www.bleepingcomputer.com Open in urlscan Pro
104.20.60.209 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hi=
Effective URL:
https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Submission: On March 24 via api (March 24th 2020, 5:00:10 pm UTC) from US

Summary HTTP 213 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 49 IPs in 8 countries across 33 domains to perform 213 HTTP transactions. The main IP is 104.20.60.209, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bleepingcomputer.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 12th 2018. Valid for: 2 years.

This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 44	104.20.60.209 104.20.60.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.26.13.6 104.26.13.6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
2	151.101.12.193 151.101.12.193	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE)
4	151.139.128.10 151.139.128.10	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2606:4700:20:... 2606:4700:20::681a:18b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	212.71.236.117 212.71.236.117	63949 (LINODE-AP...) (LINODE-AP Linode)
1	2600:9000:20e... 2600:9000:20e8:3e00:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
2	2600:9000:218... 2600:9000:2182:a600:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
1	172.217.18.166 172.217.18.166	15169 (GOOGLE) (GOOGLE)
3	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:81f::2002	15169 (GOOGLE) (GOOGLE)
1	99.86.3.37 99.86.3.37	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:214... 2600:9000:214f:6800:1:af78:4c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE)
7	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 3	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
2	35.201.67.47 35.201.67.47	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:817::2003	15169 (GOOGLE) (GOOGLE)
1	143.204.201.21 143.204.201.21	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81b::200d	15169 (GOOGLE) (GOOGLE)
6	143.204.213.153 143.204.213.153	16509 (AMAZON-02) (AMAZON-02)
3	151.101.13.194 151.101.13.194	54113 (FASTLY) (FASTLY)
2	143.204.201.77 143.204.201.77	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	35.190.40.172 35.190.40.172	15169 (GOOGLE) (GOOGLE)
2 2	34.241.166.6 34.241.166.6	16509 (AMAZON-02) (AMAZON-02)
2 2	18.202.137.180 18.202.137.180	16509 (AMAZON-02) (AMAZON-02)
1	143.204.201.65 143.204.201.65	16509 (AMAZON-02) (AMAZON-02)
1	34.200.100.213 34.200.100.213	14618 (AMAZON-AES) (AMAZON-AES)
6	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE)
2 2	147.75.102.200 147.75.102.200	54825 (PACKET) (PACKET)
1	195.181.175.52 195.181.175.52	60068 (CDN77) (CDN77)
10	3.127.95.92 3.127.95.92	16509 (AMAZON-02) (AMAZON-02)
3	3.122.6.57 3.122.6.57	16509 (AMAZON-02) (AMAZON-02)
4	95.101.185.51 95.101.185.51	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a02:fa8:8806... 2a02:fa8:8806:12::1430	41041 (VCLK-EU-) (VCLK-EU-)
8	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
14 42	152.199.21.89 152.199.21.89	15133 (EDGECAST) (EDGECAST)
8	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE)
8	104.16.190.66 104.16.190.66	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT)
4	2a00:1450:400... 2a00:1450:4001:81b::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
4 8	3.127.164.217 3.127.164.217	16509 (AMAZON-02) (AMAZON-02)
4	95.101.184.231 95.101.184.231	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.109.78.125 104.109.78.125	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
213	49

44 104.20.60.209 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.bleepingcomputer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.26.13.6 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bleepstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.12.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.139.128.10 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:18b (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.71.236.117 (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: nb-212-71-236-117.london.nodebalancer.linode.com

ecdn.analysis.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20e8:3e00:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2182:a600:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s29-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.188.71.214 (United States)

ASN15169 (GOOGLE, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.3.37 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-37.fra6.r.cloudfront.net

freestar-io.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:6800:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

vendorlist.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.59.101 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.67.47 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.201.21 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-21.fra53.r.cloudfront.net

api.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 143.204.213.153 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-213-153.fra53.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.13.194 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.201.77 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-77.fra53.r.cloudfront.net

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.40.172 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 172.40.190.35.bc.googleusercontent.com

api.skimlinks.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.241.166.6 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-166-6.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.202.137.180 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-137-180.eu-west-1.compute.amazonaws.com

x.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.201.65 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-65.fra53.r.cloudfront.net

audit.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.200.100.213 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-100-213.compute-1.amazonaws.com

cluster-na.cdnjquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.226.36.58 (United States)

ASN15169 (GOOGLE, US)
PTR: 58.36.226.35.bc.googleusercontent.com

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.102.200 (Central, Hong Kong) 2 redirects

ASN54825 (PACKET, US)

loadeu.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.181.175.52 (Frankfurt am Main, Germany)

ASN60068 (CDN77, GB)
PTR: unn-195-181-175-52.datapacket.com

load77.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 3.127.95.92 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-95-92.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.122.6.57 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-6-57.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 95.101.185.51 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a95-101-185-51.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:fa8:8806:12::1430 (Sweden)

ASN41041 (VCLK-EU-, SE)

web.hb.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.252.172.37 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 152.199.21.89 (United States) 14 redirects

ASN15133 (EDGECAST, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.95.120.147 (United States)

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com

freestar-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.16.190.66 (United States)

ASN13335 (CLOUDFLARENET, US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.127.164.217 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-164-217.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 95.101.184.231 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a95-101-184-231.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.109.78.125 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	bleepingcomputer.com 1 redirects www.bleepingcomputer.com	164 KB
42	advertising.com 14 redirects adserver-us.adtech.advertising.com	13 KB
12	adnxs.com ib.adnxs.com acdn.adnxs.com	10 KB
11	3lift.com 4 redirects tlx.3lift.com eb2.3lift.com	3 KB
11	pub.network a.pub.network d.pub.network c.pub.network	229 KB
11	skimresources.com 3 redirects s.skimresources.com r.skimresources.com t.skimresources.com p.skimresources.com x.skimresources.com	20 KB
10	sharethrough.com btlr.sharethrough.com	1 KB
8	districtm.io dmx.districtm.io cdn.districtm.io	489 B
8	openx.net freestar-d.openx.net eu-u.openx.net	2 KB
8	doubleclick.net ad.doubleclick.net securepubads.g.doubleclick.net	98 KB
7	rubiconproject.com fastlane.rubiconproject.com eus.rubiconproject.com	9 KB
7	consensu.org quantcast.mgr.consensu.org static.quantcast.mgr.consensu.org vendorlist.consensu.org api.quantcast.mgr.consensu.org api.skimlinks.mgr.consensu.org audit.quantcast.mgr.consensu.org	142 KB
6	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	11 KB
6	amazon-adsystem.com c.amazon-adsystem.com	30 KB
6	google.com apis.google.com adservice.google.com accounts.google.com	102 KB
4	dotomi.com web.hb.ad.cpe.dotomi.com	3 KB
4	casalemedia.com as-sec.casalemedia.com	4 KB
4	bleepstatic.com www.bleepstatic.com	8 KB
3	exelator.com 2 redirects loadeu.exelator.com load77.exelator.com	5 KB
3	fastly.net confiant-integrations.global.ssl.fastly.net	68 KB
3	gstatic.com csi.gstatic.com	428 B
3	googletagservices.com www.googletagservices.com	69 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1 KB
2	facebook.com www.facebook.com
2	ad-delivery.net ad-delivery.net	1 KB
2	facebook.net connect.facebook.net	113 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	imgur.com i.imgur.com	5 KB
1	cdnjquery.com cluster-na.cdnjquery.com	355 B
1	google.de adservice.google.de	171 B
1	videoplayerhub.com freestar-io.videoplayerhub.com	26 KB
1	analysis.fi ecdn.analysis.fi	2 KB
1	googletagmanager.com www.googletagmanager.com	28 KB
213	33

	Domain	Requested by
44	www.bleepingcomputer.com	1 redirects www.bleepingcomputer.com www.bleepstatic.com
42	adserver-us.adtech.advertising.com	14 redirects a.pub.network
10	btlr.sharethrough.com	a.pub.network
8	eb2.3lift.com	4 redirects a.pub.network
8	ib.adnxs.com	a.pub.network
7	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.bleepingcomputer.com
6	fastlane.rubiconproject.com	a.pub.network
6	c.pub.network	a.pub.network
6	c.amazon-adsystem.com	a.pub.network c.amazon-adsystem.com
4	eu-u.openx.net	a.pub.network
4	acdn.adnxs.com	a.pub.network
4	cdn.districtm.io	a.pub.network
4	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com confiant-integrations.global.ssl.fastly.net
4	dmx.districtm.io	a.pub.network
4	freestar-d.openx.net	a.pub.network
4	web.hb.ad.cpe.dotomi.com	a.pub.network
4	as-sec.casalemedia.com	a.pub.network
4	apis.google.com	www.bleepingcomputer.com apis.google.com
4	www.bleepstatic.com	www.bleepingcomputer.com
3	tlx.3lift.com	a.pub.network
3	confiant-integrations.global.ssl.fastly.net	a.pub.network confiant-integrations.global.ssl.fastly.net
3	csi.gstatic.com	www.bleepingcomputer.com
3	p.skimresources.com	www.bleepingcomputer.com
3	r.skimresources.com	1 redirects www.bleepingcomputer.com
3	www.googletagservices.com	a.pub.network www.bleepingcomputer.com securepubads.g.doubleclick.net
3	d.pub.network	a.pub.network
2	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
2	loadeu.exelator.com	2 redirects
2	x.skimresources.com	2 redirects
2	sync.crwdcntrl.net	2 redirects
2	www.facebook.com	connect.facebook.net
2	ad-delivery.net	freestar-io.videoplayerhub.com
2	t.skimresources.com	www.bleepingcomputer.com s.skimresources.com
2	connect.facebook.net	www.bleepingcomputer.com connect.facebook.net
2	static.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
2	www.google-analytics.com	www.googletagmanager.com www.bleepingcomputer.com
2	a.pub.network	www.bleepingcomputer.com a.pub.network
2	i.imgur.com	www.bleepingcomputer.com
1	eus.rubiconproject.com	a.pub.network
1	load77.exelator.com
1	cluster-na.cdnjquery.com	freestar-io.videoplayerhub.com
1	audit.quantcast.mgr.consensu.org	static.quantcast.mgr.consensu.org
1	api.skimlinks.mgr.consensu.org	s.skimresources.com
1	accounts.google.com	apis.google.com
1	api.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	vendorlist.consensu.org	quantcast.mgr.consensu.org
1	freestar-io.videoplayerhub.com	a.pub.network
1	ad.doubleclick.net	www.bleepingcomputer.com
1	quantcast.mgr.consensu.org	www.bleepstatic.com
1	ecdn.analysis.fi	www.bleepingcomputer.com
1	s.skimresources.com	www.bleepingcomputer.com
1	www.googletagmanager.com	www.bleepingcomputer.com
213	54

This site contains links to these domains. Also see Links.

Domain
www.thewindowsclub.com
www.uniteagainstmalware.com
www.paypal.me
networkproguide.com
www.reddit.com
www.tomsguide.com
www.invisionpower.com

Subject Issuer	Validity	Valid
bleepingcomputer.com COMODO RSA Domain Validation Secure Server CA	`2018-05-12` - `2020-05-17`	2 years	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-11` - `2020-10-09`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2020-01-15` - `2022-03-16`	2 years	crt.sh
*.apis.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2018-09-13` - `2020-10-07`	2 years	crt.sh
*.analysis.fi Sectigo RSA Domain Validation Secure Server CA	`2019-06-13` - `2020-06-12`	a year	crt.sh
quantcast.mgr.consensu.org Amazon	`2019-05-06` - `2020-06-06`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2019-02-09` - `2020-05-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.videoplayerhub.com Amazon	`2019-07-18` - `2020-08-18`	a year	crt.sh
vendorlist.consensu.org Amazon	`2020-02-07` - `2021-03-07`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-03-01` - `2020-05-30`	3 months	crt.sh
accounts.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2019-10-07` - `2020-09-29`	a year	crt.sh
*.freetls.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-12-18` - `2020-12-18`	a year	crt.sh
ad-delivery.net Amazon	`2019-03-07` - `2020-04-07`	a year	crt.sh
api.skimlinks.mgr.consensu.org DigiCert SHA2 Secure Server CA	`2019-10-04` - `2021-10-07`	2 years	crt.sh
*.assetbucket.net Amazon	`2019-09-11` - `2020-10-11`	a year	crt.sh
1605158521.rsc.cdn77.org Let's Encrypt Authority X3	`2020-01-21` - `2020-04-20`	3 months	crt.sh
*.sharethrough.com Amazon	`2019-10-07` - `2020-11-07`	a year	crt.sh
*.3lift.com Amazon	`2019-07-17` - `2020-08-17`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.adtech.advertising.com DigiCert SHA2 High Assurance Server CA	`2018-05-22` - `2020-05-26`	2 years	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
districtm.io CloudFlare Inc ECC CA-2	`2020-02-25` - `2020-10-09`	7 months	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh

This page contains 26 frames:

Primary Page: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Frame ID: 943206C3B2FEAF7DD46E4751E4334518
Requests: 186 HTTP requests in this frame

Frame: https://static.quantcast.mgr.consensu.org/v31/cmp-3pc-check.html
Frame ID: 981ED827533FB54BFF9F37D0AD3090A0
Requests: 1 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.9882117282205092
Frame ID: E774341BC7CF03B3891D490788C07680
Requests: 3 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&count=false&size=small&hl=en-GB&origin=https%3A%2F%2Fwww.bleepingcomputer.com&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.JKCQ2Hvuo0E.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ%2Fm%3D__features__
Frame ID: E9F756F352EB4D486D4F02396D97FA18
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.JKCQ2Hvuo0E.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ%2Fm%3D__features__
Frame ID: 16D531784A4285366E38B351B2E2BBDA
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=942111685863795&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df1063c8808f369%26domain%3Dwww.bleepingcomputer.com%26origin%3Dhttps%253A%252F%252Fwww.bleepingcomputer.com%252Ff23ec14b6bf4d7c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&width=150
Frame ID: 3F88E8C90AC8A77F4DD3AB2A34763F5C
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvBe6fY56YQh1vJDg5oHjJEg67oOcXhSQzUTqmpEK2qzkDL8MZjthrlP5V0IGBk60t_PBATMqcuOAOW2BHFfP8ppXh5pg6NtSvtFgmu5pgjmlGKY3jqw35uvubjuaLFSpF_eWRaYNFqYOlSOVU4orCrq-I9HonJ4KEzb1ShfhjbpMABOp76L6iZkPJQwCP7YVCCzOQiXXSBFPUqH5TP5YQ4JEPji9jyaV0hDLP-xB-jG8UixL10qdpnycCDaKEZ2gIG5EWFzjhQWbbGKcLRFJ04A_CLf6-7pj0Ck-EOHroUQzDe&sai=AMfl-YTaRx18xgw6ml7f1MZxtb4H31pEEjjl3AdQkjbmOkjvyNfPCVs80n4aXUOglGyztWy78ZiU4rCAdveIR7sKPLLGe7NlfKnoLGStYPvXvA&sig=Cg0ArKJSzOpikeBwkUXhEAE&urlfix=1&adurl=
Frame ID: F1D57A372D1BA16721DF057FE1AE1BDD
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: A57C318F5C8C0E533E80617DE16D9A08
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: DF19EC0FE4CD329A5C9D58F1B4FF8F0C
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 47B6C2F07247870000A373A9D1C86096
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 88ED864E8BE6C8601F8990DFE5B77C93
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: EC7FB2AB3409E2A510A11955F14AB8DD
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 9446D484A6C077ED7B4808A166374E3E
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: E24AF5CB81664B728C5BA3B06824DEFC
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 127ECC4E0031AC286FFD7FF701DAD1EF
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 3574749A8B612D39056B2F68E3D80646
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: DB0E49FA94074BCEEE5135DAC7789C91
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 12F8B801E05D82084AFD39055FCBF034
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 801CBEB74C6065224DE338A2901C8FF6
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: EF752DCAC1D60CA6C47FEB3BDBF51984
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 5F00FBCA832FE935FDCF05C143DD0DEA
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: E2150962B75FC2DACEA3D9062D25F9F4
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 9B1FE2269B9CE8FBF10F25ECE364CE14
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Frame ID: 0671273BF23A0E192B7EECE2F916779A
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 7DB4592E39F4ECE06AD37B69DF15C793
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: B1718C7B4213405EAD6B86B531C4CD16
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hi= HTTP 301
https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

213
Requests

98 %
HTTPS

33 %
IPv6

33
Domains

54
Subdomains

49
IPs

8
Countries

1174 kB
Transfer

3676 kB
Size

12
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.thewindowsclub.com/tips-become-microsoft-mvp-mcc

Search URL Search Domain Scan URL

URL: http://www.uniteagainstmalware.com/
Title: UNITE

Search URL Search Domain Scan URL

URL: https://www.paypal.me/quietman7

Search URL Search Domain Scan URL

URL: https://networkproguide.com/fix-connect-attempts-to-www-msftconnecttest-com-windows-server-2016/
Title: https://networkproguide.com/fix-connect-attempts-to-www-msftconnecttest-com-windows-server-2016/

