.com&_pidName=rmulusId&_plkpPrfl=disabled
Requested by: Host: secure.rmulus.com
URL: https://secure.rmulus.com/pntheon.min.js?_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=enabled&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=active&_pqStr=active&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.85 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-85.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: secure.rmulus.com
:scheme: https
:path: /?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dpgvw%26_pdataSource%3Dweb%26_pqStr%3Denabled%26jnpr_vID%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclIp%3Dactive%26_pgetId%3Dtrue&_pclientId=jnpr&_peventName=pgvw&_pdataSource=web&_pqStr=Unavailable&jnpr_vID=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pgetId=true&_pevId=6dmBYPJp93FRBlxNHVEUjDVykoYIrjID-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pidSource=secure.rmulus.com&_pidName=rmulusId&_plkpPrfl=disabled
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Response headers

status: 200
content-type: text/html
content-length: 11443
last-modified: Sun, 05 Jul 2020 06:41:15 GMT
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Oct 2020 14:38:16 GMT
etag: "9298ec6bf0cf0ee0aaa984dc72ec8bf4"
cache-control: max-age=3600
x-cache: Hit from cloudfront
via: 1.1 db5fd46eeb9457ed138e2c8651664df5.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: FEvqYZlgW9tOcs1B-ANG8acasexuEz6pFKdWI1ZDkxAOZpH0OP1LfA==
age: 2044

GET
H/1.1 200
OK profiler Show response
lookups.rmulus.com/pntheon/profiles/ 25 B
205 B 163ms
163ms XHR
application/json 34.200.205.48
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lookups.rmulus.com/pntheon/profiles/profiler?_pclientId=jnpr&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pmatchedip&_plkpPrfl=89.238.186.243
Requested by: Host: secure.rmulus.com
URL: https://secure.rmulus.com/pntheon.min.js?_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=enabled&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=active&_pqStr=active&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.205.48 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-205-48.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 851bd834d24a84c0f4780789e868a65f9db8d9655a7a0cac039dbf3b65ad873f

Request headers

Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 12 Oct 2020 15:12:19 GMT
Server: Apache
Connection: keep-alive
Content-Length: 25
Content-Type: application/json

GET
H2 200 _pclPrint.min.js Show response
research.juniper.net/ Frame 0C36 38 KB
39 KB 52ms
51ms Script
application/javascript 143.204.94.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://research.juniper.net/_pclPrint.min.js
Requested by: Host: research.juniper.net
URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.94.44 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-44.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c5aff3477022f781ee765989cdf6abbdd986f331064c59f5655fab8c6f9796c7

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 14:17:26 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Tue, 23 Jul 2019 21:53:49 GMT
server: AmazonS3
age: 3293
etag: "2b2becfbac440238e8ca3a6f7a3b2c50"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 39179
x-amz-cf-id: hdSOCJiR3Z4y669YJtapNIYimRtd8jXE6RexzOG-CoH0ngeXygnItw==

GET
H2 200 / Show response
research.juniper.net/ Frame EF88 11 KB
12 KB 126ms
126ms Document
text/html 143.204.94.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
Requested by: Host: secure.rmulus.com
URL: https://secure.rmulus.com/pntheon.min.js?_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=enabled&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=active&_pqStr=active&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.94.44 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-44.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3d6b3953b124cb6ac8a75f128ed8f0a3fee56eedd0e4bfcd15b59d5fcfd3efa0

Request headers

:method: GET
:authority: research.juniper.net
:scheme: https
:path: /?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: jnpr_vID=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539; _fbp=fb.1.1602515538873.33067702; _uetsid=51edcf400c9d11eb9369637d660ba9ac; _uetvid=51ee1b300c9d11ebbec6372f1f314036; rmulusId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Response headers

status: 200
content-type: text/html
content-length: 11443
last-modified: Sun, 05 Jul 2020 06:41:15 GMT
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Oct 2020 14:39:19 GMT
etag: "9298ec6bf0cf0ee0aaa984dc72ec8bf4"
cache-control: max-age=3600
x-cache: Hit from cloudfront
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 58auK1YNaG0XeVsx4zOIpIZI06eeW6huCAttht7LSrbXP6-qL3y_6w==
age: 1980

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ Frame 0C36 92 KB
37 KB 35ms
22ms Script
application/javascript 2a00:1450:4001:819::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-956680084

Requested by

Host: research.juniper.net
URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d79a56b4cb4b8d0651fd5839ff9be97cfe624630babc31f209f70801feffc7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37231
x-xss-protection: 0
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 12 Oct 2020 15:12:19 GMT

GET
H2 200 insight.min.js Show response
research.juniper.net/ Frame 0C36 4 KB
4 KB 96ms
95ms Script
application/javascript 143.204.94.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://research.juniper.net/insight.min.js
Requested by: Host: research.juniper.net
URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.94.44 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-44.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b1b713988699e504014f02692e34df4a8ded0c06178e6cca58ce74c2e73d7658

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 14:31:08 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Mon, 11 May 2020 20:51:11 GMT
server: AmazonS3
age: 2503
etag: "17e54b4e882d5c70b367c3695882859f"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3622
x-amz-cf-id: e2MZ8MkmuJqBjuE-iOSR1V5n3EFHO4lL5XWSqGLTu8vIlrkYoZ0OeQ==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 0C36 88 KB
23 KB 6ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23070
x-xss-protection: 0
pragma: public
x-fb-debug: laVeHurfQUqH3UaYIVJJ1RrgugzUFOwaH1gXguy6HHfgjTuyUmpGtjP49ZUC2bzYlxlNgTH2UqZRkAKnAhsV7Q==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 12 Oct 2020 15:12:19 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame 0C36 5 KB
2 KB 86ms
86ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
age: 63591
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-hhn4071-HHN
last-modified: Mon, 10 Aug 2020 18:10:59 GMT
x-timer: S1602515540.894226,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 /
collect.rmulus.com/ Frame 0C36 43 B
357 B 92ms
92ms Image
image/gif 99.86.243.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://collect.rmulus.com/?_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540&_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=03548005430cdc56807f9372bd439bb7&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled&cachebuster=88204816
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.100 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-100.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 11 Oct 2020 17:16:36 GMT
via: 1.1 40e8cff7eb9a18d9e3d7f191f1493514.cloudfront.net (CloudFront)
last-modified: Mon, 16 Jan 2017 04:49:32 GMT
server: AmazonS3
age: 78943
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache: Hit from cloudfront
content-type: image/gif
status: 200
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-length: 43
x-amz-cf-id: wmVnLio5eYeoHBca0e5mRtU1Obxr4nvQnBCL9BV1_n24YhxHWUbDiw==