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/xbox/comments/fkfn48/xbox_wont_connect_to_internet_instead_makes_me/
Title: https://www.reddit.com/r/xbox/comments/fkfn48/xbox_wont_connect_to_internet_instead_makes_me/

Search URL Search Domain Scan URL

URL: https://www.tomsguide.com/us/home-router-security,news-19245.html
Title: https://www.tomsguide.com/us/home-router-security,news-19245.html

Search URL Search Domain Scan URL

URL: http://www.invisionpower.com/apps/board/
Title: Community Forum Software by IP.Board

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hi= HTTP 301
https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67

https://r.skimresources.com/api/ HTTP 307
https://r.skimresources.com/api/?xguid=01E46QRYTTV6JBM3QRJCNSQMSE&persistence=1&checksum=155af53ad58b1d217773468ed715702db8c769221c5ddd259da2fed48a3167f7

Request Chain 92

https://sync.crwdcntrl.net/map/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D HTTP 302
https://x.skimresources.com/?provider=lotame&skim_mapping=true&provider_id=d8847cd5aefdd7fec0ce817ba937f88e HTTP 302
https://p.skimresources.com/?provider_id=d8847cd5aefdd7fec0ce817ba937f88e&skim_mapping=true

Request Chain 101

https://x.skimresources.com/?provider=exelate HTTP 302
https://loadeu.exelator.com/load/?p=787&g=001&j=0& HTTP 302
https://loadeu.exelator.com/load/?p=787&g=001&j=0&&xl8blockcheck=1 HTTP 302
https://load77.exelator.com/pixel.gif

Request Chain 111

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536

Request Chain 112

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536

Request Chain 113

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536

Request Chain 114

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536

Request Chain 115

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536

Request Chain 116

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536

Request Chain 117

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536

Request Chain 124

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1Ae31349e8-6df0-11ea-bf59-1215cb940d7a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536

Request Chain 125

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1Ae33c9334-6df0-11ea-bad7-12dfe7d1818c;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536

Request Chain 126

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae313bcac-6df0-11ea-a9e7-121b89dbed5a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536

Request Chain 127

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1Ae324d0dc-6df0-11ea-a51b-12eca44d2d72;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536

Request Chain 128

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae324f832-6df0-11ea-9a84-12f6c3f4cbd0;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536

Request Chain 129

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1Ae34d181c-6df0-11ea-abbd-1222202f268e;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536

Request Chain 130

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae34e856c-6df0-11ea-8913-120ea4e1ae80;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536

Request Chain 196

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 199

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 202

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 205

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

213 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Redirect Chain

https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hi=
https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

173 KB
33 KB

453ms
453ms

Document
text/html

104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1695f0c879c9d16ed88da1b8ca917f2a538d5c6591e4251df70c977d58c0584e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.bleepingcomputer.com
:scheme: https
:path: /forums/t/715480/coronavirus-dns-router-hijack/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d106e43da05a99a16cd23612d62f014ff1585069192; session_id=26107b7f5d23862c929bcf9332e5f320
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 200
date: Tue, 24 Mar 2020 16:59:53 GMT
content-type: text/html;charset=ISO-8859-1
content-security-policy: upgrade-insecure-requests;
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate, max-age=0
expires: Mon, 23 Mar 2020 16:59:53 GMT
pragma: no-cache
vary: Accept-Encoding,User-Agent
set-cookie: session_id=26107b7f5d23862c929bcf9332e5f320; path=/; domain=.bleepingcomputer.com; httponly;Secure modpids=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.bleepingcomputer.com;Secure
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5791f1f93a75d8f1-AMS
content-encoding: br

Redirect headers

status: 301
date: Tue, 24 Mar 2020 16:59:53 GMT
content-type: text/html;charset=ISO-8859-1
set-cookie: __cfduid=d106e43da05a99a16cd23612d62f014ff1585069192; expires=Thu, 23-Apr-20 16:59:52 GMT; path=/; domain=.bleepingcomputer.com; HttpOnly; SameSite=Lax; Secure session_id=26107b7f5d23862c929bcf9332e5f320; path=/; domain=.bleepingcomputer.com; httponly;Secure
content-security-policy: upgrade-insecure-requests;
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate, max-age=0
expires: Mon, 23 Mar 2020 16:59:53 GMT
pragma: no-cache
location: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5791f1f628acd8f1-AMS

GET
H2 200 prettify.css
www.bleepingcomputer.com/forums/public/style_css/ 1 KB
573 B 33ms
33ms Stylesheet
text/css 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/style_css/prettify.css?ipbv=2c77595800f56bf9d8365767f85624ab

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfd753d445592a633d4e3b8f74fe6e4ca85ab95a1f0b2fc00f11afeaaeed8194

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1738
cf-polished: origSize=2207
status: 200
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"89f-4dddda0323b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fc1b6ad8f1-AMS
cf-bgj: minify

GET
H2 200 prototype.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/ 134 KB
33 KB 43ms
42ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/prototype.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2a0ed3ea5aebdf80781e96b0e677656f9db72ea592b679299953852fef84b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 3570
cf-polished: origSize=180829
status: 200
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"2c25d-4dddd9fb82900-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fc3bbdd8f1-AMS
cf-bgj: minify

GET
H2 200 ipb.js Show response
www.bleepingcomputer.com/forums/public/js/ 81 KB
19 KB 54ms
53ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=2c77595800f56bf9d8365767f85624ab&load=quickpm,hovercard,sharelinks,topic,like

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

914053e444ff358317ec2778690f8dfff7c41eeb985a6b3ee2906280bbc4b61a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1738
cf-polished: origSize=128615
status: 200
last-modified: Thu, 02 Jan 2020 17:02:01 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1f667-59b2b26d979c8-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fc3bc0d8f1-AMS
cf-bgj: minify

GET
H2 200 scriptaculous-cache.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/scriptaculous/ 55 KB
13 KB 38ms
37ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/scriptaculous/scriptaculous-cache.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61e225f0d67c03cc5a2cdfa2f63e971048d0201711c3cda27c4d4ea0f9f65176

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1738
cf-polished: origSize=79618
status: 200
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"13702-4dddda0323b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fc3bc1d8f1-AMS
cf-bgj: minify

GET
H2 200 ipb.lang.js Show response
www.bleepingcomputer.com/forums/cache/lang_cache/1/ 28 KB
7 KB 47ms
46ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/cache/lang_cache/1/ipb.lang.js?nck=4b93cd7f1f76df9c2c1783aae5cc39b1

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebbdc09f56e8b9cba9117f0d84b4903fdc89508496a9b5d5b8d6bf59ff13ebbf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1738
cf-polished: origSize=30126
status: 200
last-modified: Fri, 25 Oct 2019 14:30:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"75ae-595bcfc4bde67-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fc3bc5d8f1-AMS
cf-bgj: minify

GET
H2 200 qc-consent.js Show response
www.bleepstatic.com/js/qc-consent/ 3 KB
2 KB 110ms
41ms Script
text/javascript 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 2028768
cf-polished: origSize=3848
status: 200
cf-bgj: minify
last-modified: Thu, 07 Feb 2019 13:49:44 GMT
server: cloudflare
etag: W/"3981350888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 5791f1fcab5769a4-CDG
expires: Sun, 05 Apr 2020 05:27:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 75 KB
28 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

025e7e180ec38cee031546ed3a613dc266575a90fb028db4572236863b185c70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28648
x-xss-protection: 0
last-modified: Tue, 24 Mar 2020 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 24 Mar 2020 16:59:53 GMT

GET
H2 200 twitter.png
www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/ 545 B
726 B 43ms
38ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92597d72536ce2725db3f04c7ad34252f8d4037ae0a61cdec08f93a0c2db05f2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 1944527
cf-polished: origSize=575, status=vary_header_present
status: 200
content-length: 545
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "23f-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Wed, 01 Apr 2020 04:51:05 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd3ef6d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 forum-logo.png
www.bleepstatic.com/logo/ 5 KB
5 KB 46ms
41ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/logo/forum-logo.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 311b90855c9f23f4f7531137aa339d941b81af0409120d0281a535f0d2920d49

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 1097165
cf-polished: origFmt=png, origSize=9361
status: 200
content-disposition: inline; filename="forum-logo.webp"
cf-bgj: imgq:85
content-length: 4670
last-modified: Fri, 26 Nov 2010 18:53:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5791f1fd3be469a4-CDG
expires: Sat, 11 Apr 2020 00:13:47 GMT

GET
H2 200 useropts_arrow.png
www.bleepingcomputer.com/forums/public/style_images/master/ 94 B
279 B 52ms
46ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/useropts_arrow.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

114af008615fbe18f9cc0dfd36ebafd202e12eda91137d48d8a2cab529274d9f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 211176
cf-polished: pngoptimizer, origSize=129, status=vary_header_present
status: 200
content-length: 94
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "81-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 21 Apr 2020 06:20:17 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd3f02d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 default_large.png
www.bleepingcomputer.com/forums/public/style_images/master/profile/ 2 KB
3 KB 48ms
43ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/profile/default_large.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48100a7efdd07d27ede8e151c39cad2a2b55853d038c25fc2a846316ea0184ef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 1681216
cf-polished: pngoptimizer, origSize=2589, status=vary_header_present
status: 200
content-length: 2503
last-modified: Wed, 09 Mar 2011 20:59:50 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "a1d-49e13027a9d80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Sat, 04 Apr 2020 05:59:37 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd3f04d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 icon_share.png
www.bleepingcomputer.com/forums/public/style_images/master/ 169 B
480 B 42ms
37ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/icon_share.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b5a35aa59af15012b03c44769087fb85282ed12e3c417030d78f95f61697b53

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 718230
cf-polished: pngoptimizer, origSize=1201, status=vary_header_present
status: 200
content-length: 169
last-modified: Fri, 12 Oct 2012 09:31:38 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "4b1-4cbd95ac45280"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Wed, 15 Apr 2020 09:29:23 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd3f06d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 quicktime.gif
www.bleepingcomputer.com/forums/public/style_extra/mime_types/ 213 B
370 B 43ms
38ms Image
image/gif 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/mime_types/quicktime.gif

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8856e209b20c00bc8b3f47cb603948302c4171b14518936952660eca422901f3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 1678664
cf-polished: status=not_needed
status: 200
content-length: 213
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "d5-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/gif
expires: Sat, 04 Apr 2020 06:42:09 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd3f0ad8f1-AMS
cf-bgj: imgq:100

GET
H2 200 post_top.png
www.bleepstatic.com/skin_images/bc/ 369 B
519 B 44ms
39ms Image
image/png 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/skin_images/bc/post_top.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f05e5537bc91bd6026cd2ee7a4ce48d5141ba791f68f1ce1264283c8af6c3aeb

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 2112
cf-polished: origSize=3076, status=webp_bigger
status: 200
cf-bgj: imgq:85
content-length: 369
last-modified: Wed, 09 Jun 2010 03:08:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5791f1fd3be569a4-CDG
expires: Thu, 14 Nov 2019 07:03:41 GMT

GET
H2 200 bot.jpg
www.bleepstatic.com/images/site/forum/bots/ 880 B
1 KB 41ms
36ms Image
image/webp 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/forum/bots/bot.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 967e2ca4f6acdd30fe8199d905a42f91e578494c5ae014f79d8cae4423219edc

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 511570
cf-polished: qual=85, origFmt=jpeg, origSize=1566
status: 200
content-disposition: inline; filename="bot.webp"
cf-bgj: imgq:85
content-length: 880
last-modified: Tue, 20 Oct 2009 04:08:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5791f1fd3be869a4-CDG
expires: Fri, 17 Apr 2020 18:53:43 GMT

GET
H2 200 av-26513.jpg
www.bleepingcomputer.com/forums/uploads/ 3 KB
3 KB 44ms
39ms Image
image/jpeg 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/uploads/av-26513.jpg?_r=0

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd22135631e382a4d981e14dce6427a150d8c12cc5b779110652e0b00407eb69

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 1674027
cf-polished: origSize=3130, status=vary_header_present
status: 200
content-length: 2746
last-modified: Thu, 08 Sep 2005 19:07:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "c3a-400475df72a80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/jpeg
expires: Sat, 04 Apr 2020 07:59:26 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd3f0cd8f1-AMS
cf-bgj: imgq:100

GET
H2 200 kO7xOZh.gif
i.imgur.com/ 3 KB
3 KB 75ms
23ms Image
image/gif 151.101.12.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/kO7xOZh.gif
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: 608501196c0571ec771c62b340f68dbcd57d10b119d7c4fe87cca2ed81a79e2a

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
age: 2222249
x-cache: HIT, HIT
status: 200
content-length: 3078
x-served-by: cache-bwi5127-BWI, cache-fra19128-FRA
last-modified: Thu, 01 Dec 2016 18:42:01 GMT
server: cat factory 1.0
x-timer: S1585069194.841002,VS0,VE1
etag: "c7ab4b049bf557e389fff83e16b8a451"
access-control-allow-methods: GET, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 38WxTfO.gif
i.imgur.com/ 1 KB
2 KB 74ms
22ms Image
image/gif 151.101.12.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/38WxTfO.gif
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: 154f3a9ed4f3ac0059fc18337f3cb4d28103f349b3e256458f6a39b23d3c092b

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
age: 25858659
x-cache: HIT, HIT
status: 200
content-length: 1491
x-served-by: cache-bwi5133-BWI, cache-fra19128-FRA
last-modified: Fri, 09 Dec 2016 11:33:28 GMT
server: cat factory 1.0
x-timer: S1585069194.840982,VS0,VE1
etag: "74f7d23b80fa48165e56fd6193e83ae3"
access-control-allow-methods: GET, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 photo-thumb-238592.png
www.bleepingcomputer.com/forums/uploads/profile/ 13 KB
13 KB 53ms
49ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/uploads/profile/photo-thumb-238592.png?_r=1473891226

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0046b574f57cf9b0c63b743a3decdbe6ba204166f6cf786caa99f14be1bd2b52

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 555190
cf-polished: pngoptimizer, origSize=14491, status=vary_header_present
status: 200
content-length: 13138
last-modified: Wed, 14 Sep 2016 22:15:13 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "389b-53c7f10261e40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Fri, 17 Apr 2020 06:46:43 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd3f0ed8f1-AMS
cf-bgj: imgq:100

GET
H2 200 photo-thumb-900465.jpg
www.bleepingcomputer.com/forums/uploads/profile/ 1 KB
2 KB 45ms
41ms Image
image/jpeg 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/uploads/profile/photo-thumb-900465.jpg?_r=1441718638

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c5493de2d83c24647a2da39b8abcbf696ddab1e53cf476f62ad80d97baea2bb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 503201
cf-polished: origSize=1963, status=vary_header_present
status: 200
content-length: 1506
last-modified: Tue, 08 Sep 2015 13:23:58 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "7ab-51f3c4748b780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/jpeg
expires: Fri, 17 Apr 2020 21:13:12 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd3f10d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 smile.png
www.bleepingcomputer.com/forums/public/style_emoticons/default/ 850 B
1 KB 48ms
44ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_emoticons/default/smile.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

18d824646c1147f2687333fa22e37718e5c666d078eb27ffffa017f59415cac5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 676834
cf-polished: origSize=1042, status=vary_header_present
status: 200
content-length: 850
last-modified: Wed, 18 May 2011 11:51:58 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "412-4a38b840bf380"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Wed, 15 Apr 2020 20:59:19 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd3f11d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 twitter.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 545 B
759 B 51ms
47ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/twitter.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92597d72536ce2725db3f04c7ad34252f8d4037ae0a61cdec08f93a0c2db05f2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 640367
cf-polished: origSize=575, status=vary_header_present
status: 200
content-length: 545
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "23f-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Thu, 16 Apr 2020 07:07:06 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd3f13d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 plusone.js Show response
apis.google.com/js/ 48 KB
19 KB 43ms
29ms Script
application/javascript 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

91772941c245b12f8fcb8447413a0d7ceb9864bf67147894775ea9062c59f82a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: script-src 'report-sample' 'nonce-CEw+bY063sOg928a2mPSYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "7208491ced726c2d16c8da79ffd8e90e"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin: *
expires: Tue, 24 Mar 2020 16:59:53 GMT

GET
H2 200 digg.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 357 B
504 B 53ms
49ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/digg.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

669641985eb1bb7b0e71762f8e734ae2d1832b6976a97f099218d714da1f214e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 36939
cf-polished: pngoptimizer, origSize=431, status=vary_header_present
status: 200
content-length: 357
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "1af-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Thu, 23 Apr 2020 06:44:14 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd3f19d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 delicious.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 245 B
387 B 45ms
41ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/delicious.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bc2ee096d68f1de3dfd74d23e4a3d1550001d5a459a537e276b5bdf6f011893

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 36939
cf-polished: origSize=308, status=vary_header_present
status: 200
content-length: 245
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "134-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Thu, 23 Apr 2020 06:44:14 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd3f1dd8f1-AMS
cf-bgj: imgq:100

GET
H2 200 reddit.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 542 B
710 B 61ms
57ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/reddit.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