GET
H2 200 340159566928684 Show response
connect.facebook.net/signals/config/ Frame 0C36 234 KB
68 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/340159566928684?v=2.9.27&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ac4824eeabc13b1248d78bb401430d7ae2081f068dce43e0d7680a403448cb9b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 69866
x-xss-protection: 0
pragma: public
x-fb-debug: NjGnUz4f0nFJzINdcS/fyDLpF+Ppy9DuRKwW+Ran5hqD25wSJvRJ37gTj8JpWeUDEIPJSJuookbDSTEZGvwjjA==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 12 Oct 2020 15:12:19 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 /
www.facebook.com/tr/ Frame 0C36 0
74 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryn1652xtLjgzQarcR

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Mon, 12 Oct 2020 15:12:19 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://research.juniper.net
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H3-Q050 200 conversion_async.js Show response
www.googleadservices.com/pagead/ Frame 0C36 29 KB
12 KB 40ms
26ms Script
text/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-956680084

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d859a4dd217c69f291adef445e1c3a938ef7d850af3ba0f79f8ae081cda89e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11343
x-xss-protection: 0
server: cafe
etag: 2112904452244658753
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 12 Oct 2020 15:12:19 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ Frame 0C36 31 B
160 B 167ms
166ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o1oeb&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&tw_document_referrer=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts%2526_plkpKey%253Djnpr_vId%2526_plkpPrfl%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_pclPrint%253Dtrue%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3DUnavailable%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3D%257B%2522not%2520found%2522%253A%2522not%2520found%2522%257D%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pevId%3DN5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539%26_pdLoc%3Dhttps%253A%252F%252Fblogs.juniper.net%252Fen-us%252Fthreat-research%252Ficeid-campaign-strikes-back%26_pdHash%3DUnavailable%26_pclIp%3Ddisabled

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:20 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1eb9b1df5617707c5e6a40c79ad4caec
x-transaction: 00146991004beb5d
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ Frame 0C36 43 B
147 B 165ms
164ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o1oeb&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&tw_document_referrer=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&tw_document_href=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts%2526_plkpKey%253Djnpr_vId%2526_plkpPrfl%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_pclPrint%253Dtrue%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3DUnavailable%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3D%257B%2522not%2520found%2522%253A%2522not%2520found%2522%257D%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pevId%3DN5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539%26_pdLoc%3Dhttps%253A%252F%252Fblogs.juniper.net%252Fen-us%252Fthreat-research%252Ficeid-campaign-strikes-back%26_pdHash%3DUnavailable%26_pclIp%3Ddisabled

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 117
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:19 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 29e3f16b343ab6a3e44d2d18426c9e75
x-transaction: 000ec71900fb6ffb
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3-Q050 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/956680084/ Frame 0C36 3 KB
2 KB 45ms
31ms Script
text/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956680084/?random=1602515539924&cv=9&fst=1602515539924&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9u1&sendb=1&ig=1&data=event%3Dgtag.config&frm=2&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts%2526_plkpKey%253Djnpr_vId%2526_plkpPrfl%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_pclPrint%253Dtrue%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSour&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e5fcb2d6a4bdba38d19d71e2be2103711bde50d397d1fe447948befe6257b5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1304
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/956680084/ Frame 0C36 6 KB
2 KB 55ms
42ms Script
text/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956680084/?random=1602515539926&cv=9&fst=1602515539926&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9u1&sendb=1&ig=1&data=event%3Dpage_view%3B_pclId%3DEghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540%3B_psqStr%3D%3F_pclientId%5C%3Djnpr%26_peventName%5C%3Dlkps%26_pdataSource%5C%3Dweb%26_pqStr%5C%3Denabled%26_pgetId%5C%3Dtrue%26_plkpTblId%5C%3Djnpr_audiences_targetaccounts%26_plkpKey%5C%3Djnpr_vId%26_plkpPrfl%5C%3Dactive%26_pqStr%5C%3Dactive%26_pidName%5C%3DrmulusId%26_pidSource%5C%3Dresearch.juniper.net%26_pclPrint%5C%3Dtrue%26_ptwAids%5C%3Do1oeb%26_pfbAids%5C%3D340159566928684%26_pliPids%5C%3D4751%26_pawAids%5C%3DAW-956680084%26jnpr_vId%5C%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%3B_pclientId%3Djnpr%3B_peventName%3Dlkps%3B_pdataSource%3Dweb%3B_pqStr%3DUnavailable%3B_pgetId%3Dtrue%3B_plkpTblId%3Djnpr_audiences_targetaccounts%3B_plkpKey%3Djnpr_vId%3B_plkpPrfl%3D%7B%22not%20found%22%3A%22not%20found%22%7D%3B_pidName%3DrmulusId%3B_pidSource%3Dresearch.juniper.net%3B_pclPrint%3D03548005430cdc56807f9372bd439bb7%3B_ptwAids%3Do1oeb%3B_pfbAids%3D340159566928684%3B_pliPids%3D4751%3B_pawAids%3DAW-956680084%3Bjnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%3B_pevId%3DN5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539%3B_pdLoc%3Dhttps%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back%3B_pdHash%3DUnavailable%3B_pclIp%3Ddisabled&frm=2&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts%2526_plkpKey%253Djnpr_vId%2526_plkpPrfl%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_pclPrint%253Dtrue%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSour&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d851f05512a6cbde015c1a6afe4b815ff5a1f764101951f6ae3b0347d6dabb27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1697
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
px.ads.linkedin.com/ Frame 0C36 0
41 B 135ms
135ms Image
application/javascript 2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts%2526_plkpKey%253Djnpr_vId%2526_plkpPrfl%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_pclPrint%253Dtrue%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3DUnavailable%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3D%257B%2522not%2520found%2522%253A%2522not%2520found%2522%257D%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pevId%3DN5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539%26_pdLoc%3Dhttps%253A%252F%252Fblogs.juniper.net%252Fen-us%252Fthreat-research%252Ficeid-campaign-strikes-back%26_pdHash%3DUnavailable%26_pclIp%3Ddisabled&time=1602515539927
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server: Play
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: 9zWvoGRHPRaQrms/WSsAAA==

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ Frame EF88 92 KB
36 KB 18ms
18ms Script
application/javascript 2a00:1450:4001:819::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-956680084

Requested by

Host: research.juniper.net
URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d79a56b4cb4b8d0651fd5839ff9be97cfe624630babc31f209f70801feffc7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37231
x-xss-protection: 0
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 12 Oct 2020 15:12:19 GMT

GET
H2 200 insight.min.js Show response
research.juniper.net/ Frame EF88 4 KB
4 KB 48ms
48ms Script
application/javascript 143.204.94.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://research.juniper.net/insight.min.js
Requested by: Host: research.juniper.net
URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.94.44 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-44.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b1b713988699e504014f02692e34df4a8ded0c06178e6cca58ce74c2e73d7658

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 14:31:08 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Mon, 11 May 2020 20:51:11 GMT
server: AmazonS3
age: 2503
etag: "17e54b4e882d5c70b367c3695882859f"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3622
x-amz-cf-id: Kls6YVgkgZnyCm8yuwxLbkRf-tyLUKkYUDfLQiAAbu23Fd_hAqNadg==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame EF88 88 KB
23 KB 7ms
5ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23070
x-xss-protection: 0
pragma: public
x-fb-debug: laVeHurfQUqH3UaYIVJJ1RrgugzUFOwaH1gXguy6HHfgjTuyUmpGtjP49ZUC2bzYlxlNgTH2UqZRkAKnAhsV7Q==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 12 Oct 2020 15:12:19 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame EF88 5 KB
2 KB 35ms
34ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-research/iceid-campaign-strikes-back
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
age: 63591
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-hhn4071-HHN
last-modified: Mon, 10 Aug 2020 18:10:59 GMT
x-timer: S1602515540.950745,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 /
collect.rmulus.com/ Frame EF88 43 B
359 B 34ms
34ms Image
image/gif 99.86.243.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://collect.rmulus.com/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540&cachebuster=75000355
Requested by: Host: research.juniper.net
URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.100 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-100.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 11 Oct 2020 17:16:36 GMT
via: 1.1 40e8cff7eb9a18d9e3d7f191f1493514.cloudfront.net (CloudFront)
last-modified: Mon, 16 Jan 2017 04:49:32 GMT
server: AmazonS3
age: 78943
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache: Hit from cloudfront
content-type: image/gif
status: 200
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-length: 43
x-amz-cf-id: iAVra9VPxQXKc3jnUvPrAseKnYc8X49kNKXrMdvL9HH57SMJiwgnLQ==

GET
H2 200 340159566928684 Show response
connect.facebook.net/signals/config/ Frame EF88 234 KB
68 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/340159566928684?v=2.9.27&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ac4824eeabc13b1248d78bb401430d7ae2081f068dce43e0d7680a403448cb9b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 69866
x-xss-protection: 0
pragma: public
x-fb-debug: NjGnUz4f0nFJzINdcS/fyDLpF+Ppy9DuRKwW+Ran5hqD25wSJvRJ37gTj8JpWeUDEIPJSJuookbDSTEZGvwjjA==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 12 Oct 2020 15:12:19 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-Q050 200 conversion_async.js Show response
www.googleadservices.com/pagead/ Frame EF88 29 KB
11 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-956680084

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d859a4dd217c69f291adef445e1c3a938ef7d850af3ba0f79f8ae081cda89e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11343
x-xss-protection: 0
server: cafe
etag: 2112904452244658753
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 12 Oct 2020 15:12:19 GMT

POST
H2 200 /
www.facebook.com/tr/ Frame EF88 0
30 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarye03k3qCYzq1AzJSe

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Mon, 12 Oct 2020 15:12:19 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://research.juniper.net
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/956680084/ Frame 0C36 42 B
76 B 24ms
23ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/956680084/?random=1602515539924&cv=9&fst=1602514800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9u1&sendb=1&data=event%3Dgtag.config&frm=2&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts%2526_plkpKey%253Djnpr_vId%2526_plkpPrfl%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_pclPrint%253Dtrue%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSour&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&async=1&fmt=3&is_vtc=1&random=927963317&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/956680084/ Frame 0C36 42 B
538 B 51ms
37ms Image
image/gif 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/956680084/?random=1602515539924&cv=9&fst=1602514800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9u1&sendb=1&data=event%3Dgtag.config&frm=2&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts%2526_plkpKey%253Djnpr_vId%2526_plkpPrfl%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_pclPrint%253Dtrue%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSour&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&async=1&fmt=3&is_vtc=1&random=927963317&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ Frame EF88 43 B
148 B 166ms
166ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o1oeb&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&tw_document_referrer=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&tw_document_href=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts_ip%2526_plkpKey%253D_pclIp._pmatchedIP%2526_plkpPrfl%253Dactive%2526_pclIp%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3DUnavailable%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3D%257B%2522not%2520found%2522%253A%2522not%2520found%2522%257D%26_pcityName%3DPrague%26_pcompanyName%3DM247%2520Ltd%26_pcontinentCode%3DEU%26_pcontinentName%3DEurope%26_pcountryISOCode%3DCZ%26_pcountryName%3DCzechia%26_platitude%3D50.0765%26_plongitude%3D14.5104%26_pmatchedIP%3D89.238.186.243%26_ppostalCode%3D130%252000%26_pstateISOCode%3D10%26_pstateName%3DHlavni%2520mesto%2520Praha%26_ptimeZone%3DEurope%252FPrague%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pevId%3DlrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539%26_pdLoc%3Dhttps%253A%252F%252Fblogs.juniper.net%252Fen-us%252Fthreat-research%252Ficeid-campaign-strikes-back%26_pdHash%3DUnavailable%26_pclId%3DEghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540