424b5f41dcbc693d32ca73f0e2b1daa5cf5524bc2220865c15b81f032bf3052d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 2207136
cf-polished: pngoptimizer, origSize=614, status=vary_header_present
status: 200
content-length: 542
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "266-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Sun, 29 Mar 2020 03:54:17 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f42d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 stumble.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 418 B
542 B 54ms
50ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/stumble.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a915aab28857afeac49311ceff852888da1623eb0f589d7f43fbfbfbceb562e9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 211176
cf-polished: pngoptimizer, origSize=519, status=vary_header_present
status: 200
content-length: 418
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "207-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 21 Apr 2020 06:20:17 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f47d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 email.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 419 B
585 B 57ms
53ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/email.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee469e3d281e77f7dcc2655ff8d187907f2240c76a03bf868e7dcfd67f08d880

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 653514
cf-polished: origSize=530, status=vary_header_present
status: 200
content-length: 419
last-modified: Thu, 04 Feb 2010 11:47:46 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "212-47ec4e74b3c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Thu, 16 Apr 2020 03:27:59 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f4dd8f1-AMS
cf-bgj: imgq:100

GET
H2 200 print.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 272 B
434 B 70ms
67ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/print.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e0533d6585c026d1f72a040b902b67d76994eafa3593049d16ee319e9ec9be8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 659534
cf-polished: origSize=409, status=vary_header_present
status: 200
content-length: 272
last-modified: Fri, 30 Apr 2010 22:16:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "199-4857b96a96c80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Thu, 16 Apr 2020 01:47:39 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f4fd8f1-AMS
cf-bgj: imgq:100

GET
H2 200 download.png
www.bleepingcomputer.com/forums/public/style_extra/sharelinks/ 633 B
798 B 66ms
62ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_extra/sharelinks/download.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

563777fc54d07e48cbea78dd97911bdd12a62d1888d12fe4dfeaaa9b3563d676

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 36074
cf-polished: origSize=646, status=vary_header_present
status: 200
content-length: 633
last-modified: Fri, 12 Feb 2010 14:33:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "286-47f6828485d00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Thu, 23 Apr 2020 06:58:39 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f52d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 prettify.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/ 14 KB
6 KB 31ms
30ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/prettify.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b937537ed7f13e70dc6a69b6e9b308237cd369e11fa2a2b97a24d97d8487673e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1817
cf-polished: origSize=14551
status: 200
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"38d7-4dddda0323b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fcad49d8f1-AMS
cf-bgj: minify

GET
H2 200 lang-sql.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/ 2 KB
1 KB 44ms
43ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/prettify/lang-sql.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

770cb6f8747e90dad261e049dfa5cf42e622dac61bcbc86ecb0a8c134228eb91

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1737
cf-polished: origSize=1802
status: 200
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"70a-4dddda0323b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fcedebd8f1-AMS
cf-bgj: minify

GET
H2 200 top.png
www.bleepingcomputer.com/forums/public/style_images/master/ 147 B
445 B 58ms
54ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/top.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cc36f47b70988855c5cde9579581871e9dc92a285a8b1ba4602a89c915c902c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 36987
cf-polished: origSize=207, status=vary_header_present
status: 200
content-length: 147
last-modified: Thu, 09 Jun 2011 17:25:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "cf-4a54abe32b600"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Thu, 23 Apr 2020 06:43:26 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f55d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 feed.png
www.bleepingcomputer.com/forums/public/style_images/master/ 641 B
784 B 61ms
58ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/feed.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9158290895e962ac081ae5856cf1c361811b63e1dadf7a6b09fa2f3abbd6ecb5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 1759092
cf-polished: origSize=680, status=vary_header_present
status: 200
content-length: 641
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "2a8-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Fri, 03 Apr 2020 08:21:41 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f59d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 lightbox.js Show response
www.bleepingcomputer.com/forums/public/js/3rd_party/ 9 KB
2 KB 37ms
37ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/3rd_party/lightbox.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a78f7bf63f851cbab54a7f7e9ccb76b53ef79834c33cd242aa98d16d228e855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1737
cf-polished: origSize=10063
status: 200
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"274f-4dddd9fb82900-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fcedf4d8f1-AMS
cf-bgj: minify

GET
H2 200 3687X620620.skimlinks.js Show response
s.skimresources.com/js/ 43 KB
16 KB 77ms
26ms Script
application/octet-stream 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/3687X620620.skimlinks.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f988bd12377e5e223349a8283d2ff1b48c185d4ab13a11a9f9d0ed9bd374d071

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: gzip
last-modified: Thu, 12 Mar 2020 11:41:26 GMT
server: AmazonS3
x-amz-request-id: 967E011529BB6B69
etag: "619308536919c770dd3664b272750328"
x-hw: 1585069193.cds015.pa1.hc,1585069193.cds035.pa1.c
content-type: application/octet-stream
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 16464
x-amz-id-2: h2aq2h587QQt8rdbLYhZmy9jU4Qlkw4GHdj7jsX9NnY1HvUXO6W2f7EPbqmYgk70L936AP9E/5c=

GET
H2 200 ips.quickpm.js Show response
www.bleepingcomputer.com/forums/public/js/ 5 KB
2 KB 32ms
31ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.quickpm.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=2c77595800f56bf9d8365767f85624ab&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f34544ddb27241b3eccb8e06d7447230005e8718b463a30d9dd83d1e8bada1a1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1841
cf-polished: origSize=7306
status: 200
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1c8a-4dddda0323b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fcad2ed8f1-AMS
cf-bgj: minify

GET
H2 200 ips.hovercard.js Show response
www.bleepingcomputer.com/forums/public/js/ 7 KB
2 KB 32ms
32ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.hovercard.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=2c77595800f56bf9d8365767f85624ab&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e3b8f6c06d2d74cc294ee6439e67b08890587be0081249a158469ace2eaeaaf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1842
cf-polished: origSize=12576
status: 200
last-modified: Wed, 29 May 2013 16:10:52 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3120-4dddda0323b00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fcad32d8f1-AMS
cf-bgj: minify

GET
H2 200 ips.sharelinks.js Show response
www.bleepingcomputer.com/forums/public/js/ 4 KB
1 KB 36ms
35ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.sharelinks.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=2c77595800f56bf9d8365767f85624ab&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f1e90548e911e24dedcb2ca0ffee6847a49a8648e9c615bcd0582bb7c7993fd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1737
cf-polished: origSize=5869
status: 200
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"16ed-4dddd9fb82900-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fcad36d8f1-AMS
cf-bgj: minify

GET
H2 200 ips.topic.js Show response
www.bleepingcomputer.com/forums/public/js/ 28 KB
6 KB 37ms
36ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.topic.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=2c77595800f56bf9d8365767f85624ab&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a51f645170637f10f3eba218020318af3fff3ad8e7087db87ef607896f19a940

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1737
cf-polished: origSize=45653
status: 200
last-modified: Tue, 29 Dec 2015 18:39:43 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"b255-5280dbeb879c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fcad3bd8f1-AMS
cf-bgj: minify

GET
H2 200 ips.like.js Show response
www.bleepingcomputer.com/forums/public/js/ 4 KB
1019 B 81ms
80ms Script
application/javascript 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/js/ips.like.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/public/js/ipb.js?ipbv=2c77595800f56bf9d8365767f85624ab&load=quickpm,hovercard,sharelinks,topic,like

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf50c94253085740a5cce42e9c14f7b897cfc384303b38a5d9d7a0ab8ea5160f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1737
cf-polished: origSize=6287
status: 200
last-modified: Wed, 29 May 2013 16:10:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"188f-4dddd9fb82900-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fcad3dd8f1-AMS
cf-bgj: minify

GET
H2 200 pubfig.min.js Show response
a.pub.network/bleepingcomputer-com/ 440 KB
117 KB 67ms
49ms Script
application/javascript 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e099cbd4b2f4ddf8fc0c4715ac73f46a9c3134ec539a045c87db7252a854f77b

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 47
status: 200
x-guploader-uploadid: AEnB2UoM-Yb_h_NuU9scUzxXe5tQ1IFaC-TrJuWYpuy7MntyjsNNXa60NRYV1shfzsOHee3w1NbJslK7_Xw6SP9IAsefATS30Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Fri, 20 Mar 2020 20:07:32 GMT
server: cloudflare
etag: W/"1173359ed7df956afd617e45530903b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=cm/Q+g==, md5=EXM1ntfflWr9YX5FUwkDsw==
content-type: application/javascript
x-goog-generation: 1584734852947887
cache-control: public, max-age=1800
x-goog-stored-content-length: 450440
cf-ray: 5791f1fd3e9e97f0-FRA
expires: Tue, 24 Mar 2020 17:00:06 GMT

GET
H/1.1 200
OK fab.js Show response
ecdn.analysis.fi/static/js/ 4 KB
2 KB 104ms
27ms Script
application/javascript 212.71.236.117
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://ecdn.analysis.fi/static/js/fab.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.71.236.117 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: nb-212-71-236-117.london.nodebalancer.linode.com
Software: nginx/1.12.2 /
Resource Hash: affd87461f2babd57a2f7aec75e9193e8e71a377e8249a02c95a5f43326e289e

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 24 Mar 2020 16:59:06 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Jul 2015 00:00:00 GMT
Server: nginx/1.12.2
ETag: "55a5a280-560"
Content-Type: application/javascript
Cache-Control: max-age=3600
Connection: close
Content-Length: 1376
Expires: Tue, 24 Mar 2020 17:59:06 GMT

GET
H2 200 ipb_print.css
www.bleepingcomputer.com/forums/public/style_css/css_7/ 3 KB
1 KB 57ms
53ms Stylesheet
text/css 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/forums/public/style_css/css_7/ipb_print.css

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbd8236978dd3f165bc49566f78c460e3937e552df38787439c1ef2797c4c709

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: br
cf-cache-status: HIT
age: 1736
cf-polished: origSize=2715
status: 200
last-modified: Thu, 02 Jan 2020 17:02:25 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"a9b-59b2b285311b3-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=18000
content-security-policy: upgrade-insecure-requests;
cf-ray: 5791f1fd4f5bd8f1-AMS
cf-bgj: minify

GET
H2 200 cmp.js Show response
quantcast.mgr.consensu.org/ 225 KB
61 KB 16ms
13ms Script
text/javascript 2600:9000:20e8:3e00:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/cmp.js
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20e8:3e00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 826acef37820db4f3e9b999fa220c33e40cdd0b862f9717190a775dddd38d846

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:48:28 GMT
content-encoding: gzip
last-modified: Tue, 17 Mar 2020 20:57:22 GMT
server: AmazonS3
age: 1432
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-meta-qc-ineu: True
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: zM02oxaPJ8xCNHyeAn8z7-a2_CjBz_FkLCP0HXgdae88u3y8k4M0Wg==
via: 1.1 c6649c9545bbfa66bc79c9ba552d7a4a.cloudfront.net (CloudFront)

GET
H2 200 user_navigation.png
www.bleepingcomputer.com/forums/public/style_images/master/ 191 B
425 B 55ms
53ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/user_navigation.png

Requested by

Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab1a12c0da652f8e525d21b28ca7c45b5ea34e787b561120cd8564089faf2a96

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 1757379
cf-polished: pngoptimizer, origSize=282, status=vary_header_present
status: 200
content-length: 191
last-modified: Tue, 01 Mar 2011 13:54:08 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "11a-49d6c2153a000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Fri, 03 Apr 2020 08:50:14 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f5fd8f1-AMS
cf-bgj: imgq:100

GET
H2 200 advanced_search.png
www.bleepingcomputer.com/forums/public/style_images/master/ 272 B
424 B 59ms
58ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/advanced_search.png

Requested by

Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a55c6652514d6e2ebc88198444ac6b199e6ad119d0d009eea0a52e87cd7b39df

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 639342
cf-polished: pngoptimizer, origSize=293, status=vary_header_present
status: 200
content-length: 272
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "125-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Thu, 16 Apr 2020 07:24:11 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f60d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 search_icon.png
www.bleepingcomputer.com/forums/public/style_images/master/ 202 B
376 B 50ms
50ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/search_icon.png

Requested by

Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51f20d95dad9ea1473e4f877b5f7a7d8bcd589f1f989b8875ffddd83ae716a21

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 336454
cf-polished: pngoptimizer, origSize=223, status=vary_header_present
status: 200
content-length: 202
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "df-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Sun, 19 Apr 2020 19:32:19 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f62d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 icon_quicknav.png
www.bleepingcomputer.com/forums/public/style_images/master/ 374 B
521 B 68ms
68ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/icon_quicknav.png

Requested by

Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef879b83b39fe97ac9e83cc9329bf03ec9199fe7433b1ae62d311ef1dac86cbc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 36987
cf-polished: pngoptimizer, origSize=489, status=vary_header_present
status: 200
content-length: 374
last-modified: Fri, 01 Jul 2011 10:17:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "1e9-4a6ff53f0bd80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Thu, 23 Apr 2020 06:43:26 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f63d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 1278
date: Tue, 24 Mar 2020 16:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Tue, 24 Mar 2020 18:38:35 GMT

GET
H2 200 maintitle.png
www.bleepingcomputer.com/forums/public/style_images/master/ 193 B
340 B 35ms
35ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/maintitle.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8347a92981a0fdc73af9e2536f688b1a14e6ebea3b4ee5df22e6654bb5e8ca6c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 36939
cf-polished: pngoptimizer, origSize=295, status=vary_header_present
status: 200
content-length: 193
last-modified: Tue, 01 Mar 2011 13:54:08 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "127-49d6c2153a000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Thu, 23 Apr 2020 06:44:14 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f68d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 icon_warning.png
www.bleepingcomputer.com/forums/public/style_images/master/ 270 B
435 B 52ms
52ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/icon_warning.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea99b0d7d706f0144a121af332e2efaae3a1fa76a4a3dbdbec7faa2b0177a2b0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
cf-cache-status: HIT
age: 815583
cf-polished: origSize=408, status=vary_header_present
status: 200
content-length: 270
last-modified: Wed, 20 Apr 2011 21:00:34 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "198-4a15fea6fc080"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Tue, 14 Apr 2020 06:26:50 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fd4f6ad8f1-AMS
cf-bgj: imgq:100

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 27ms
26ms Image
image/gif 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=406030691&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&ul=en-us&de=windows-1252&dt=Coronavirus%20DNS%20Router%20Hijack%20-%20General%20Security&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1930948200&gjid=493626348&cid=2024489675.1585069194&tid=UA-91740-1&_gid=1362253316.1585069194&_r=1&gtm=2ou3b2&z=1255420559

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cmp-3pc-check.html
static.quantcast.mgr.consensu.org/v31/ Frame 981E 0
0 9ms
9ms Document
text/html 2600:9000:2182:a600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v31/cmp-3pc-check.html
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:a600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: static.quantcast.mgr.consensu.org
:scheme: https
:path: /v31/cmp-3pc-check.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
content-type: text/html
content-length: 645
last-modified: Tue, 17 Mar 2020 20:57:17 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Tue, 24 Mar 2020 16:47:20 GMT
etag: "55b98270d639ef0c34781d9f03cce91f"
x-cache: Hit from cloudfront
via: 1.1 91528fdf97ef415d04fa66a0fbb562d7.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: oUZw9DZ9LA26UJmQPrP7jZ9t1lK9Oqt48V7_N9olVT8yxkzSJJUFHQ==
age: 1253

GET
H2 200 cmpui-popup.js Show response
static.quantcast.mgr.consensu.org/v31/ 230 KB
61 KB 12ms
11ms Script
text/javascript 2600:9000:2182:a600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v31/cmpui-popup.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:a600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fb182fea82c5fe2b1b8e719010edd3a5bf03d79ff97f6c4e7865a9ead22b4be0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:46:35 GMT
content-encoding: gzip
last-modified: Tue, 17 Mar 2020 20:57:16 GMT
server: AmazonS3
age: 847
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: 1HvZchxPkbs2VziyF9oCW7ie_Enht0Q_6xDVAYulzUWb2TK0xT8RDg==
via: 1.1 91528fdf97ef415d04fa66a0fbb562d7.cloudfront.net (CloudFront)

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
476 B 70ms
22ms Image
image/x-icon 172.217.18.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 15:32:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5272
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Wed, 25 Mar 2020 15:32:01 GMT

GET
H/1.1 200
OK cookie Show response
d.pub.network/ 36 B
472 B 674ms
116ms XHR
text/plain 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/cookie
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 6d23d7ff2f06ad17ac56343691478749067f612c4574a45e38c5f60bf08b6755

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 24 Mar 2020 16:59:54 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 43 KB
14 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a4f0e8c39215f22253ccbba8d94aaf7d5cce967a7f746234af6750de3df5af3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "465 / 675 of 1000 / last-modified: 1585062257"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 14409
x-xss-protection: 0
expires: Tue, 24 Mar 2020 16:59:53 GMT

GET
H/1.1 200
OK gallery.js Show response
freestar-io.videoplayerhub.com/ 101 KB
26 KB 108ms
41ms Script
application/javascript 99.86.3.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-io.videoplayerhub.com/gallery.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.3.37 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-37.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ad4d57b8c2ac583a0b890f4bd88990ecbe76a7e1463f2508dd7cde85fa55aad9