Requested by

Host: research.juniper.net
URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:20 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 29e3f16b343ab6a3e44d2d18426c9e75
x-transaction: 004925ba00b38ed8
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3-Q050 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/956680084/ Frame EF88 3 KB
1 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956680084/?random=1602515539982&cv=9&fst=1602515539982&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9u1&sendb=1&ig=1&data=event%3Dgtag.config&frm=2&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts_ip%2526_plkpKey%253D_pclIp._pmatchedIP%2526_plkpPrfl%253Dactive%2526_pclIp%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkp&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4ca9b03621a20c0b162e2e3aa0af21f62b61049ef027abd523cefaa987eb613d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/956680084/ Frame EF88 6 KB
2 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956680084/?random=1602515539983&cv=9&fst=1602515539983&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9u1&sendb=1&ig=1&data=event%3Dpage_view%3B_psqStr%3D%3F_pclientId%5C%3Djnpr%26_peventName%5C%3Dlkps%26_pdataSource%5C%3Dweb%26_pqStr%5C%3Denabled%26_pgetId%5C%3Dtrue%26_plkpTblId%5C%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%5C%3D_pclIp._pmatchedIP%26_plkpPrfl%5C%3Dactive%26_pclIp%5C%3Dactive%26_pqStr%5C%3Dactive%26_pidName%5C%3DrmulusId%26_pidSource%5C%3Dresearch.juniper.net%26_ptwAids%5C%3Do1oeb%26_pfbAids%5C%3D340159566928684%26_pliPids%5C%3D4751%26_pawAids%5C%3DAW-956680084%26jnpr_vId%5C%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%3B_pclientId%3Djnpr%3B_peventName%3Dlkps%3B_pdataSource%3Dweb%3B_pqStr%3DUnavailable%3B_pgetId%3Dtrue%3B_plkpTblId%3Djnpr_audiences_targetaccounts_ip%3B_plkpKey%3D_pclIp._pmatchedIP%3B_plkpPrfl%3D%7B%22not%20found%22%3A%22not%20found%22%7D%3B_pcityName%3DPrague%3B_pcompanyName%3DM247%20Ltd%3B_pcontinentCode%3DEU%3B_pcontinentName%3DEurope%3B_pcountryISOCode%3DCZ%3B_pcountryName%3DCzechia%3B_platitude%3D50.0765%3B_plongitude%3D14.5104%3B_pmatchedIP%3D89.238.186.243%3B_ppostalCode%3D130%2000%3B_pstateISOCode%3D10%3B_pstateName%3DHlavni%20mesto%20Praha%3B_ptimeZone%3DEurope%2FPrague%3B_pidName%3DrmulusId%3B_pidSource%3Dresearch.juniper.net%3B_ptwAids%3Do1oeb%3B_pfbAids%3D340159566928684%3B_pliPids%3D4751%3B_pawAids%3DAW-956680084%3Bjnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%3B_pevId%3DlrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539%3B_pdLoc%3Dhttps%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back%3B_pdHash%3DUnavailable%3B_pclId%3DEghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540&frm=2&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts_ip%2526_plkpKey%253D_pclIp._pmatchedIP%2526_plkpPrfl%253Dactive%2526_pclIp%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkp&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dadc05f3facd0540be3ccc5fa54d174d733d039d8466dbeaf9e2befaa7c0ea7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1834
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/956680084/ Frame 0C36 42 B
88 B 27ms
26ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/956680084/?random=1602515539926&cv=9&fst=1602514800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9u1&sendb=1&data=event%3Dpage_view%3B_pclId%3DEghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540%3B_psqStr%3D%3F_pclientId%5C%3Djnpr%26_peventName%5C%3Dlkps%26_pdataSource%5C%3Dweb%26_pqStr%5C%3Denabled%26_pgetId%5C%3Dtrue%26_plkpTblId%5C%3Djnpr_audiences_targetaccounts%26_plkpKey%5C%3Djnpr_vId%26_plkpPrfl%5C%3Dactive%26_pqStr%5C%3Dactive%26_pidName%5C%3DrmulusId%26_pidSource%5C%3Dresearch.juniper.net%26_pclPrint%5C%3Dtrue%26_ptwAids%5C%3Do1oeb%26_pfbAids%5C%3D340159566928684%26_pliPids%5C%3D4751%26_pawAids%5C%3DAW-956680084%26jnpr_vId%5C%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%3B_pclientId%3Djnpr%3B_peventName%3Dlkps%3B_pdataSource%3Dweb%3B_pqStr%3DUnavailable%3B_pgetId%3Dtrue%3B_plkpTblId%3Djnpr_audiences_targetaccounts%3B_plkpKey%3Djnpr_vId%3B_plkpPrfl%3D%7B%22not%20found%22%3A%22not%20found%22%7D%3B_pidName%3DrmulusId%3B_pidSource%3Dresearch.juniper.net%3B_pclPrint%3D03548005430cdc56807f9372bd439bb7%3B_ptwAids%3Do1oeb%3B_pfbAids%3D340159566928684%3B_pliPids%3D4751%3B_pawAids%3DAW-956680084%3Bjnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%3B_pevId%3DN5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539%3B_pdLoc%3Dhttps%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back%3B_pdHash%3DUnavailable%3B_pclIp%3Ddisabled&frm=2&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts%2526_plkpKey%253Djnpr_vId%2526_plkpPrfl%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_pclPrint%253Dtrue%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSour&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&async=1&fmt=3&is_vtc=1&random=2302917238&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/956680084/ Frame 0C36 42 B
65 B 52ms
49ms Image
image/gif 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/956680084/?random=1602515539926&cv=9&fst=1602514800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9u1&sendb=1&data=event%3Dpage_view%3B_pclId%3DEghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540%3B_psqStr%3D%3F_pclientId%5C%3Djnpr%26_peventName%5C%3Dlkps%26_pdataSource%5C%3Dweb%26_pqStr%5C%3Denabled%26_pgetId%5C%3Dtrue%26_plkpTblId%5C%3Djnpr_audiences_targetaccounts%26_plkpKey%5C%3Djnpr_vId%26_plkpPrfl%5C%3Dactive%26_pqStr%5C%3Dactive%26_pidName%5C%3DrmulusId%26_pidSource%5C%3Dresearch.juniper.net%26_pclPrint%5C%3Dtrue%26_ptwAids%5C%3Do1oeb%26_pfbAids%5C%3D340159566928684%26_pliPids%5C%3D4751%26_pawAids%5C%3DAW-956680084%26jnpr_vId%5C%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%3B_pclientId%3Djnpr%3B_peventName%3Dlkps%3B_pdataSource%3Dweb%3B_pqStr%3DUnavailable%3B_pgetId%3Dtrue%3B_plkpTblId%3Djnpr_audiences_targetaccounts%3B_plkpKey%3Djnpr_vId%3B_plkpPrfl%3D%7B%22not%20found%22%3A%22not%20found%22%7D%3B_pidName%3DrmulusId%3B_pidSource%3Dresearch.juniper.net%3B_pclPrint%3D03548005430cdc56807f9372bd439bb7%3B_ptwAids%3Do1oeb%3B_pfbAids%3D340159566928684%3B_pliPids%3D4751%3B_pawAids%3DAW-956680084%3Bjnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%3B_pevId%3DN5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539%3B_pdLoc%3Dhttps%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back%3B_pdHash%3DUnavailable%3B_pclIp%3Ddisabled&frm=2&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts%2526_plkpKey%253Djnpr_vId%2526_plkpPrfl%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_pclPrint%253Dtrue%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSour&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&async=1&fmt=3&is_vtc=1&random=2302917238&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts%26_plkpKey%3Djnpr_vId%26_plkpPrfl%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_pclPrint%3Dtrue%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts&_plkpKey=jnpr_vId&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pidName=rmulusId&_pidSource=research.juniper.net&_pclPrint=true&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=N5gTwymHXCjlLs63287ai1lU6a6DHb9N-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclIp=disabled
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
px.ads.linkedin.com/ Frame EF88 0
66 B 133ms
132ms Image
application/javascript 2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts_ip%2526_plkpKey%253D_pclIp._pmatchedIP%2526_plkpPrfl%253Dactive%2526_pclIp%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3DUnavailable%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3D%257B%2522not%2520found%2522%253A%2522not%2520found%2522%257D%26_pcityName%3DPrague%26_pcompanyName%3DM247%2520Ltd%26_pcontinentCode%3DEU%26_pcontinentName%3DEurope%26_pcountryISOCode%3DCZ%26_pcountryName%3DCzechia%26_platitude%3D50.0765%26_plongitude%3D14.5104%26_pmatchedIP%3D89.238.186.243%26_ppostalCode%3D130%252000%26_pstateISOCode%3D10%26_pstateName%3DHlavni%2520mesto%2520Praha%26_ptimeZone%3DEurope%252FPrague%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pevId%3DlrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539%26_pdLoc%3Dhttps%253A%252F%252Fblogs.juniper.net%252Fen-us%252Fthreat-research%252Ficeid-campaign-strikes-back%26_pdHash%3DUnavailable%26_pclId%3DEghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540&time=1602515539985
Requested by: Host: research.juniper.net
URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:20 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server: Play
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: o/AxpGRHPRYgOPAlWSsAAA==