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: HyfDQPRwTVUvKVqE3e.nnmfw7fIrXN8d
Content-Encoding: gzip
Last-Modified: Tue, 24 Mar 2020 16:08:09 GMT
Server: AmazonS3
Age: 63
Date: Tue, 24 Mar 2020 16:59:14 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 92ab13182d4b89ed20b3b5c10adc4f23.cloudfront.net (CloudFront)
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA6-C1
Connection: keep-alive
X-Amz-Cf-Id: 5addp8yrAuhbVUtM2t4X1Ox5lbckkVnuHK1Ub8qy7sHz_G92zBOb1g==

GET
H2 200 prebid-analytics-3.6.2.js Show response
a.pub.network/core/ 350 KB
106 KB 197ms
197ms Script
text/html 2606:4700:20::681a:18b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:18b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00a30ea925e1a7fdcb597a0c8fe4320e4a897495f6c24ad89bacfb9772d2d7e8

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:54 GMT
content-encoding: br
cf-cache-status: BYPASS
status: 200
x-guploader-uploadid: AEnB2Urk2k-VAgIr5RgPYWr_IrMGVHzOHHt9ONA4Y7zxxLpj2qvXfOMkol62LOTdRd8Qc-Jd0UVArHT8EHQa63y2lSzm0Dh8uA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
last-modified: Fri, 28 Feb 2020 20:11:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=zs10DQ==, md5=a/aOr3cetk5W0I0PmuPrIQ==
content-type: text/html
x-goog-generation: 1582920668771105
cache-control: private
x-goog-stored-content-length: 358240
cf-ray: 5791f1fe4fc497f0-FRA
expires: Wed, 24 Mar 2021 16:59:54 GMT

GET
H/1.1 200
OK location Show response
d.pub.network/ 51 B
498 B 347ms
116ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/location
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 6358c6ea8da1fcf2fc88c991a803c1a5f63b13247d7c546f1e3365ce17ec484d

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 24 Mar 2020 16:59:54 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 vendorlist.json Show response
vendorlist.consensu.org/ 95 KB
18 KB 13ms
13ms XHR
application/json 2600:9000:214f:6800:1:af78:4c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vendorlist.consensu.org/vendorlist.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:214f:6800:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: da24f37a3ad56fc3b77e90a32126666618054524db6f13f7be6ad68bfa84340f

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 19 Mar 2020 16:12:33 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 434841
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 19 Mar 2020 16:00:33 GMT
server: AmazonS3
access-control-max-age: 604800
access-control-allow-methods: GET
x-amz-version-id: n4_Yc2xvVXv5oSengNl9TRy7S7VJGMOn
via: 1.1 18e87eada05046c231b7f49230fa6dc4.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA53-C1
content-type: application/json; charset=utf-8
x-amz-cf-id: y2Cs9dFscaxC84CipS0NK5uwaOV_6WA53HbEIEX73auny8zr2M5AHA==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 17ms
17ms Script
application/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 16ms
16ms Script
application/javascript 2a00:1450:4001:81b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2020030501.js Show response
securepubads.g.doubleclick.net/gpt/ 165 KB
60 KB 78ms
31ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

sffe /

Resource Hash

8ee04e0441c9e51785d17ac835a93cf4d30d90826f87350b42ba233496a26f55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Mar 2020 14:08:10 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 61481
x-xss-protection: 0
expires: Tue, 24 Mar 2020 16:59:54 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e6d74e34050ec28b58e153e4692bf53219824abd604a1f10b424e3fba6c8792b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: gb9VBKk1QEzhmJpaV71FsA==
status: 200
date: Tue, 24 Mar 2020 16:59:54 GMT, Tue, 24 Mar 2020 16:59:54 GMT
expires: Tue, 24 Mar 2020 17:15:36 GMT
alt-svc: h3-27=":443"; ma=3600
content-length: 1782
x-fb-debug: zetm+2sbnxCDX2wKIgvN5ic5BmigIt7c+r7VFADzOeemUEdT1noTNXSwF7/rN055R6gkYJ/5OR8uK0Pa298p3Q==
x-fb-trip-id: 2000377899
x-fb-content-md5: 87e78831a78a23632212f5c31132b51c
etag: "44a9a1777f791f3db808db6a1451af6a"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.JKCQ2Hvuo0E.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ/ 140 KB
49 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.JKCQ2Hvuo0E.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24b45790f58b5d8c376ea8320617b5defa1c88576b7b8df5abf1337a758adba3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 21 Jan 2020 20:16:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 15 Jan 2020 20:40:07 GMT
server: sffe
age: 5431417
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 50234
x-xss-protection: 0
expires: Wed, 20 Jan 2021 20:16:16 GMT

POST
H2

307

/ Show response
r.skimresources.com/api/
Redirect Chain

https://r.skimresources.com/api/
https://r.skimresources.com/api/?xguid=01E46QRYTTV6JBM3QRJCNSQMSE&persistence=1&checksum=155af53ad58b1d217773468ed715702db8c769221c5ddd259da2fed48a3167f7

0
-1 B

63ms
25ms

XHR
text/html

35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?xguid=01E46QRYTTV6JBM3QRJCNSQMSE&persistence=1&checksum=155af53ad58b1d217773468ed715702db8c769221c5ddd259da2fed48a3167f7

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:54 GMT
via: 1.1 google
server: openresty/1.11.2.5
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://r.skimresources.com/api/?xguid=01E46QRYTTV6JBM3QRJCNSQMSE&persistence=1&checksum=155af53ad58b1d217773468ed715702db8c769221c5ddd259da2fed48a3167f7
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 307
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
content-type: text/html
alt-svc: clear
content-length: 193

Redirect headers

date: Tue, 24 Mar 2020 16:59:54 GMT
via: 1.1 google
server: openresty/1.11.2.5
status: 307
location: https://r.skimresources.com/api/?xguid=01E46QRYTTV6JBM3QRJCNSQMSE&persistence=1&checksum=155af53ad58b1d217773468ed715702db8c769221c5ddd259da2fed48a3167f7
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
content-type: text/html
alt-svc: clear
content-length: 193

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame E774 0
105 B 64ms
25ms Image
text/plain 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.9882117282205092
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 47.67.201.35.bc.googleusercontent.com
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 206
date: Tue, 24 Mar 2020 16:59:54 GMT
via: 1.1 google
server: Python/3.7 aiohttp/3.5.4
alt-svc: clear
content-length: 0
content-type: text/plain charset=UTF-8

GET
H2 200 px.gif
p.skimresources.com/ 43 B
107 B 34ms
31ms Image
image/gif 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=2.388314172200524
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: UploadServer /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:54 GMT
status: 200
x-guploader-uploadid: AEnB2Ur5w4UvV1p8-8G03vDdxXu2LED5qToCm-6ebZ4HYLzjbOSuud-7P5pqFYsYoeOLnjyosBpC9dgXOwUqjFmux-tVh2D53Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-length: 43
x-hw: 1585069194.cds015.pa1.hc,1585069194.cds041.pa1.c
last-modified: Tue, 23 Oct 2018 13:19:28 GMT
server: UploadServer
etag: "f837aa60b6fe83458f790db60d529fc9"
x-goog-hash: crc32c=xra6Ow==, md5=+DeqYLb+g0WPeQ22DVKfyQ==
x-goog-generation: 1540300768038458
cache-control: public, max-age=7200
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
494 B 34ms
30ms Image
image/gif 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=2.388314172200524
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: UploadServer /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:54 GMT
status: 200
x-guploader-uploadid: AEnB2Ur5w4UvV1p8-8G03vDdxXu2LED5qToCm-6ebZ4HYLzjbOSuud-7P5pqFYsYoeOLnjyosBpC9dgXOwUqjFmux-tVh2D53Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-length: 43
x-hw: 1585069194.cds015.pa1.hc,1585069194.cds041.pa1.c
last-modified: Tue, 23 Oct 2018 13:19:28 GMT
server: UploadServer
etag: "f837aa60b6fe83458f790db60d529fc9"
x-goog-hash: crc32c=xra6Ow==, md5=+DeqYLb+g0WPeQ22DVKfyQ==
x-goog-generation: 1540300768038458
cache-control: public, max-age=7200
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif

GET
H2 200 snapback.png
www.bleepingcomputer.com/forums/public/style_images/master/ 225 B
482 B 30ms
30ms Image
image/png 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/snapback.png

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6f53994bd0a6283fdf4da164ad798f20405f97f93d533091fc34bbe69a3c57f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:54 GMT
cf-cache-status: HIT
age: 1491753
cf-polished: pngoptimizer, origSize=320, status=vary_header_present
status: 200
content-length: 225
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "140-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/png
expires: Mon, 06 Apr 2020 10:37:21 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fedc74d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 loading.gif
www.bleepingcomputer.com/forums/public/style_images/master/lightbox/ 2 KB
2 KB 32ms
31ms Image
image/gif 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/lightbox/loading.gif

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61da0a4638505960ec52709b7df80d92683c56e13042079daf5f082fc9548d5e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:54 GMT
cf-cache-status: HIT
age: 730056
cf-polished: origSize=2767, status=vary_header_present
status: 200
content-length: 1588
last-modified: Thu, 18 Dec 2008 14:27:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "acf-45e52fc88de00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/gif
expires: Wed, 15 Apr 2020 06:12:18 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fedc77d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 closelabel.gif
www.bleepingcomputer.com/forums/public/style_images/master/lightbox/ 471 B
629 B 40ms
39ms Image
image/gif 104.20.60.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bleepingcomputer.com/forums/public/style_images/master/lightbox/closelabel.gif

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.60.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e89beb7d66ef7d5e58dfcefd22a51e1a8ae452a49bc20d020418cf2b6c666d0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Tue, 24 Mar 2020 16:59:54 GMT
cf-cache-status: HIT
age: 123356
cf-polished: origSize=483, status=vary_header_present
status: 200
content-length: 471
last-modified: Mon, 03 May 2010 23:34:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "1e3-485b90722ae80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/gif
expires: Wed, 22 Apr 2020 06:43:58 GMT
cache-control: max-age=2592000
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
cf-ray: 5791f1fedc79d8f1-AMS
cf-bgj: imgq:100

GET
H2 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.JKCQ2Hvuo0E.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ/ 95 KB
33 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.JKCQ2Hvuo0E.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f911bdd7b17d93b0528cbd2ece126cc99e61bc25addfb75e3d2ff4a69e115c9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 21 Mar 2020 06:10:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 15 Jan 2020 20:40:07 GMT
server: sffe
age: 298187
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 33741
x-xss-protection: 0
expires: Sun, 21 Mar 2021 06:10:07 GMT

GET
H2 404 fastbutton
apis.google.com/se/0/_/+1/ Frame E9F7 0
0 29ms
29ms Document
text/html 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&count=false&size=small&hl=en-GB&origin=https%3A%2F%2Fwww.bleepingcomputer.com&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.JKCQ2Hvuo0E.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: apis.google.com
:scheme: https
:path: /se/0/_/+1/fastbutton?usegapi=1&count=false&size=small&hl=en-GB&origin=https%3A%2F%2Fwww.bleepingcomputer.com&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.JKCQ2Hvuo0E.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=200=fVJxPZ6RJDtZ8T8j_5s-6fFw-gafTYgqhACWo7hYaQZwqYujt4OHhnBirHS1Vvsd-89HDYoRPRItxGnw46Z6OHT1e337jmjXCfKC0yET64l3XsBbGmHXeSXbyVW8_1J6rvLsvrjzlfnb640J_JuLz4bM-Z-WrsjO7shfa1vU1E0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 404
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 24 Mar 2020 16:59:54 GMT
content-security-policy-report-only: script-src 'report-sample' 'nonce-RhClzjMzBSfblTFYzL6s3A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 204 csi
csi.gstatic.com/ 0
325 B 50ms
37ms Image
image/gif 2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csi.gstatic.com/csi?v=3&s=gapi_global&action=global&it=blt.1,psi.2&srt=989&e=abc_l0,abc_m0,abc_u0&rt=
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 204
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 csi
csi.gstatic.com/ 0
56 B 51ms
38ms Image
image/gif 2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csi.gstatic.com/csi?v=3&s=gapi_module&action=plusone&it=mli.62,mei.9&srt=989&e=abc_l0,abc_m0,abc_pplusone,abc_u0&rt=
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 204
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 CookieAccess Show response
api.quantcast.mgr.consensu.org/ 30 B
597 B 174ms
128ms XHR
application/json 143.204.201.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.quantcast.mgr.consensu.org/CookieAccess
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.21 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-21.fra53.r.cloudfront.net
Software: /
Resource Hash: 5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:54 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-amzn-requestid: 397e62c2-da2b-4f2e-895e-893a24f8f13a
x-cache: Error from cloudfront
status: 404
x-amz-apigw-id: J55lmEa1IAMFXCw=
content-length: 50
access-control-allow-origin: https://www.bleepingcomputer.com
x-amzn-trace-id: Root=1-5e7a3c8a-4871730440dd951e6725c796;Sampled=0
vary: Origin
access-control-allow-methods: GET, POST
content-type: application/json
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
x-amz-cf-id: ISE7E1fF4XS0VFrOXO2afpBvTnbno-k6wZ0v-WMZFEBtC8BuFzGGhQ==

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 385 KB
111 KB 17ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=093559011208681c11f54323cf224390&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9a58956bd6b67646d449fb867ad86bb1f323dacf0f20a1fd384bd61c057d5a85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: gIUrpDIH5AVS3jNtohJ0QQ==
status: 200
date: Tue, 24 Mar 2020 16:59:54 GMT, Tue, 24 Mar 2020 16:59:54 GMT
expires: Wed, 24 Mar 2021 16:55:37 GMT
alt-svc: h3-27=":443"; ma=3600
content-length: 113336
x-fb-debug: Bpc6cPHMJ/yxfMuDKVFpWfU1y7UzqBhUGtxS5PMs8q/LxJlKmMEnA0O5vbFcHrAHT2zfPIw8M+g/mkHFveYCGA==
x-fb-trip-id: 420120009
x-fb-content-md5: 7dddb9ad218be41d91b6b9be83eb4a61
etag: "61ed72c5663c6986020c4102655b2db8"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 postmessageRelay
accounts.google.com/o/oauth2/ Frame 16D5 0
0 31ms
18ms Document
text/html 2a00:1450:4001:81b::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.JKCQ2Hvuo0E.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.JKCQ2Hvuo0E.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-69SuK9xpLpBfI8aEmO3QFg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.bleepingcomputer.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.JKCQ2Hvuo0E.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOl3FsgYnTqVeIFUJJD2j4-pO09lQ%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=200=fVJxPZ6RJDtZ8T8j_5s-6fFw-gafTYgqhACWo7hYaQZwqYujt4OHhnBirHS1Vvsd-89HDYoRPRItxGnw46Z6OHT1e337jmjXCfKC0yET64l3XsBbGmHXeSXbyVW8_1J6rvLsvrjzlfnb640J_JuLz4bM-Z-WrsjO7shfa1vU1E0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 24 Mar 2020 16:59:54 GMT
content-security-policy: script-src 'report-sample' 'nonce-69SuK9xpLpBfI8aEmO3QFg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 204 csi
csi.gstatic.com/ 0
47 B 42ms
40ms Image
image/gif 2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csi.gstatic.com/csi?v=3&s=gapi_module&action=auth___plusone&it=mli.33,mei.4&srt=989&e=abc_l0,abc_m0,abc_pauth___plusone,abc_u0&rt=
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 204
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
r.skimresources.com/api/ 152 B
496 B 25ms
24ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?xguid=01E46QRYTTV6JBM3QRJCNSQMSE&persistence=1&checksum=155af53ad58b1d217773468ed715702db8c769221c5ddd259da2fed48a3167f7

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

d16375871b3270c80bc80ed55f08ecd609021f644d8c8375f08d3f43161b2e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 24 Mar 2020 16:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
status: 200
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
content-type: application/json
alt-svc: clear
via: 1.1 google

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 87 KB
25 KB 128ms
58ms Script
application/javascript 143.204.213.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.213.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-213-153.fra53.r.cloudfront.net
Software: Server /
Resource Hash: ac2a58f9d55c4642121cfb6f7e213cbc882bbdd75ef171ca8a07ed982ef693ce

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 23 Mar 2020 22:00:54 GMT
content-encoding: gzip
server: Server
age: 68339
etag: 1dcfbf3986ee8b9c3abbc67eb808ab43
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: yraKmH5b1kTVoBUEUDBIf4c09wZ40W69WwKgJbaHVrXEhLiX2TU1DQ==
via: 1.1 6080b2713e502211e152f21f5c59c5a7.cloudfront.net (CloudFront)

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/ 90 KB
19 KB 73ms
24ms Script
text/javascript 151.101.13.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/config.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 11f8afeee2efd88c6fd1beb2de291f18e93bc6bad5e0f6049ac01329a4900c7d

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 24 Mar 2020 16:59:54 GMT
Content-Encoding: gzip
Age: 1310
X-Cache: HIT
Connection: keep-alive
Content-Length: 19255
x-amz-id-2: NFNA2dRyi5gehRM8QwgphKXzWnoVHc5proTpAUR36NDoRyxQTJOY41K1dxyDOBL3FzKoH1AnOL4=
X-Served-By: cache-fra19167-FRA
Last-Modified: Tue, 24 Mar 2020 16:36:02 GMT
Server: AmazonS3
X-Timer: S1585069194.180686,VS0,VE0
ETag: "cafc0a61cde4dbe49100dbd764c7eb9b"
x-amz-request-id: B3C313DC81EC2CA3
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 44

GET
H/1.1 200
OK v2 Show response
d.pub.network/floors/ 2 KB
3 KB 588ms
118ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/floors/v2?key=535desktop
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: a824dda79f342fc661990ca6d602c116b09992928e8944871ac81768c1d63485

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 24 Mar 2020 16:59:54 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 beacon.js Show response
ad-delivery.net/ 1 KB
989 B 66ms
22ms Script
application/x-javascript 143.204.201.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad-delivery.net/beacon.js
Requested by: Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.77 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-77.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Tue, 31 Jan 2017 15:06:54 GMT
server: AmazonS3
age: 2173
date: Tue, 24 Mar 2020 16:23:44 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: LvWM4t8R6vNn9pUT9I9-fQ3lNyhH-zqWLs5E0wMZJ3UMH4g4Z_DR_w==
via: 1.1 fc7091924e65025d5bfb92361ec3e660.cloudfront.net (CloudFront)

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 48ms
33ms Fetch
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=942111685863795&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=093559011208681c11f54323cf224390&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
x-fb-debug: qPPN8G2Cup8o26prmBUK0T0smfBAZhG3NFNtshou7th8ZDsjMtvUzpf0x3Izvf/3gbPtQkyTMcFzsKkz0L4/fg==
fb-s: unknown
status: 200
date: Tue, 24 Mar 2020 16:59:54 GMT, Tue, 24 Mar 2020 16:59:54 GMT
strict-transport-security: max-age=15552000; preload
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-27=":443"; ma=3600
content-length: 0
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
349 B 32ms
31ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/3687X620620.skimlinks.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:54 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
status: 200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 22

GET
H2 200 iab Show response
api.skimlinks.mgr.consensu.org/ 772 B
643 B 71ms
28ms XHR
application/json 35.190.40.172
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.skimlinks.mgr.consensu.org/iab?nocache=1585069194152

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/3687X620620.skimlinks.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.190.40.172 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

172.40.190.35.bc.googleusercontent.com

Software

nginx/1.14.0 /

Resource Hash

4898c2b9f8c2f931ef6a819d36e0019867931d9519af933ab4bd5edce724b2a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx/1.14.0
access-control-allow-headers: *
status: 200
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gpt/202003181643/ 108 KB
37 KB 23ms
23ms Script
application/javascript 151.101.13.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202003181643/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1457b36acce37419d32c4404c4ae21c4b788d076069351cad4d4c3e4600a37c8

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 24 Mar 2020 16:59:54 GMT
Content-Encoding: gzip
Age: 497
X-Cache: HIT
Connection: keep-alive
Content-Length: 36808
x-amz-id-2: Az5ZnVBUhbLvN3H9szHsoCq8pZKQnUtfagLVnaXPkEuj0u98qABLVMqiZVS5kta1CBbgA6alHhQ=
X-Served-By: cache-fra19167-FRA
Last-Modified: Thu, 19 Mar 2020 13:45:38 GMT
Server: AmazonS3
X-Timer: S1585069194.222601,VS0,VE0
ETag: "404a602404fd0f43d9a174f63e9d294f"
x-amz-request-id: A07FF8D5A6BE18CD
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 18639

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/prebid/202003181643/ 32 KB
13 KB 57ms
21ms Script
application/javascript 151.101.13.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/prebid/202003181643/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/d5CEaYYEzMwqV3dGpQ3IFjCM27s/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.194 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7b795ad72976ab8e30274524f9ae792a16ee8d13598a39b6674bb950439e0557

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 24 Mar 2020 16:59:54 GMT
Content-Encoding: gzip
Age: 765
X-Cache: HIT
Connection: keep-alive
Content-Length: 12241
x-amz-id-2: wfRyvwe6x7RtJNDRm0OE+c4Dyf41sp6nfVXIY4i1Jf11Bgyxa1qkhX+uK61tyMEDQtf3Kkn3Kqg=
X-Served-By: cache-fra19167-FRA
Last-Modified: Thu, 19 Mar 2020 13:45:40 GMT
Server: AmazonS3
X-Timer: S1585069194.258106,VS0,VE0
ETag: "374ac4239c490d2b558be4671b00ec24"
x-amz-request-id: DF728634B2CFBA3E
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 477

GET
H2

200

/
p.skimresources.com/ Frame E774
Redirect Chain

https://sync.crwdcntrl.net/map/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D
https://x.skimresources.com/?provider=lotame&skim_mapping=true&provider_id=d8847cd5aefdd7fec0ce817ba937f88e
https://p.skimresources.com/?provider_id=d8847cd5aefdd7fec0ce817ba937f88e&skim_mapping=true

43 B
265 B

640ms
640ms

Image
image/gif

151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/?provider_id=d8847cd5aefdd7fec0ce817ba937f88e&skim_mapping=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: UploadServer /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:55 GMT
status: 200
x-guploader-uploadid: AEnB2UpexE8e79ZN9V8ysQX6-t1h9Q6odvjAPvb5MZhTkLgw_a0cT6-C1K8pG1F3GErO0Q5km-8hLkNsculexxlKkYdHQNxCdw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-length: 43
x-hw: 1585069194.cds015.pa1.hc,1585069194.cds044.pa1.sc,1585069195.cds044.pa1.pr
last-modified: Tue, 23 Oct 2018 13:19:28 GMT
server: UploadServer
etag: "f837aa60b6fe83458f790db60d529fc9"
x-goog-hash: crc32c=xra6Ow==, md5=+DeqYLb+g0WPeQ22DVKfyQ==
x-goog-generation: 1540300768038458
cache-control: public, max-age=7200
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif

Redirect headers

Location: https://p.skimresources.com?provider_id=d8847cd5aefdd7fec0ce817ba937f88e&skim_mapping=true
Date: Tue, 24 Mar 2020 16:59:54 GMT
Server: TornadoServer/2.4.1
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 66ms
25ms XHR
application/javascript 143.204.213.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.213.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-213-153.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 08:46:05 GMT
content-encoding: gzip
vary: Origin
age: 29630
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 05 Mar 2020 08:28:46 GMT
server: AmazonS3
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 960a66a5b9d832814160983d391e997c.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: rcbL3dq1t-UvRF9FKXtXRUG4LvEEshXmsNIEF4bdcFyegD7nCuptSA==

GET
H2 200 like.php
www.facebook.com/plugins/ Frame 3F88 0
0 66ms
66ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?action=like&app_id=942111685863795&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df1063c8808f369%26domain%3Dwww.bleepingcomputer.com%26origin%3Dhttps%253A%252F%252Fwww.bleepingcomputer.com%252Ff23ec14b6bf4d7c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&width=150

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=093559011208681c11f54323cf224390&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /plugins/like.php?action=like&app_id=942111685863795&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D46%23cb%3Df1063c8808f369%26domain%3Dwww.bleepingcomputer.com%26origin%3Dhttps%253A%252F%252Fwww.bleepingcomputer.com%252Ff23ec14b6bf4d7c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&width=150
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
strict-transport-security: max-age=15552000; preload
content-encoding: br
timing-allow-origin: *
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-type: text/html; charset="utf-8"
x-fb-debug: EC/YTj6+bNnKhUFpBQl9GlKdmvVjygSAYVbMu1dLdo2RkNu/eIgkrd3PzQ5Xht96/N1ARtC46+GqtCtzgIo1XA==
date: Tue, 24 Mar 2020 16:59:54 GMT Tue, 24 Mar 2020 16:59:54 GMT
alt-svc: h3-27=":443"; ma=3600

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
377 B 75ms
74ms XHR
text/javascript 143.204.213.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&pid=YJFuUOVVXd41o&cb=0&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_2%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.213.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-213-153.fra53.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:54 GMT
via: 1.1 6080b2713e502211e152f21f5c59c5a7.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA53-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: ms51w059wWj5ujGv_29BhDJRS3PZ4pvhvRJzABZakwDTGL7EuS3pRw==

GET
H2 200 / Show response
audit.quantcast.mgr.consensu.org/ 80 B
486 B 72ms
23ms XHR
text/html 143.204.201.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://audit.quantcast.mgr.consensu.org/?log=;1585069194502;BleepingComputer.com;https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F;;;;;p,off,false,,1,en,31,194,true,false,false;displayConsentUi:mandatory,;GDPR-axv4tobj9coh0p395chx
Requested by: Host: static.quantcast.mgr.consensu.org
URL: https://static.quantcast.mgr.consensu.org/v31/cmpui-popup.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-65.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 07:18:07 GMT
via: 1.1 78c402b74e65ae12b398b6b957ab229e.cloudfront.net (CloudFront)
vary: Origin
age: 34907
x-cache: Hit from cloudfront
status: 200
content-length: 80
last-modified: Mon, 11 Jun 2018 22:07:34 GMT
server: AmazonS3
etag: "0614149d8033903db5de46d6c184bbfd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-amz-cf-id: 9z_mOjU3-OwTRCMfXbwtiW3A7eArZCoNl0lMI48Atl1iO1_s4mFbwQ==

GET
H/1.1 200
OK jquery.color-2.1.2.min.js Show response
cluster-na.cdnjquery.com/color/ 91 B
355 B 430ms
105ms Script
text/javascript 34.200.100.213
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://cluster-na.cdnjquery.com/color/jquery.color-2.1.2.min.js?integrity=btjsonpcallback1585069194593&checksum=%7B%22cbc%22%3A0%2C%22st%22%3A2%2C%22au%22%3A%5B%5D%2C%22hau%22%3A%5B%5D%2C%22ref%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F%22%2C%22aa%22%3A3%2C%22pgid%22%3A%22e21deac7-6df0-11ea-a465-15e34bf7f283%22%2C%22v%22%3A1%2C%22format%22%3A%22jsonp%22%7D&o=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&csVersion=1.21.48&clearThroughOptions=undefined

Requested by

Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.200.100.213 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-200-100-213.compute-1.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

de029d5df78558facd90d94f1d36cc209d68f8af6e7b35753012d6846137acee

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 24 Mar 2020 16:59:54 GMT
Content-Encoding: gzip
Server: nginx/1.12.1
ETag: W/"5b-JIHRe2yT3psp++k/lRv4Z0ltKeQ"
X-Frame-Options: DENY
Content-Type: text/javascript; charset=utf-8
Charset: utf8
Connection: keep-alive
Content-Length: 83

GET
H2 200 px.gif
ad-delivery.net/ 43 B
387 B 23ms
23ms Image
image/gif 143.204.201.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.9870485048217117
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.77 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-77.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-amz-version-id: null
via: 1.1 fc7091924e65025d5bfb92361ec3e660.cloudfront.net (CloudFront)
last-modified: Thu, 27 Jul 2017 18:59:05 GMT
server: AmazonS3
age: 99213
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache: Hit from cloudfront
content-type: image/gif
status: 200
date: Mon, 23 Mar 2020 18:11:37 GMT
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 43
x-amz-cf-id: FaA-gzPDM8pdJvWfLaYKY9TF2v7jvnULpEqyWfzubAqZmT0FdRQxEA==

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 477ms
116ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 6d23d7ff2f06ad17ac56343691478749067f612c4574a45e38c5f60bf08b6755

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 24 Mar 2020 16:59:55 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2

200

pixel.gif
load77.exelator.com/ Frame E774
Redirect Chain

https://x.skimresources.com/?provider=exelate
https://loadeu.exelator.com/load/?p=787&g=001&j=0&
https://loadeu.exelator.com/load/?p=787&g=001&j=0&&xl8blockcheck=1
https://load77.exelator.com/pixel.gif

43 B
273 B

78ms
23ms

Image
image/gif

195.181.175.52
CDN77

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://load77.exelator.com/pixel.gif
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.175.52 Frankfurt am Main, Germany, ASN60068 (CDN77, GB),
Reverse DNS: unn-195-181-175-52.datapacket.com
Software: CDN77-Turbo /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:55 GMT
last-modified: Wed, 25 Oct 2017 17:03:56 GMT
server: CDN77-Turbo
access-control-allow-origin: *
x-edge-location: frankfurtDE
etag: "59f0c3fc-2b"
x-cache: HIT
content-type: image/gif
status: 200
x-edge-ip: 195.181.175.50
x-age: 193068
accept-ranges: bytes
content-length: 43

Redirect headers

date: Tue, 24 Mar 2020 16:59:54 GMT
server: nginx/1.14.0
x-powered-by: Undertow/1
location: https://load77.exelator.com/pixel.gif
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
status: 302
cache-control: no-cache
access-control-allow-credentials: true
content-type: image/gif
content-length: 0

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 70ms
28ms XHR
text/plain 3.127.95.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=68f08dc7f39166&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.95.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-95-92.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:55 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 88ms
46ms XHR
text/plain 3.127.95.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=7d5d65bf6feae9&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.95.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-95-92.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:55 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 142ms
101ms XHR
text/plain 3.127.95.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=8c79e089768aaf&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.95.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-95-92.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:55 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 96ms
55ms XHR
text/plain 3.127.95.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=99d394a80ecf84&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.95.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-95-92.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:55 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 76ms
35ms XHR
text/plain 3.127.95.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=10816777b78031a&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.95.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-95-92.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:55 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
483 B 392ms
346ms XHR
application/json 3.122.6.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=3.6.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&tmax=1200

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.122.6.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-122-6-57.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 25 B
997 B 217ms
171ms XHR
application/json 95.101.185.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%22212d4731f570c69%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22223a996712a0c81%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22238e273733f2d46%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22244fa475f634ff5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2225add8fcd8b7bd9%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2226f16ec82624603%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2227c3c0cb3eeda34%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22288501bd6f5f4e2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b5d74481ad534af867a216fbde05fb50e0d3dcd65aab9709ccc16a7eeb1bac57

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:55 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 45
Expires: Tue, 24 Mar 2020 16:59:55 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 678 B
878 B 41ms
14ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 24 Mar 2020 16:59:55 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 379 B
1 KB 100ms
50ms XHR
application/json 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

908791d59aca7d13177e2b261ee243122bb76beedae62eb478339e7739df2a97

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:57 GMT
X-Proxy-Origin: 194.187.251.57; 194.187.251.57; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.15:80
AN-X-Request-Uuid: 0aa95b7e-6573-4b41-834a-aead72d81886
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 379
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536

0
-1 B

164ms
107ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536

0
-1 B

281ms
223ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536

0
-1 B

282ms
224ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536

0
-1 B

284ms
226ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536

0
-1 B

165ms
108ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536

0
-1 B

284ms
227ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536;
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536

0
-1 B

166ms
109ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 175 B
577 B 264ms
226ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&ch=windows-1252&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=df6dff20-6536-4df2-96de-8ba38e5d7552%2C685f2f73-2ef8-4c53-bea6-9088cf020fcb%2C0400c623-e25f-4767-9582-a12ecec0a0f9&nocache=1585069195538&pubcid=d22145fd-6c6b-4f28-bf8c-f40f2469d6a5&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250%7C728x90%2C970x90%2C970x250%7C728x90&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_728x90_320x50_InContent_2&auid=540959250%2C540959250%2C540959250&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash: 6b1970b8425df3eaca9068619293f85009f41c8470f18cd04a9adced66429f83

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
content-encoding: gzip
server: OXGW/16.179.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
261 B 63ms
25ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:55 GMT
server: cloudflare
cf-ray: 5791f2086b90c847-AMS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 379 B
1 KB 90ms
44ms XHR
application/json 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

efb10c1af2d10f1240f2c2fe5ad0aacf3f59594cb02e292fdfb368254f9e3ff6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:57 GMT
X-Proxy-Origin: 194.187.251.57; 194.187.251.57; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.55:80
AN-X-Request-Uuid: 6e2a0c05-37f8-476f-b240-fd52ce97276f
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 379
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
2 KB 262ms
177ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&tk_flint=pbjs_lite_v3.6.0&x_source.tid=df6dff20-6536-4df2-96de-8ba38e5d7552&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9474646527082555
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: c18ff738eb51e7bcb12f5ae939f208ed22e1cb0623670655c18badaf9bbfb3a7

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:55 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=130
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
2 KB 245ms
152ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&tk_flint=pbjs_lite_v3.6.0&x_source.tid=685f2f73-2ef8-4c53-bea6-9088cf020fcb&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.12704844299822593
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: bce94689bbba8e8e965033a2e5635b401222f34495cc35e8d956112c351a2a53

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:55 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=253
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
2 KB 292ms
199ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&tk_flint=pbjs_lite_v3.6.0&x_source.tid=0400c623-e25f-4767-9582-a12ecec0a0f9&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.46993013204708456
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: d5aa66e21fc16c6f9f30321e51fd4228772c7d82074559b63dd88ba885a38e5c

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:55 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=455
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2

302

ADTECH;apid=1Ae31349e8-6df0-11ea-bf59-1215cb940d7a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1Ae31349e8-6df0-11ea-bf59-1215cb940d7a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=15...