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/956680084/ Frame EF88 42 B
65 B 26ms
25ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/956680084/?random=1602515539982&cv=9&fst=1602514800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9u1&sendb=1&data=event%3Dgtag.config&frm=2&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts_ip%2526_plkpKey%253D_pclIp._pmatchedIP%2526_plkpPrfl%253Dactive%2526_pclIp%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkp&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&async=1&fmt=3&is_vtc=1&random=1002154536&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: research.juniper.net
URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/956680084/ Frame EF88 42 B
65 B 25ms
23ms Image
image/gif 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/956680084/?random=1602515539982&cv=9&fst=1602514800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9u1&sendb=1&data=event%3Dgtag.config&frm=2&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts_ip%2526_plkpKey%253D_pclIp._pmatchedIP%2526_plkpPrfl%253Dactive%2526_pclIp%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkp&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&async=1&fmt=3&is_vtc=1&random=1002154536&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: research.juniper.net
URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/956680084/ Frame EF88 42 B
65 B 25ms
25ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/956680084/?random=1602515539983&cv=9&fst=1602514800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9u1&sendb=1&data=event%3Dpage_view%3B_psqStr%3D%3F_pclientId%5C%3Djnpr%26_peventName%5C%3Dlkps%26_pdataSource%5C%3Dweb%26_pqStr%5C%3Denabled%26_pgetId%5C%3Dtrue%26_plkpTblId%5C%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%5C%3D_pclIp._pmatchedIP%26_plkpPrfl%5C%3Dactive%26_pclIp%5C%3Dactive%26_pqStr%5C%3Dactive%26_pidName%5C%3DrmulusId%26_pidSource%5C%3Dresearch.juniper.net%26_ptwAids%5C%3Do1oeb%26_pfbAids%5C%3D340159566928684%26_pliPids%5C%3D4751%26_pawAids%5C%3DAW-956680084%26jnpr_vId%5C%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%3B_pclientId%3Djnpr%3B_peventName%3Dlkps%3B_pdataSource%3Dweb%3B_pqStr%3DUnavailable%3B_pgetId%3Dtrue%3B_plkpTblId%3Djnpr_audiences_targetaccounts_ip%3B_plkpKey%3D_pclIp._pmatchedIP%3B_plkpPrfl%3D%7B%22not%20found%22%3A%22not%20found%22%7D%3B_pcityName%3DPrague%3B_pcompanyName%3DM247%20Ltd%3B_pcontinentCode%3DEU%3B_pcontinentName%3DEurope%3B_pcountryISOCode%3DCZ%3B_pcountryName%3DCzechia%3B_platitude%3D50.0765%3B_plongitude%3D14.5104%3B_pmatchedIP%3D89.238.186.243%3B_ppostalCode%3D130%2000%3B_pstateISOCode%3D10%3B_pstateName%3DHlavni%20mesto%20Praha%3B_ptimeZone%3DEurope%2FPrague%3B_pidName%3DrmulusId%3B_pidSource%3Dresearch.juniper.net%3B_ptwAids%3Do1oeb%3B_pfbAids%3D340159566928684%3B_pliPids%3D4751%3B_pawAids%3DAW-956680084%3Bjnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%3B_pevId%3DlrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539%3B_pdLoc%3Dhttps%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back%3B_pdHash%3DUnavailable%3B_pclId%3DEghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540&frm=2&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts_ip%2526_plkpKey%253D_pclIp._pmatchedIP%2526_plkpPrfl%253Dactive%2526_pclIp%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkp&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&async=1&fmt=3&is_vtc=1&random=1724179445&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: research.juniper.net
URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/956680084/ Frame EF88 42 B
65 B 24ms
23ms Image
image/gif 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/956680084/?random=1602515539983&cv=9&fst=1602514800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa9u1&sendb=1&data=event%3Dpage_view%3B_psqStr%3D%3F_pclientId%5C%3Djnpr%26_peventName%5C%3Dlkps%26_pdataSource%5C%3Dweb%26_pqStr%5C%3Denabled%26_pgetId%5C%3Dtrue%26_plkpTblId%5C%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%5C%3D_pclIp._pmatchedIP%26_plkpPrfl%5C%3Dactive%26_pclIp%5C%3Dactive%26_pqStr%5C%3Dactive%26_pidName%5C%3DrmulusId%26_pidSource%5C%3Dresearch.juniper.net%26_ptwAids%5C%3Do1oeb%26_pfbAids%5C%3D340159566928684%26_pliPids%5C%3D4751%26_pawAids%5C%3DAW-956680084%26jnpr_vId%5C%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%3B_pclientId%3Djnpr%3B_peventName%3Dlkps%3B_pdataSource%3Dweb%3B_pqStr%3DUnavailable%3B_pgetId%3Dtrue%3B_plkpTblId%3Djnpr_audiences_targetaccounts_ip%3B_plkpKey%3D_pclIp._pmatchedIP%3B_plkpPrfl%3D%7B%22not%20found%22%3A%22not%20found%22%7D%3B_pcityName%3DPrague%3B_pcompanyName%3DM247%20Ltd%3B_pcontinentCode%3DEU%3B_pcontinentName%3DEurope%3B_pcountryISOCode%3DCZ%3B_pcountryName%3DCzechia%3B_platitude%3D50.0765%3B_plongitude%3D14.5104%3B_pmatchedIP%3D89.238.186.243%3B_ppostalCode%3D130%2000%3B_pstateISOCode%3D10%3B_pstateName%3DHlavni%20mesto%20Praha%3B_ptimeZone%3DEurope%2FPrague%3B_pidName%3DrmulusId%3B_pidSource%3Dresearch.juniper.net%3B_ptwAids%3Do1oeb%3B_pfbAids%3D340159566928684%3B_pliPids%3D4751%3B_pawAids%3DAW-956680084%3Bjnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%3B_pevId%3DlrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539%3B_pdLoc%3Dhttps%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back%3B_pdHash%3DUnavailable%3B_pclId%3DEghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540&frm=2&url=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts_ip%2526_plkpKey%253D_pclIp._pmatchedIP%2526_plkpPrfl%253Dactive%2526_pclIp%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkp&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&async=1&fmt=3&is_vtc=1&random=1724179445&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: research.juniper.net
URL: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Oct 2020 15:12:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ Frame EF88 31 B
117 B 172ms
172ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o1oeb&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&tw_document_referrer=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fresearch.juniper.net%2F%3F_psqStr%3D%253F_pclientId%253Djnpr%2526_peventName%253Dlkps%2526_pdataSource%253Dweb%2526_pqStr%253Denabled%2526_pgetId%253Dtrue%2526_plkpTblId%253Djnpr_audiences_targetaccounts_ip%2526_plkpKey%253D_pclIp._pmatchedIP%2526_plkpPrfl%253Dactive%2526_pclIp%253Dactive%2526_pqStr%253Dactive%2526_pidName%253DrmulusId%2526_pidSource%253Dresearch.juniper.net%2526_ptwAids%253Do1oeb%2526_pfbAids%253D340159566928684%2526_pliPids%253D4751%2526_pawAids%253DAW-956680084%2526jnpr_vId%253DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3DUnavailable%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3D%257B%2522not%2520found%2522%253A%2522not%2520found%2522%257D%26_pcityName%3DPrague%26_pcompanyName%3DM247%2520Ltd%26_pcontinentCode%3DEU%26_pcontinentName%3DEurope%26_pcountryISOCode%3DCZ%26_pcountryName%3DCzechia%26_platitude%3D50.0765%26_plongitude%3D14.5104%26_pmatchedIP%3D89.238.186.243%26_ppostalCode%3D130%252000%26_pstateISOCode%3D10%26_pstateName%3DHlavni%2520mesto%2520Praha%26_ptimeZone%3DEurope%252FPrague%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539%26_pevId%3DlrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539%26_pdLoc%3Dhttps%253A%252F%252Fblogs.juniper.net%252Fen-us%252Fthreat-research%252Ficeid-campaign-strikes-back%26_pdHash%3DUnavailable%26_pclId%3DEghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://research.juniper.net/?_psqStr=%3F_pclientId%3Djnpr%26_peventName%3Dlkps%26_pdataSource%3Dweb%26_pqStr%3Denabled%26_pgetId%3Dtrue%26_plkpTblId%3Djnpr_audiences_targetaccounts_ip%26_plkpKey%3D_pclIp._pmatchedIP%26_plkpPrfl%3Dactive%26_pclIp%3Dactive%26_pqStr%3Dactive%26_pidName%3DrmulusId%26_pidSource%3Dresearch.juniper.net%26_ptwAids%3Do1oeb%26_pfbAids%3D340159566928684%26_pliPids%3D4751%26_pawAids%3DAW-956680084%26jnpr_vId%3DMxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pclientId=jnpr&_peventName=lkps&_pdataSource=web&_pqStr=Unavailable&_pgetId=true&_plkpTblId=jnpr_audiences_targetaccounts_ip&_plkpKey=_pclIp._pmatchedIP&_plkpPrfl=%7B%22not%20found%22%3A%22not%20found%22%7D&_pcityName=Prague&_pcompanyName=M247%20Ltd&_pcontinentCode=EU&_pcontinentName=Europe&_pcountryISOCode=CZ&_pcountryName=Czechia&_platitude=50.0765&_plongitude=14.5104&_pmatchedIP=89.238.186.243&_ppostalCode=130%2000&_pstateISOCode=10&_pstateName=Hlavni%20mesto%20Praha&_ptimeZone=Europe%2FPrague&_pidName=rmulusId&_pidSource=research.juniper.net&_ptwAids=o1oeb&_pfbAids=340159566928684&_pliPids=4751&_pawAids=AW-956680084&jnpr_vId=MxggnqYFazbLtD6RR27Fnnzz66YFZsWs-1602515539&_pevId=lrD5GmIC6PtKhvmiQOJKP7DNxfHzdIut-1602515539&_pdLoc=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-research%2Ficeid-campaign-strikes-back&_pdHash=Unavailable&_pclId=EghNDT3kPQ8NK17Wyt4K3TAIVHKVCSwn-1602515540
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 12 Oct 2020 15:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 125
pragma: no-cache
last-modified: Mon, 12 Oct 2020 15:12:20 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 1eb9b1df5617707c5e6a40c79ad4caec
x-transaction: 00ec1e0a0095eec5
expires: Tue, 31 Mar 1981 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