0
-1 B

229ms
229ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1Ae31349e8-6df0-11ea-bf59-1215cb940d7a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1Ae31349e8-6df0-11ea-bf59-1215cb940d7a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1Ae31349e8-6df0-11ea-bf59-1215cb940d7a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1Ae33c9334-6df0-11ea-bad7-12dfe7d1818c;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1Ae33c9334-6df0-11ea-bad7-12dfe7d1818c;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=15...

0
-1 B

377ms
376ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1Ae33c9334-6df0-11ea-bad7-12dfe7d1818c;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1Ae33c9334-6df0-11ea-bad7-12dfe7d1818c;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1Ae33c9334-6df0-11ea-bad7-12dfe7d1818c;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1Ae313bcac-6df0-11ea-a9e7-121b89dbed5a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae313bcac-6df0-11ea-a9e7-121b89dbed5a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=15...

0
-1 B

230ms
230ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae313bcac-6df0-11ea-a9e7-121b89dbed5a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae313bcac-6df0-11ea-a9e7-121b89dbed5a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae313bcac-6df0-11ea-a9e7-121b89dbed5a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1Ae324d0dc-6df0-11ea-a51b-12eca44d2d72;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1Ae324d0dc-6df0-11ea-a51b-12eca44d2d72;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=15...

0
-1 B

106ms
106ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1Ae324d0dc-6df0-11ea-a51b-12eca44d2d72;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1Ae324d0dc-6df0-11ea-a51b-12eca44d2d72;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1Ae324d0dc-6df0-11ea-a51b-12eca44d2d72;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1Ae324f832-6df0-11ea-9a84-12f6c3f4cbd0;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae324f832-6df0-11ea-9a84-12f6c3f4cbd0;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=15...

0
-1 B

103ms
103ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae324f832-6df0-11ea-9a84-12f6c3f4cbd0;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae324f832-6df0-11ea-9a84-12f6c3f4cbd0;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:55 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae324f832-6df0-11ea-9a84-12f6c3f4cbd0;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1Ae34d181c-6df0-11ea-abbd-1222202f268e;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;cfp=1;rndc=1585069194;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1Ae34d181c-6df0-11ea-abbd-1222202f268e;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=15...

0
-1 B

365ms
364ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1Ae34d181c-6df0-11ea-abbd-1222202f268e;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1Ae34d181c-6df0-11ea-abbd-1222202f268e;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1Ae34d181c-6df0-11ea-abbd-1222202f268e;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

302

ADTECH;apid=1Ae34e856c-6df0-11ea-8913-120ea4e1ae80;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536
https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae34e856c-6df0-11ea-8913-120ea4e1ae80;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=15...

0
-1 B

376ms
375ms

XHR

152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae34e856c-6df0-11ea-8913-120ea4e1ae80;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: nginx
access-control-allow-origin: https://www.bleepingcomputer.com
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae34e856c-6df0-11ea-8913-120ea4e1ae80;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
status: 302
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae34e856c-6df0-11ea-8913-120ea4e1ae80;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 5 KB
3 KB 513ms
513ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1613489963122746&correlator=2306017412495312&output=ldjh&impl=fifs&adsid=NT&vrg=2020030501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200324&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_728x90_320x50_InContent_2%2Cbleepingcomputer_1x1_pushdown&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x90%7C970x250%2C728x90%7C970x90%7C970x250%2C728x90%2C1x1&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7C&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1585069195&dt=1585069195916&dlt=1585069193605&idt=505&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C436%2C524%2C800&adys=231%2C7699%2C1551%2C0&adks=960084856%2C976516616%2C1808008496%2C2697902146&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&dssz=84&icsg=564049460898044&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x105%7C1392x105%7C1177x152%7C1600x7969&msz=970x90%7C1392x90%7C1177x90%7C1600x1&ga_vid=1313462793.1585069196&ga_sid=1585069196&ga_hid=406030691&fws=4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

c99c96552b9ea3bca1a34272110edc6a5eef7eeb8cd6b37ef942e164e0c45ed7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:56 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 2148
x-xss-protection: 0
google-lineitem-id: -2,-2,-2,4893662829
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-2,-2,138254592126
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2020030501.js Show response
securepubads.g.doubleclick.net/gpt/ 69 KB
25 KB 33ms
33ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

sffe /

Resource Hash

ffdc18ac8f47bcd50dd9c33532c334e7073717a62b367d95b9cb1561048547dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Mar 2020 14:08:10 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 25689
x-xss-protection: 0
expires: Tue, 24 Mar 2020 16:59:55 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 7ms
7ms Other
text/html 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

GET
H2 200 ADTECH;apid=1Ae324f832-6df0-11ea-9a84-12f6c3f4cbd0;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 605 B
736 B 431ms
431ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae324f832-6df0-11ea-9a84-12f6c3f4cbd0;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=630ab92aa876d4e;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 96be64f55a5171a9095d1b05c00c00fb5bd9b8afea33fbe025ca594ed7411a53

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Ae324d0dc-6df0-11ea-a51b-12eca44d2d72;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 605 B
736 B 202ms
202ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1Ae324d0dc-6df0-11ea-a51b-12eca44d2d72;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=62d54a4239e7b1f;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 405279128bf8e38d0aee9ec12259c75f255e0c0a022e1c5966f905f807f5637a

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Ae31349e8-6df0-11ea-bf59-1215cb940d7a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 606 B
761 B 190ms
189ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1Ae31349e8-6df0-11ea-bf59-1215cb940d7a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=618bc82d952d99c;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 9667231e0107bea8739390937441ba576e2a3abba0e4749377c724c4a3eec2f5

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Ae313bcac-6df0-11ea-a9e7-121b89dbed5a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 606 B
737 B 301ms
301ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae313bcac-6df0-11ea-a9e7-121b89dbed5a;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6747dcdffa31fd9;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: e7222bc5c528d9ec52c9bbd96f11876e798562510cfb24e72335b402d5269da3

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Ae33c9334-6df0-11ea-bad7-12dfe7d1818c;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 606 B
737 B 309ms
308ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;apid=1Ae33c9334-6df0-11ea-bad7-12dfe7d1818c;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=659f2a2488aad36;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: be8b85efb89b6d10191fe9f4c5a65daa19229921cbf4c1a169158f0362e5f4db

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Ae34d181c-6df0-11ea-abbd-1222202f268e;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 605 B
736 B 304ms
303ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;apid=1Ae34d181c-6df0-11ea-abbd-1222202f268e;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=64d1c60a1c6a1ae;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: d7b14748768134aaec65b13094c7f7c92eff569d1a25323c28c53a73f9b9d627

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;apid=1Ae34e856c-6df0-11ea-8913-120ea4e1ae80;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 606 B
737 B 174ms
174ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;apid=1Ae34e856c-6df0-11ea-8913-120ea4e1ae80;cfp=1;rndc=1585069195;v=2;cmd=bid;cors=yes;alias=6625ee58d604a22;misc=1585069195536
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 5471ef40d83869605686e1841919c73817a42478ee452ca7cc14eb157a4b4c27

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
375 B 90ms
90ms XHR
text/javascript 143.204.213.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&pid=XhYOUMbFCnEY3&cb=1&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.213.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-213-153.fra53.r.cloudfront.net
Software: Server /
Resource Hash: 89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:56 GMT
via: 1.1 6080b2713e502211e152f21f5c59c5a7.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA53-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: gp-Qp71WdtkH05U10g-XwG1ibLSUbI3h8TqiQWDYc9okhaAiPUty0A==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
377 B 164ms
164ms XHR
text/javascript 143.204.213.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&pid=1kGwULrxtHsRS&cb=2&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.213.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-213-153.fra53.r.cloudfront.net
Software: Server /
Resource Hash: 5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:56 GMT
via: 1.1 6080b2713e502211e152f21f5c59c5a7.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA53-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: Pmis2FzNulmBoiCEWPqUMw8FMKd9gdY4rbEGPVU465QwzVZUsffXlg==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
375 B 91ms
90ms XHR
text/javascript 143.204.213.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&pid=4NP6hWJ9K4anD&cb=3&ws=1600x1200&v=7.47.00&t=1000&slots=%5B%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_2%22%7D%5D&cfgv=0&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.213.153 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-213-153.fra53.r.cloudfront.net
Software: Server /
Resource Hash: 1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:56 GMT
via: 1.1 6080b2713e502211e152f21f5c59c5a7.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA53-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: k6tz-jC_fco-5Lwjk0ekmYyHJL5dzd88VyN09ZMr8t1zzs2-Q9UAoQ==

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame F1D5 0
0 38ms
37ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvBe6fY56YQh1vJDg5oHjJEg67oOcXhSQzUTqmpEK2qzkDL8MZjthrlP5V0IGBk60t_PBATMqcuOAOW2BHFfP8ppXh5pg6NtSvtFgmu5pgjmlGKY3jqw35uvubjuaLFSpF_eWRaYNFqYOlSOVU4orCrq-I9HonJ4KEzb1ShfhjbpMABOp76L6iZkPJQwCP7YVCCzOQiXXSBFPUqH5TP5YQ4JEPji9jyaV0hDLP-xB-jG8UixL10qdpnycCDaKEZ2gIG5EWFzjhQWbbGKcLRFJ04A_CLf6-7pj0Ck-EOHroUQzDe&sai=AMfl-YTaRx18xgw6ml7f1MZxtb4H31pEEjjl3AdQkjbmOkjvyNfPCVs80n4aXUOglGyztWy78ZiU4rCAdveIR7sKPLLGe7NlfKnoLGStYPvXvA&sig=Cg0ArKJSzOpikeBwkUXhEAE&urlfix=1&adurl=

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

timing-allow-origin: *
date: Tue, 24 Mar 2020 16:59:56 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 24 Mar 2020 16:59:56 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame F1D5 74 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a1b118736ba9dc41f144f350574bec748a1ba0e8b355a99cbfe570ad236b50e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1584962844677376"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28201
x-xss-protection: 0
expires: Tue, 24 Mar 2020 16:59:56 GMT

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
27 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

351e508c1da4f9d1535747086accb41121466a52044aa868eba4a36009fdb101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1584962844677376"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 27941
x-xss-protection: 0
expires: Tue, 24 Mar 2020 16:59:56 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 7 KB
6 KB 53ms
40ms XHR
application/json 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020030501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d3d3d96cf630e12cefed2ca68268df6498f7be39a744930ad5240ccd8b9eacc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 24 Mar 2020 16:59:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 5194
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
5 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 24 Mar 2020 16:59:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1582746470043195"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 5456
x-xss-protection: 0
expires: Tue, 24 Mar 2020 16:59:56 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame A57C 0
0 6ms
6ms Document
text/html 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/209/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 5727
date: Tue, 24 Mar 2020 16:12:45 GMT
expires: Wed, 24 Mar 2021 16:12:45 GMT
last-modified: Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2831
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 678 B
878 B 13ms
13ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 24 Mar 2020 16:59:56 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 49ms
49ms XHR
application/json 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

1659aa95f975894d30394efc34c0dcacd48963b5604029ad0d00aabbb0958d82

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:58 GMT
X-Proxy-Origin: 194.187.251.57; 194.187.251.57; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.15:80
AN-X-Request-Uuid: f32f0482-49ad-40fb-b780-a2d0713f4f98
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=10070dcf90b3e3e5;misc=1585069196551; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 606 B
737 B 283ms
283ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=10070dcf90b3e3e5;misc=1585069196551;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 2e15b24d6cf8f7cfac291b151cc8610196a729ba64a4062ee403f52f19f99a05

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=101962d9796e1923;misc=1585069196551; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 605 B
736 B 180ms
180ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=101962d9796e1923;misc=1585069196551;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: bfb073c0b0f7e2f84c434b3a93cac75bba20c02298f9ba7b39c9360f34459345

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=1027fe689322f29e;misc=1585069196551; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 606 B
737 B 160ms
160ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1027fe689322f29e;misc=1585069196551;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: b56192fc9081fe36fa8394bfdfecbff4b7228c297fe6f524732dbd0bcd37ff15

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
483 B 324ms
324ms XHR
application/json 3.122.6.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=3.6.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&tmax=1200

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.122.6.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-122-6-57.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 25 B
1 KB 154ms
154ms XHR
application/json 95.101.185.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%2285bbcce5ec9c87c%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2286d81a83e94d48c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22876cf4561e44038%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2288a434c621b4937%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 39c5cca9dc52bf35a7a390a40bd82cf734a6890274678a0921aaa613486cc42c

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:56 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 45
Expires: Tue, 24 Mar 2020 16:59:56 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
1 KB 209ms
209ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&tk_flint=pbjs_lite_v3.6.0&x_source.tid=c5d7b2ee-31ba-4a24-b0d5-ec4331788560&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.451872897521038
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 9c49e324f70283599d1f0c0725ce322fe1977fc8e279816c3799472cea3981c8

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:56 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=105
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 174 B
372 B 156ms
156ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&ch=windows-1252&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=c5d7b2ee-31ba-4a24-b0d5-ec4331788560&nocache=1585069196553&pubcid=d22145fd-6c6b-4f28-bf8c-f40f2469d6a5&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_ATF&auid=540959250&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash: 95be187477486802811528a6409bc831288f97c0c536fc1366586f6b739ae724

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
content-encoding: gzip
server: OXGW/16.179.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 65ms
64ms XHR
application/json 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4a07663e0453a7ed4f8319215f60bee44cea3aad788dcdd2dab1df27f6b9f062

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:58 GMT
X-Proxy-Origin: 194.187.251.57; 194.187.251.57; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.23:80
AN-X-Request-Uuid: 6b17c3e9-6129-428e-84cc-585b5ec5b486
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 27ms
26ms XHR
text/plain 3.127.95.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=96693ff71796266&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.95.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-95-92.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:56 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 33ms
32ms XHR
text/plain 3.127.95.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=976dd92d01ddc98&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.95.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-95-92.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:56 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
162 B 29ms
29ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:56 GMT
server: cloudflare
cf-ray: 5791f20e8f2cc847-AMS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=159371b93e717cae;misc=1585069196567; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 606 B
737 B 158ms
158ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=159371b93e717cae;misc=1585069196567;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 40b00928b35e15900db0b73718afbfc05e90fa3a1effa0385c230da7c1e1ec24

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 678 B
878 B 13ms
13ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 24 Mar 2020 16:59:56 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 26 B
1 KB 180ms
136ms XHR
application/json 95.101.185.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%22143764403dafaf57%22%2C%22imp%22%3A%5B%7B%22id%22%3A%221444485d4df2185%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1759fdf5acabd3e3a3e3b4ae28f41c8cccaee1fbfc0be8fa783a75300516ec81

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:56 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 46
Expires: Tue, 24 Mar 2020 16:59:56 GMT

POST auction
tlx.3lift.com/header/ 0
0

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 30ms
30ms XHR
text/plain 3.127.95.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=1480b5af1cd97b97&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.95.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-95-92.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:56 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
33 B 22ms
22ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:56 GMT
server: cloudflare
cf-ray: 5791f20e9f67c847-AMS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 108ms
78ms XHR
application/json 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

67e96b0284d809c1c516ced78396fa2406008dfba7aac4c011cd75e986d200e3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:58 GMT
X-Proxy-Origin: 194.187.251.57; 194.187.251.57; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.167:80
AN-X-Request-Uuid: 034e85f7-c7fc-4342-b758-c8bd93c6822c
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 124ms
124ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&tk_flint=pbjs_lite_v3.6.0&x_source.tid=266431cc-0bc9-40f5-a412-10b8cf86a261&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9385920772343024
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 92fee8ca24887637bae9f88409d88feb322a59977d54750d9ba0cb5c31da628f

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:56 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=248
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 84ms
37ms XHR
application/json 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

01bcfc5c2da1bc619fd0f26a4373cde96868085ab2f78d41c3e1ea6e142a6720

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:58 GMT
X-Proxy-Origin: 194.187.251.57; 194.187.251.57; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.119:80
AN-X-Request-Uuid: 1fa35577-ae98-4e9a-9b88-740f064a5498
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 174 B
368 B 139ms
139ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&ch=windows-1252&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=266431cc-0bc9-40f5-a412-10b8cf86a261&nocache=1585069196571&pubcid=d22145fd-6c6b-4f28-bf8c-f40f2469d6a5&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90&divIds=bleepingcomputer_728x90_320x50_InContent_2&auid=540959250&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash: f168fdcc0480c636fd7d39dbbd16fa8a9a0d79f64ca63eb8412f7fd665182171