205 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://blogs.juniper.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/scripts/satellite-5e274cf864746d62d400121f.js(Line 6) Message: doing run once again
console-api	log	URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0(Line 78) Message: check=true; jnpr_vID=jjh0Lh1Pz71zpWeMhKWPyHAvCqjRH15n-1602515536; notice_behavior=implied,eu; AMCVS_D206123F524450F50A490D45%40AdobeOrg=1; AMCV_D206123F524450F50A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C18548%7CMCMID%7C42588505397457222121544320235442604307%7CMCAAMLH-1603120336%7C6%7CMCAAMB-1603120336%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1602522736s%7CNONE%7CMCSYNCSOP%7C411-18555%7CMCAID%7CNONE%7CvVersion%7C3.1.2; dmdbase_cdc=DBSET; mbox=session#54115e8abba7409893ad702b4699e03a#1602517397\|PC#54115e8abba7409893ad702b4699e03a.37_0#1665760337; mboxEdgeCluster=37
console-api	log	URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0(Line 78) Message: check=true; jnpr_vID=jjh0Lh1Pz71zpWeMhKWPyHAvCqjRH15n-1602515536; notice_behavior=implied,eu; AMCVS_D206123F524450F50A490D45%40AdobeOrg=1; AMCV_D206123F524450F50A490D45%40AdobeOrg=-330454231%7CMCIDTS%7C18548%7CMCMID%7C42588505397457222121544320235442604307%7CMCAAMLH-1603120336%7C6%7CMCAAMB-1603120336%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1602522736s%7CNONE%7CMCSYNCSOP%7C411-18555%7CMCAID%7CNONE%7CvVersion%7C3.1.2; dmdbase_cdc=DBSET; mbox=session#54115e8abba7409893ad702b4699e03a#1602517397\|PC#54115e8abba7409893ad702b4699e03a.37_0#1665760337; mboxEdgeCluster=37
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 23) Message: [Facebook Pixel] - Removed keys from custom data.
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 23) Message: [Facebook Pixel] - Removed keys from custom data.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.demandbase.com
assets.adobedtm.com
attr.ml-api.io
bat.bing.com
blogs.juniper.net
cm.everesttech.net
collect.rmulus.com
connect.facebook.net
consent.trustarc.com
dpm.demdex.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
junipernetworks.d2.sc.omtrdc.net
junipernetworks.demdex.net
junipernetworks.tt.omtrdc.net
lookups.rmulus.com
platform.twitter.com
px.ads.linkedin.com
research.juniper.net
s.ml-attr.com
scripts.demandbase.com
secure.adnxs.com
secure.rmulus.com
static.ads-twitter.com
t.co
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.juniper.net
104.244.42.197
104.244.42.3
13.225.78.54
13.225.78.67
143.204.94.44
15.236.175.233
151.101.112.157
185.33.221.11
2606:2800:234:59:254c:406:2366:268c
2620:1ec:c11::200
2a00:1450:4001:803::2003
2a00:1450:4001:814::2002
2a00:1450:4001:819::2008
2a00:1450:4001:81b::2003
2a00:1450:4001:81c::2004
2a00:1450:4001:824::200a
2a02:26f0:10c:5b1::1e80
2a02:26f0:f1:292::720
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:10:101::b93f:9105
34.200.205.48
44.230.249.41
52.213.168.74
52.49.47.228
52.50.67.81
66.117.28.86
68.67.153.60
99.86.243.10
99.86.243.100
99.86.243.24
99.86.243.85
0018c64098f92022d1b7bdc4736a36d215beb67cda743c6931bbbf8334acbbd8
01e027231971c208e402b1852eabdc60b56c489bf52ca1a4e0a26e998e5e41da
02ffc9eb5cd56586a9aa30bdb399430a9c7f46823cd47cc1aa7c8f82042e4cdc
08fcec81b5d70ae12772d652042b25031a06796047a99a17fb3eaa3cf7980ae8
0b30b39cc04a7922ed34d3d567d814c6ea9c8cea7e4ba2302b5d45272c13a483
0b961216817d9fce974f25978f65071de06569be4760f644deec56bbb2977c7c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14a424043d648390ade4358c71cc7088dcaf2d3ad96d562dd62a7f111273ae3e
155ef7601d4af029d8b6f3efa4ed4984748ea0a36c85f038f129ffdc6fb83b66
15c14a35beeabe632f718ce14189ade1b8b6760b977e1e8149b5e1211d3efde5
179f42988ae4cab77687b27656fc69ab3fa07efbcf6279ac1bef85ac0688e69d
1bb5349b7a70b0f67c2594b88592de1c1ba04d5c7195a0d9f924672b0b626788
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1fee2fb3eb1831930f4e325e6f05dc0d322ce37f53cc7da4cd2cdde999ed0b1d
21ac17720285646169355f26dc7e527c20d2882a8d1de2a902e429dc94f9acd5
28b0868c36d74049defed3a9207367a1e4f77752ab7cb8bb60ff0285afbe55aa
2ad4e96fb2e21b58c32607429b7597950140dee740489604ba141308622b8929
2b10603de476387f576c81c7eabe849bb2b65ed182b12f0463c5a3479baa4af6
329f426f91b1b1fabaceceeef6a70ce5dec5d0f675fe1761c5ffb94aa390d779
3b20c7f4231183b11371d9122369cd5a961ee58a5372cd9f841da82b73ddb0be
3cb5162e19d9c6ecb634881fc079ab3aa8e9855a7bc164a830730a752a73e440
3d6b3953b124cb6ac8a75f128ed8f0a3fee56eedd0e4bfcd15b59d5fcfd3efa0
43cdf46f331fec5ba92e402e3d5cad473099892cbdafca02e607cd03705104bf
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4ac6f3f96ba95b41a75dace029d6f460e9721949d91b2680723394f1c8ecce29
4ca9b03621a20c0b162e2e3aa0af21f62b61049ef027abd523cefaa987eb613d
4d966ffbf39121ce17dca578684dda721702d20ee534cf9beeeb947b9a4cda12
52726fb580d6bffc46615863ddbf4c319524b5a68fb484be2972bdad4fd0310d
5656333217b27d77301c96148ecb05d9edbfd166c0a0474a1a9e29a98606efd2
57f53d1b65316e7362b02a42d2a07319fcd3a8d75f2dc91d0094caf98181c741
5855809ae723b4a35f3120be99dccfc8403b3dd379fd86efeacdad8767ea6320
5cac16aba0efd09aa09da73f61a0f9b9c930f5100695ac9f8783f0cc938ca5e6
608d4f2b108fc8b64a77c1a8b7fb7e6bb59ad03fc101be79863b040be2ea6589
619b3afc152f1e76ec40eff7c5e1e97136caf8a0420b19e5fd570b6ffe61998d
63aa9e013f1ec13fd691e8db8281f87b5e2cb39ab2966dbd722296d5b7172688
682a441c52a2aa06995a26d82b96607f35fd68fe75c58532076ee7f9ca2dbcf6
6ad89035a6df10812be76c15137e826e2121d53a6386ff7b4a4e959f794f067d
6b8797e0cf30f8a00ff41912ebcc895055ffeb426b34f70c4933b9828b1ca720
6c08ca0ac875c6c3477f36d366c80f3b0fbb5fd39ad35bd2dc8addb06efc072b
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
70349fe86be7c6dcd4062011d02d91185a4a45b60e2826f05985d67f8ae43bd3
7af2c659d6f3451b1d60b59d07e71f8b6ddcba906f882bf363c5c8532b01f5ed
7da66ec546c027bfe5b9ca59aa2225cfaa5f0d68f96801f31186878c0fa853f8
7ee39e6b76207efc841a6882a2af5241490e1a2161c4e13790f78fb4dbfdde28
7fc6b71fecae57ad350ffe89e9059442916fa401c3d3441e8aeb4c20d7a34ec3
7ff5a2ce1b7603d6e9f61f85587efe96cbed61d71ace91bcc6ca7d0bc07cc7ce
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
851bd834d24a84c0f4780789e868a65f9db8d9655a7a0cac039dbf3b65ad873f
89a733d708f3c1d4e9586f565282da135a31e93a9ad3da1611f64d1a112b457c
8a3e8d4242f53959806c3ebf262affb1bd5a78e361acb2d5bf14be201ee56a3e
8de75e52c8a9c8f8fd3f5c06e8f0a5c1a86d5c05ce90f4dcf1ff4ef372e8f425
96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea
9912c03b52a7cb0fc11bde58e200010eca671219552929b31be4c2e26c0e10c3
9dcd95b63c6ec41ea7817e407443f087470229fd02d94f89288dc366a5c833a3
9e01cd9d5c99f2550fff5002f1b7fcc1402aa88b84f471214b032a7cde0f42b2
9ff05dd0c63650e8a37b0de882f31af32904ae5ae1cdf3154a62b8bf6ee8f1df
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a3b3c4f67bf2b44294215e2be76f12794e6b142edec201e199c93c38739f2bfc
a822aa262f8d7674018c1a2761bae9b528fde5408e4994a54770dfd131f8a33c
ab79bd243b8d4eacffdcf83bec52f77d589435cb58f2926b5a914604b1b473a6
ac4824eeabc13b1248d78bb401430d7ae2081f068dce43e0d7680a403448cb9b
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae2eddef5e061eec479c96e03ccc24b279fdaba1f6e675d3627cc44e15127502
b1b713988699e504014f02692e34df4a8ded0c06178e6cca58ce74c2e73d7658
b1f5052d047f70ba8f8721e86c1a5f8760f829a75e3dcb72e5452c312d9066b1
b43bb3b833b8a0946d96295f42fbe72220d6eac378b7cf4d1ccdc73dfe30b607
b55ad8340a1d691f102b1e3f4a0ce107d4fd6dda552f4c648f3f3f520c981314
bbd96c67188ee6d1977bd7bfc382000eff01010cb8656023d6bdf8b77ab91c95
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
bd111ed6b28e5f880f55d6e8f43b4e10d6d011dd291c8e5dcd7f8ca10d51c44c
be86a0ee8aca88c429719a6e6181a9fda8dc84aa9fea96da59273d250b514f9d
bf0503c77003e76d864720c16be655d647e3e5e019482a46243c6a257c635abd
bf376bda577cabdec91f4e3f27597af77cb736bd548e87e987e1ee97e0549f1c
c4a75c8a159f2823efcc6b6e1f5db35bd37a724c58cdcd483a2365b9c724a51b
c5aff3477022f781ee765989cdf6abbdd986f331064c59f5655fab8c6f9796c7
c6846556479addb85175eb801d75cd64485ccec53b42fac54441fef1895c0408
c74679537a89890b260d93e19aad5f4cc95a230623a945ffcc3d981fc13a1adf
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d5fa4bdf6b870e2bf053eaf071824141dd12ee8fae091501af42537506ed7b44
d64a73a7c9fb6edef0e36d4a938235f574cb7526f90f4043286575822427a5cb
d79a56b4cb4b8d0651fd5839ff9be97cfe624630babc31f209f70801feffc7c4
d851f05512a6cbde015c1a6afe4b815ff5a1f764101951f6ae3b0347d6dabb27
d859a4dd217c69f291adef445e1c3a938ef7d850af3ba0f79f8ae081cda89e12
d8b3973b02fe90470f2307111fba8e4b66a16796d10f37befdb4f954eea7a467
dadc05f3facd0540be3ccc5fa54d174d733d039d8466dbeaf9e2befaa7c0ea7d
dc136a289331929be72cc5c26b7f1455a39c4c94a058f65fb6d3ef72c4c10a6d
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e07b39e211351c340b153d15aeb20aa9d80403edf761f105bfa59b268d92acef
e140beffd54616292cdd8060a530be3bf2b03f0d8186233186474b8e267db1bb
e162889fa44c8481b71824be282a069d84d592847fe8e4dd5b6eff8fa70294eb
e253109e6d843fd0dd5887c79ec1340e56913d38ad179499aeb55163875de6a7
e28195ef556c2e1f2d22ff939f487f10a32e608255bbd541be3eda5883b414c3
e319db56a8d7bbeda259af9540107b72dd326ddbc17facfbcadebff0603db1fb
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ccf32b4d570f678ef818d0ab645defe462926db4e3a7eb1985430e25a71d96
e5fcb2d6a4bdba38d19d71e2be2103711bde50d397d1fe447948befe6257b5a1
e77120238f61ac355534e89b7fad3a5fa9c9544851196a7a6a012ed1c4b07a42
e8d5b01af589f68a0f2da663d3efc472fabb22d9ede91a7ffcf74d21e6295506
e931faaef092c8d98a58ac536216378f58e2a17a4833bbe5f9a29e5bbed849f6
eb8b8bd903a4e388dca1baac5a72110f4eb1f479ee7b655ca53490081726680c
ed93f4b57dbafc1b959d886fcaba2d1fcfb4b94d390531cdcf8fcc079521a0e9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0ebf94842d7584c1c3c4925765c776bc6acc5345d1c01bdb846b416bad07877
f2c7893ac812052986f341c6651cb1f291f6d283d92437e00e424ffe08e68b08
fa0d4a0ea2015ff7752448a9f6eef25d8e1f6834aee21bbb73857cc99bccbb5e
fa7b3330d702000532d7043351e7eafce91af34ae416930c0ef82e46267728c4

blogs.juniper.net Open in urlscan Pro 44.230.249.41 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

158 Requests

100 %HTTPS

41 %IPv6

25 Domains

33 Subdomains

28 IPs

6 Countries

4305 kBTransfer

9350 kBSize

0 Cookies

125 Outgoing links

Redirected requests

158 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blogs.juniper.net Open in urlscan Pro
44.230.249.41 Public Scan

Screenshot
Live screenshot

Full Image

158
Requests

100 %
HTTPS

41 %
IPv6

25
Domains

33
Subdomains

28
IPs

6
Countries

4305 kB
Transfer

9350 kB
Size

0
Cookies

158 HTTP transactions
0 data transactions