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
content-encoding: gzip
server: OXGW/16.179.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
49 B 17ms
16ms Image
image/gif 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020030501&jk=1613489963122746&bg=!SEulS1NYA_WsLtr4dDUCAAAAMlIAAAAJmQFkvAbjHgYb_AIC2ViVvKOzxOmPIHTvA9eUUjiiqkjH8-QIxxSn6RFRKG7rlWxlGTSHo9foy5jb1kjrte9FcTHKF8tbijt4B9ndW92yUTkZXPivZnvyXGS2lqPruH1PBX3vRzwZZ4GBsWnB0z9ZcCNNL7ofX0h3rtRMmzqLD6AD6ZPjnMEUOjXhkx2ZIdlgeam2E_Ho7NDO3C20JtTmmp4nYk7a_krhITVSZL6WCEGUOc7UGE-waX-xppfjOHsKCZIBXWstd8wMAlHsoBoHnZnYNRFwVDOkDVCjK_99FUsiF4YRkaACVp5fZS5_kJm1gWG-IVIN_em4RAhU28YgMSUL_rDzZHxBsRm-PP-twMrNG33zTX86yMQN9pkpaSHiJ_LSsKJ65h-5uOzBub-P1hCv1avtsYDuU519TWI2xISSZB0N_Ixt_xzmP0SigDeVz_VTNHWMszTt2-9nVKocS7kcsigbHMI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 26 B
874 B 143ms
143ms XHR
application/json 95.101.185.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%22107ca5864ab4f02c%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22108ab1eb78a71ba2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22109e4ca830b18c14%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221104630ea13c9f28%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.185.51 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-185-51.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e78ce649cc7ce11ff42a14cdaa6ed610abb19fb1950540c71a55c8a2d44c237e

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:56 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 46
Expires: Tue, 24 Mar 2020 16:59:56 GMT

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 175 B
367 B 139ms
139ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&ch=windows-1252&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=89669692-0302-496f-807e-d2210368205b&nocache=1585069196733&pubcid=d22145fd-6c6b-4f28-bf8c-f40f2469d6a5&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250&divIds=bleepingcomputer_728x90_970x90_970x250_320x50_BTF&auid=540959250&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash: bb740e38d45f71ae6c01c16d4d2bd8506d4450942514ca4e567108ebe23183d0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
content-encoding: gzip
server: OXGW/16.179.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=160bdee258d50178;misc=1585069196733; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ 606 B
737 B 317ms
317ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185819/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=160bdee258d50178;misc=1585069196733;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 89d906aec8844217aecedd7c79daf581ab8c6ae03588d0267ad51640078264ce

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 606
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=1617f3a9831d2e2d;misc=1585069196733; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ 605 B
736 B 206ms
206ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185817/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=1617f3a9831d2e2d;misc=1585069196733;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: b9a5f32ed9bc050ea806f27154924840474202cb894453f115e363a1568fed86

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2 200 ADTECH;v=2;cmd=bid;cors=yes;alias=162565b47291f37c;misc=1585069196733; Show response
adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ 605 B
736 B 169ms
169ms XHR
application/json 152.199.21.89
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/11751.1/5185818/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=162565b47291f37c;misc=1585069196733;
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.21.89 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 375e5a0414309f038a1c226feb02a60b840b6b2d382d1a5e4ece1abb0e933f40

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 605
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
483 B 159ms
159ms XHR
application/json 3.122.6.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=3.6.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&tmax=1200

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.122.6.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-122-6-57.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Mar 2020 16:59:56 GMT
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 41ms
41ms XHR
application/json 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

a7da490be6eb698dad56624a86eb683fa1f589f510bd18ee2db7085b9c6998b8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:58 GMT
X-Proxy-Origin: 194.187.251.57; 194.187.251.57; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.41:80
AN-X-Request-Uuid: d267d758-475c-4f2e-91e1-951a17877934
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
33 B 28ms
27ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:56 GMT
server: cloudflare
cf-ray: 5791f20faab3c847-AMS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding

POST
H/1.1 404
Not Found 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 678 B
878 B 13ms
13ms XHR
text/plain 2a02:fa8:8806:12::1430
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1430 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 24 Mar 2020 16:59:56 GMT
Cache-Control: max-age=0, no-store
Server: nginx
Connection: keep-alive
Content-Length: 678
Content-Type: text/plain; charset=UTF-8

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 33ms
33ms XHR
text/plain 3.127.95.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=WLM6GiL3zdSZQxjuNieepuQJ&bidId=12950dff8adffacd&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.95.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-95-92.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:56 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
119 B 182ms
181ms XHR
text/plain 3.127.95.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=bDraMWgeoLM4KHJBzFQ8heMv&bidId=13046d1e7bbb64d5&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.6.0&strVersion=3.2.0&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.95.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-95-92.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 24 Mar 2020 16:59:56 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 48ms
48ms XHR
application/json 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

77135d040d79c94e7f7875048c062560e2543c079273817fd5a6facf5a4bb457

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:58 GMT
X-Proxy-Origin: 194.187.251.57; 194.187.251.57; 691.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.45:80
AN-X-Request-Uuid: 6a5216ba-9961-4774-bb6c-a9a593daaa9d
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
1 KB 162ms
161ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rp_schain=1.0,1!freestar.io,535,1,,,&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&tk_flint=pbjs_lite_v3.6.0&x_source.tid=89669692-0302-496f-807e-d2210368205b&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.4567550856375888
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: c33fa15bdec047c3c32ab54bb4c13b8e81bbb2fc8c12bb3ef25d1e653211a169

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 24 Mar 2020 16:59:56 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=370
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 116ms
115ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: 25eb697e9e341e53048cef977ad2e0d8418ece4ef4a6e06d6190ed3b230cfab4

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 24 Mar 2020 16:59:56 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 466 B
441 B 461ms
461ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1613489963122746&correlator=2306017412495312&output=ldjh&impl=fifs&adsid=NT&vrg=2020030501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200324&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90%7C970x250&rcs=1&prev_scp=amznbid%3D2%26amznp%3D2&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1585069197&dt=1585069197380&dlt=1585069193605&idt=505&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=230&adks=960084856&ucis=5&ifi=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&dssz=85&icsg=564049460898044&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x105&msz=970x90&psts=ABP-KfQ1F_EDpwqiqFh3txAOEJa3%2CABP-KfSVEpi9HuHE2T1CJ7cV-7ZmaoeDe8swLEamC9YwZGID-k54qNmyFTPDMGD6nBclDRSH2Ew3r8Sa2sck&ga_vid=1313462793.1585069196&ga_sid=1585069196&ga_hid=406030691&fws=4&ohw=1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

bbbac03fb275a8331aa4b52a32a0068845c7e5b95433563733f0b2afbde69206

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 251
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 457 B
427 B 639ms
639ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1613489963122746&correlator=2306017412495312&output=ldjh&impl=fifs&adsid=NT&vrg=2020030501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200324&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90%7C970x250&rcs=1&prev_scp=amznbid%3D2%26amznp%3D2&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1585069197&dt=1585069197554&dlt=1585069193605&idt=505&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=7698&adks=976516616&ucis=6&ifi=3&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&dssz=85&icsg=564049460898044&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1392x105&msz=1392x90&psts=ABP-KfQ1F_EDpwqiqFh3txAOEJa3%2CABP-KfSVEpi9HuHE2T1CJ7cV-7ZmaoeDe8swLEamC9YwZGID-k54qNmyFTPDMGD6nBclDRSH2Ew3r8Sa2sck&ga_vid=1313462793.1585069196&ga_sid=1585069196&ga_hid=406030691&fws=4&ohw=1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

78a1255766237094850d87760c0b51d176abcc48a718d24ea124492f878e2143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:58 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 248
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 0
267 B 116ms
115ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 24 Mar 2020 16:59:57 GMT
Access-Control-Allow-Credentials: true
Content-Length: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 14 KB
8 KB 543ms
543ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1613489963122746&correlator=2306017412495312&output=ldjh&impl=fifs&adsid=NT&vrg=2020030501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200324&iu_parts=15184186%2Cbleepingcomputer_728x90_320x50_InContent_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&rcs=1&prev_scp=amznbid%3D2%26amznp%3D2&eri=1&cust_params=user-agent%3DChrome&cookie=ID%3De4e69a0e7e4ae980%3AT%3D1585069197%3AS%3DALNI_MbT8pCPHEYpQIVBomT0POgXfwJGlw&cookie_enabled=1&bc=31&abxe=1&lmt=1585069198&dt=1585069198275&dlt=1585069193605&idt=505&frm=20&biw=1600&bih=1200&oid=3&adxs=524&adys=1550&adks=1808008496&ucis=7&ifi=4&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&dssz=85&icsg=564049460898044&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1177x152&msz=1177x90&psts=ABP-KfQ1F_EDpwqiqFh3txAOEJa3%2CABP-KfQ1F_EDpwqiqFh3txAOEJa3%2CABP-KfSVEpi9HuHE2T1CJ7cV-7ZmaoeDe8swLEamC9YwZGID-k54qNmyFTPDMGD6nBclDRSH2Ew3r8Sa2sck&ga_vid=1313462793.1585069196&ga_sid=1585069196&ga_hid=406030691&fws=4&ohw=1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

88abdbe95171787ae4063228668423c230aac48a7ab254d1c0f8d86fdf2fa8bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Mar 2020 16:59:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 8210
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 0
267 B 116ms
116ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 24 Mar 2020 16:59:58 GMT
Access-Control-Allow-Credentials: true
Content-Length: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame DF19 0
0 6ms
6ms Document
text/html 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gpt/202003181643/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 2973
date: Tue, 24 Mar 2020 16:11:43 GMT
expires: Wed, 24 Mar 2021 16:11:43 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 2895
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

POST
H/1.1 200
OK c Show response
c.pub.network/ 0
267 B 116ms
116ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 24 Mar 2020 16:59:58 GMT
Access-Control-Allow-Credentials: true
Content-Length: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

POST
H/1.1 200
OK c Show response
c.pub.network/ 0
267 B 116ms
116ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Origin: https://www.bleepingcomputer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Tue, 24 Mar 2020 16:59:59 GMT
Access-Control-Allow-Credentials: true
Content-Length: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET
H2

200

sync
eb2.3lift.com/ Frame 47B6
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

21ms
20ms

Document
text/html

3.127.164.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.164.217 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-164-217.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=18359130746960376400
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
date: Tue, 24 Mar 2020 17:00:02 GMT
content-type: text/html; charset=utf-8
content-length: 493
set-cookie: sync=CgoIgQIQwrvy65AuCgoI4gEQwrvy65AuCgoI5gEQwrvy65AuCgkICRDCu_LrkC4KCgipARDCu_LrkC4KCQg5EMK78uuQLgoJCDoQwrvy65AuCgkICxDCu_LrkC4KCgjOARDCu_LrkC4KCQgfEMK78uuQLg==; Max-Age=7776000; Expires=Mon, 22 Jun 2020 17:00:02 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=18359130746960376400; Max-Age=7776000; Expires=Mon, 22 Jun 2020 17:00:02 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Tue, 24 Mar 2020 17:00:02 GMT
content-length: 0
set-cookie: tluid=18243820678240258958; Max-Age=7776000; Expires=Mon, 22 Jun 2020 17:00:02 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame 88ED 0
0 199ms
25ms Document
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 204
date: Tue, 24 Mar 2020 17:00:02 GMT
set-cookie: __cfduid=def1318f61d995a6e3d857dca634d677c1585069202; expires=Thu, 23-Apr-20 17:00:02 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 5791f234db26c847-AMS

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame EC7F 0
0 196ms
22ms Document
text/html 95.101.184.231
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.184.231 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-184-231.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
Vary: Accept-Encoding
ETag: W/"573e714d-3e3"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Wed, 24 Mar 2021 17:00:02 GMT
Date: Tue, 24 Mar 2020 17:00:02 GMT
Connection: keep-alive

GET
H2

200

sync
eb2.3lift.com/ Frame 9446
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

21ms
20ms

Document
text/html

3.127.164.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.164.217 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-164-217.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=18359130746960376400
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
date: Tue, 24 Mar 2020 17:00:02 GMT
content-type: text/html; charset=utf-8
content-length: 493
set-cookie: sync=CgoIgQIQwbvy65AuCgoI4gEQwbvy65AuCgoI5gEQwbvy65AuCgkICRDBu_LrkC4KCgipARDBu_LrkC4KCQg5EMG78uuQLgoJCDoQwbvy65AuCgkICxDBu_LrkC4KCgjOARDBu_LrkC4KCQgfEMG78uuQLg==; Max-Age=7776000; Expires=Mon, 22 Jun 2020 17:00:02 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=18359130746960376400; Max-Age=7776000; Expires=Mon, 22 Jun 2020 17:00:02 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Tue, 24 Mar 2020 17:00:02 GMT
content-length: 0
set-cookie: tluid=11645765205381408528; Max-Age=7776000; Expires=Mon, 22 Jun 2020 17:00:02 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame E24A 0
0 28ms
26ms Document
text/html 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=d8ce3995-924c-4f4b-8bc8-9571810313f9|1585069199
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=d8ce3995-924c-4f4b-8bc8-9571810313f9|1585069199; Version=1; Expires=Wed, 24-Mar-2021 17:00:02 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1585069202|mOsLgqgikin0fcmWiygu; Version=1; Expires=Wed, 08-Apr-2020 17:00:02 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.179.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 24 Mar 2020 17:00:02 GMT
content-type: text/html
content-length: 481
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 127E 0
0 33ms
32ms Document
text/html 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=d8ce3995-924c-4f4b-8bc8-9571810313f9|1585069199
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=d8ce3995-924c-4f4b-8bc8-9571810313f9|1585069199; Version=1; Expires=Wed, 24-Mar-2021 17:00:02 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1585069202|mOsLgqgikin0fcmWiygu; Version=1; Expires=Wed, 08-Apr-2020 17:00:02 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.179.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 24 Mar 2020 17:00:02 GMT
content-type: text/html
content-length: 481
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2

200

sync
eb2.3lift.com/ Frame 3574
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

22ms
21ms

Document
text/html

3.127.164.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.164.217 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-164-217.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=18359130746960376400
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
date: Tue, 24 Mar 2020 17:00:02 GMT
content-type: text/html; charset=utf-8
content-length: 493
set-cookie: sync=CgoIgQIQwrvy65AuCgoI4gEQwrvy65AuCgoI5gEQwrvy65AuCgkICRDCu_LrkC4KCgipARDCu_LrkC4KCQg5EMK78uuQLgoJCDoQwrvy65AuCgkICxDCu_LrkC4KCgjOARDCu_LrkC4KCQgfEMK78uuQLg==; Max-Age=7776000; Expires=Mon, 22 Jun 2020 17:00:02 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=18359130746960376400; Max-Age=7776000; Expires=Mon, 22 Jun 2020 17:00:02 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Tue, 24 Mar 2020 17:00:02 GMT
content-length: 0
set-cookie: tluid=18359130746960376400; Max-Age=7776000; Expires=Mon, 22 Jun 2020 17:00:02 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame DB0E 0
0 180ms
22ms Document
text/html 95.101.184.231
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.184.231 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-184-231.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
Vary: Accept-Encoding
ETag: W/"573e714d-3e3"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Wed, 24 Mar 2021 17:00:02 GMT
Date: Tue, 24 Mar 2020 17:00:02 GMT
Connection: keep-alive

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame 12F8 0
0 172ms
24ms Document
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 204
date: Tue, 24 Mar 2020 17:00:02 GMT
set-cookie: __cfduid=def1318f61d995a6e3d857dca634d677c1585069202; expires=Thu, 23-Apr-20 17:00:02 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 5791f234db23c847-AMS

GET
H2

200

sync
eb2.3lift.com/ Frame 801C
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

22ms
21ms

Document
text/html

3.127.164.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.164.217 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-164-217.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=18359130746960376400
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
date: Tue, 24 Mar 2020 17:00:02 GMT
content-type: text/html; charset=utf-8
content-length: 493
set-cookie: sync=CgoIgQIQwrvy65AuCgoI4gEQwrvy65AuCgoI5gEQwrvy65AuCgkICRDCu_LrkC4KCgipARDCu_LrkC4KCQg5EMK78uuQLgoJCDoQwrvy65AuCgkICxDCu_LrkC4KCgjOARDCu_LrkC4KCQgfEMK78uuQLg==; Max-Age=7776000; Expires=Mon, 22 Jun 2020 17:00:02 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=18359130746960376400; Max-Age=7776000; Expires=Mon, 22 Jun 2020 17:00:02 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Tue, 24 Mar 2020 17:00:02 GMT
content-length: 0
set-cookie: tluid=17453276258128794030; Max-Age=7776000; Expires=Mon, 22 Jun 2020 17:00:02 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame EF75 0
0 27ms
27ms Document
text/html 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=d8ce3995-924c-4f4b-8bc8-9571810313f9|1585069199
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=d8ce3995-924c-4f4b-8bc8-9571810313f9|1585069199; Version=1; Expires=Wed, 24-Mar-2021 17:00:02 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1585069202|mOsLgqgikin0fcmWiygu; Version=1; Expires=Wed, 08-Apr-2020 17:00:02 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.179.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 24 Mar 2020 17:00:02 GMT
content-type: text/html
content-length: 481
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 5F00 0
0 178ms
23ms Document
text/html 95.101.184.231
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.184.231 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-184-231.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
Vary: Accept-Encoding
ETag: W/"573e714d-3e3"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Wed, 24 Mar 2021 17:00:02 GMT
Date: Tue, 24 Mar 2020 17:00:02 GMT
Connection: keep-alive

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame E215 0
0 171ms
28ms Document
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 204
date: Tue, 24 Mar 2020 17:00:02 GMT
set-cookie: __cfduid=def1318f61d995a6e3d857dca634d677c1585069202; expires=Thu, 23-Apr-20 17:00:02 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 5791f234db22c847-AMS

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 9B1F 0
0 196ms
22ms Document
text/html 104.109.78.125
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.78.125 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 04 Mar 2020 22:48:14 GMT
Content-Encoding: gzip
Content-Length: 7619
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=58463
Expires: Wed, 25 Mar 2020 09:14:25 GMT
Date: Tue, 24 Mar 2020 17:00:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 0671 0
0 27ms
27ms Document
text/html 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.179.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=d8ce3995-924c-4f4b-8bc8-9571810313f9|1585069199
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=d8ce3995-924c-4f4b-8bc8-9571810313f9|1585069199; Version=1; Expires=Wed, 24-Mar-2021 17:00:02 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1585069202|mOsLgqgikin0fcmWiygu; Version=1; Expires=Wed, 08-Apr-2020 17:00:02 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.179.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 24 Mar 2020 17:00:02 GMT
content-type: text/html
content-length: 481
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 7DB4 0
0 182ms
26ms Document
text/html 95.101.184.231
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.184.231 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a95-101-184-231.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
Vary: Accept-Encoding
ETag: W/"573e714d-3e3"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 506
Cache-Control: max-age=31536000
Expires: Wed, 24 Mar 2021 17:00:02 GMT
Date: Tue, 24 Mar 2020 17:00:02 GMT
Connection: keep-alive

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame B171 0
0 159ms
24ms Document
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.6.2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack/

Response headers

status: 204
date: Tue, 24 Mar 2020 17:00:02 GMT
set-cookie: __cfduid=def1318f61d995a6e3d857dca634d677c1585069202; expires=Thu, 23-Apr-20 17:00:02 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 5791f234db20c847-AMS

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tlx.3lift.com
URL: https://tlx.3lift.com/header/auction?lib=prebid&v=3.6.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F715480%2Fcoronavirus-dns-router-hijack%2F&tmax=1200

Verdicts & Comments Add Verdict or Comment

167 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-19 12:41:20	Name: NID Value: 200=fVJxPZ6RJDtZ8T8j_5s-6fFw-gafTYgqhACWo7hYaQZwqYujt4OHhnBirHS1Vvsd-89HDYoRPRItxGnw46Z6OHT1e337jmjXCfKC0yET64l3XsBbGmHXeSXbyVW8_1J6rvLsvrjzlfnb640J_JuLz4bM-Z-WrsjO7shfa1vU1E0
.bleepingcomputer.com/	1970-01-19 09:01:01	Name: __beaconTrackerID Value: l833fpsor
www.bleepingcomputer.com/	1970-01-19 08:17:50	Name: fssts Value: false
.bleepingcomputer.com/	1970-01-19 08:19:15	Name: _gid Value: GA1.2.1362253316.1585069194
www.bleepingcomputer.com/	1970-01-19 08:17:50	Name: _fssid Value: e773ff71-0f34-4576-8c8f-70bd0a43c2fa
www.bleepingcomputer.com/	1970-01-19 09:01:01	Name: _fsloc Value: ?i=BE&c=Brussels
www.bleepingcomputer.com/	1969-12-31 23:59:59	Name: _cmpQcif3pcsupported Value: 1
.bleepingcomputer.com/	1970-01-20 01:49:01	Name: _ga Value: GA1.2.2024489675.1585069194
.bleepingcomputer.com/	1970-01-19 08:17:49	Name: _gat_gtag_UA_91740_1 Value: 1
.bleepingcomputer.com/	1969-12-31 23:59:59	Name: session_id Value: 26107b7f5d23862c929bcf9332e5f320
.bleepingcomputer.com/	1970-01-19 09:01:01	Name: __cfduid Value: d106e43da05a99a16cd23612d62f014ff1585069192
www.bleepingcomputer.com/forums/t/715480/coronavirus-dns-router-hijack	1969-12-31 23:59:59	Name: fsbotchecked Value: true

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://quantcast.mgr.consensu.org/cmp.js(Line 1) Message: Dependency check failed for Publisher Purpose Legitimate Interest IDs: Publisher Purpose Legitimate Interest IDs must be an array containing only purpose IDs contained in the Publisher Purpose IDs array, the following purpose IDs will be ignored: 1, 4, 5
console-api	warning	URL: https://static.quantcast.mgr.consensu.org/v31/cmpui-popup.js(Line 1) Message: Unable to get NonIab Vendor list.
console-api	log	URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 1) Message: Video gallery initializing
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js(Line 6) Message: Invalid GPT size specification: [[728,90],[970,90],[970,250]]
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js(Line 6) Message: Invalid GPT size specification: [[728,90],[970,90],[970,250]]
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js(Line 6) Message: Invalid GPT size specification: [[728,90]]
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js(Line 6) Message: Invalid GPT size specification: [[1,1]]
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020030501.js(Line 6) Message: Exception in queued GPT command TypeError: Cannot read property 'getItem' of null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
accounts.google.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
api.quantcast.mgr.consensu.org
api.skimlinks.mgr.consensu.org
apis.google.com
as-sec.casalemedia.com
audit.quantcast.mgr.consensu.org
btlr.sharethrough.com
c.amazon-adsystem.com
c.pub.network
cdn.districtm.io
cluster-na.cdnjquery.com
confiant-integrations.global.ssl.fastly.net
connect.facebook.net
csi.gstatic.com
d.pub.network
dmx.districtm.io
eb2.3lift.com
ecdn.analysis.fi
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
i.imgur.com
ib.adnxs.com
load77.exelator.com
loadeu.exelator.com
p.skimresources.com
pagead2.googlesyndication.com
quantcast.mgr.consensu.org
r.skimresources.com
s.skimresources.com
securepubads.g.doubleclick.net
static.quantcast.mgr.consensu.org
sync.crwdcntrl.net
t.skimresources.com
tlx.3lift.com
tpc.googlesyndication.com
vendorlist.consensu.org
web.hb.ad.cpe.dotomi.com
www.bleepingcomputer.com
www.bleepstatic.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
x.skimresources.com
tlx.3lift.com
104.109.78.125
104.16.190.66
104.20.60.209
104.26.13.6
143.204.201.21
143.204.201.65
143.204.201.77
143.204.213.153
147.75.102.200
151.101.12.193
151.101.13.194
151.139.128.10
152.199.21.89
172.217.16.194
172.217.18.166
18.202.137.180
195.181.175.52
212.71.236.117
2600:9000:20e8:3e00:9:46dc:4700:93a1
2600:9000:214f:6800:1:af78:4c0:93a1
2600:9000:2182:a600:9:46dc:4700:93a1
2606:4700:20::681a:18b
2a00:1450:4001:800::200e
2a00:1450:4001:817::2003
2a00:1450:4001:817::200e
2a00:1450:4001:81b::2001
2a00:1450:4001:81b::2002
2a00:1450:4001:81b::200d
2a00:1450:4001:81c::2002
2a00:1450:4001:81d::2008
2a00:1450:4001:81f::2002
2a00:1450:4001:821::2002
2a02:fa8:8806:12::1430
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.122.6.57
3.127.164.217
3.127.95.92
34.200.100.213
34.241.166.6
34.95.120.147
35.188.71.214
35.190.40.172
35.190.59.101
35.201.67.47
35.226.36.58
37.252.172.37
69.173.144.141
95.101.184.231
95.101.185.51
99.86.3.37
0046b574f57cf9b0c63b743a3decdbe6ba204166f6cf786caa99f14be1bd2b52
00a30ea925e1a7fdcb597a0c8fe4320e4a897495f6c24ad89bacfb9772d2d7e8
01bcfc5c2da1bc619fd0f26a4373cde96868085ab2f78d41c3e1ea6e142a6720
025e7e180ec38cee031546ed3a613dc266575a90fb028db4572236863b185c70
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0b5a35aa59af15012b03c44769087fb85282ed12e3c417030d78f95f61697b53
0bc2ee096d68f1de3dfd74d23e4a3d1550001d5a459a537e276b5bdf6f011893
0f1e90548e911e24dedcb2ca0ffee6847a49a8648e9c615bcd0582bb7c7993fd
114af008615fbe18f9cc0dfd36ebafd202e12eda91137d48d8a2cab529274d9f
11f8afeee2efd88c6fd1beb2de291f18e93bc6bad5e0f6049ac01329a4900c7d
1457b36acce37419d32c4404c4ae21c4b788d076069351cad4d4c3e4600a37c8
154f3a9ed4f3ac0059fc18337f3cb4d28103f349b3e256458f6a39b23d3c092b
1659aa95f975894d30394efc34c0dcacd48963b5604029ad0d00aabbb0958d82
1695f0c879c9d16ed88da1b8ca917f2a538d5c6591e4251df70c977d58c0584e
1759fdf5acabd3e3a3e3b4ae28f41c8cccaee1fbfc0be8fa783a75300516ec81
18d824646c1147f2687333fa22e37718e5c666d078eb27ffffa017f59415cac5
1a4f0e8c39215f22253ccbba8d94aaf7d5cce967a7f746234af6750de3df5af3
1a78f7bf63f851cbab54a7f7e9ccb76b53ef79834c33cd242aa98d16d228e855
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
24b45790f58b5d8c376ea8320617b5defa1c88576b7b8df5abf1337a758adba3
25eb697e9e341e53048cef977ad2e0d8418ece4ef4a6e06d6190ed3b230cfab4
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e15b24d6cf8f7cfac291b151cc8610196a729ba64a4062ee403f52f19f99a05
311b90855c9f23f4f7531137aa339d941b81af0409120d0281a535f0d2920d49
351e508c1da4f9d1535747086accb41121466a52044aa868eba4a36009fdb101
375e5a0414309f038a1c226feb02a60b840b6b2d382d1a5e4ece1abb0e933f40
39c5cca9dc52bf35a7a390a40bd82cf734a6890274678a0921aaa613486cc42c
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382
3e3b8f6c06d2d74cc294ee6439e67b08890587be0081249a158469ace2eaeaaf
3e89beb7d66ef7d5e58dfcefd22a51e1a8ae452a49bc20d020418cf2b6c666d0
405279128bf8e38d0aee9ec12259c75f255e0c0a022e1c5966f905f807f5637a
40b00928b35e15900db0b73718afbfc05e90fa3a1effa0385c230da7c1e1ec24
424b5f41dcbc693d32ca73f0e2b1daa5cf5524bc2220865c15b81f032bf3052d
48100a7efdd07d27ede8e151c39cad2a2b55853d038c25fc2a846316ea0184ef
4898c2b9f8c2f931ef6a819d36e0019867931d9519af933ab4bd5edce724b2a8
4a07663e0453a7ed4f8319215f60bee44cea3aad788dcdd2dab1df27f6b9f062
51f20d95dad9ea1473e4f877b5f7a7d8bcd589f1f989b8875ffddd83ae716a21
5471ef40d83869605686e1841919c73817a42478ee452ca7cc14eb157a4b4c27
563777fc54d07e48cbea78dd97911bdd12a62d1888d12fe4dfeaaa9b3563d676
5a1b118736ba9dc41f144f350574bec748a1ba0e8b355a99cbfe570ad236b50e
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6
5c5493de2d83c24647a2da39b8abcbf696ddab1e53cf476f62ad80d97baea2bb
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
608501196c0571ec771c62b340f68dbcd57d10b119d7c4fe87cca2ed81a79e2a
61da0a4638505960ec52709b7df80d92683c56e13042079daf5f082fc9548d5e
61e225f0d67c03cc5a2cdfa2f63e971048d0201711c3cda27c4d4ea0f9f65176
6358c6ea8da1fcf2fc88c991a803c1a5f63b13247d7c546f1e3365ce17ec484d
669641985eb1bb7b0e71762f8e734ae2d1832b6976a97f099218d714da1f214e
67e96b0284d809c1c516ced78396fa2406008dfba7aac4c011cd75e986d200e3
6b1970b8425df3eaca9068619293f85009f41c8470f18cd04a9adced66429f83
6d23d7ff2f06ad17ac56343691478749067f612c4574a45e38c5f60bf08b6755
6d3d3d96cf630e12cefed2ca68268df6498f7be39a744930ad5240ccd8b9eacc
6e0533d6585c026d1f72a040b902b67d76994eafa3593049d16ee319e9ec9be8
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
770cb6f8747e90dad261e049dfa5cf42e622dac61bcbc86ecb0a8c134228eb91
77135d040d79c94e7f7875048c062560e2543c079273817fd5a6facf5a4bb457
78a1255766237094850d87760c0b51d176abcc48a718d24ea124492f878e2143
7b795ad72976ab8e30274524f9ae792a16ee8d13598a39b6674bb950439e0557
7cc36f47b70988855c5cde9579581871e9dc92a285a8b1ba4602a89c915c902c
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e
826acef37820db4f3e9b999fa220c33e40cdd0b862f9717190a775dddd38d846
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8347a92981a0fdc73af9e2536f688b1a14e6ebea3b4ee5df22e6654bb5e8ca6c
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e
8856e209b20c00bc8b3f47cb603948302c4171b14518936952660eca422901f3
88abdbe95171787ae4063228668423c230aac48a7ab254d1c0f8d86fdf2fa8bd
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
89d906aec8844217aecedd7c79daf581ab8c6ae03588d0267ad51640078264ce
8ee04e0441c9e51785d17ac835a93cf4d30d90826f87350b42ba233496a26f55
908791d59aca7d13177e2b261ee243122bb76beedae62eb478339e7739df2a97
914053e444ff358317ec2778690f8dfff7c41eeb985a6b3ee2906280bbc4b61a
9158290895e962ac081ae5856cf1c361811b63e1dadf7a6b09fa2f3abbd6ecb5
91772941c245b12f8fcb8447413a0d7ceb9864bf67147894775ea9062c59f82a
92597d72536ce2725db3f04c7ad34252f8d4037ae0a61cdec08f93a0c2db05f2
92fee8ca24887637bae9f88409d88feb322a59977d54750d9ba0cb5c31da628f
95be187477486802811528a6409bc831288f97c0c536fc1366586f6b739ae724
9667231e0107bea8739390937441ba576e2a3abba0e4749377c724c4a3eec2f5
967e2ca4f6acdd30fe8199d905a42f91e578494c5ae014f79d8cae4423219edc
96be64f55a5171a9095d1b05c00c00fb5bd9b8afea33fbe025ca594ed7411a53
9a58956bd6b67646d449fb867ad86bb1f323dacf0f20a1fd384bd61c057d5a85
9c49e324f70283599d1f0c0725ce322fe1977fc8e279816c3799472cea3981c8
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
a51f645170637f10f3eba218020318af3fff3ad8e7087db87ef607896f19a940
a55c6652514d6e2ebc88198444ac6b199e6ad119d0d009eea0a52e87cd7b39df
a7da490be6eb698dad56624a86eb683fa1f589f510bd18ee2db7085b9c6998b8
a824dda79f342fc661990ca6d602c116b09992928e8944871ac81768c1d63485
a915aab28857afeac49311ceff852888da1623eb0f589d7f43fbfbfbceb562e9
ab1a12c0da652f8e525d21b28ca7c45b5ea34e787b561120cd8564089faf2a96
ac2a58f9d55c4642121cfb6f7e213cbc882bbdd75ef171ca8a07ed982ef693ce
ad4d57b8c2ac583a0b890f4bd88990ecbe76a7e1463f2508dd7cde85fa55aad9
affd87461f2babd57a2f7aec75e9193e8e71a377e8249a02c95a5f43326e289e
b56192fc9081fe36fa8394bfdfecbff4b7228c297fe6f524732dbd0bcd37ff15
b5d74481ad534af867a216fbde05fb50e0d3dcd65aab9709ccc16a7eeb1bac57
b937537ed7f13e70dc6a69b6e9b308237cd369e11fa2a2b97a24d97d8487673e
b9a5f32ed9bc050ea806f27154924840474202cb894453f115e363a1568fed86
bb740e38d45f71ae6c01c16d4d2bd8506d4450942514ca4e567108ebe23183d0
bbbac03fb275a8331aa4b52a32a0068845c7e5b95433563733f0b2afbde69206
bce94689bbba8e8e965033a2e5635b401222f34495cc35e8d956112c351a2a53
bd22135631e382a4d981e14dce6427a150d8c12cc5b779110652e0b00407eb69
be8b85efb89b6d10191fe9f4c5a65daa19229921cbf4c1a169158f0362e5f4db
bf50c94253085740a5cce42e9c14f7b897cfc384303b38a5d9d7a0ab8ea5160f
bfb073c0b0f7e2f84c434b3a93cac75bba20c02298f9ba7b39c9360f34459345
bfd753d445592a633d4e3b8f74fe6e4ca85ab95a1f0b2fc00f11afeaaeed8194
c18ff738eb51e7bcb12f5ae939f208ed22e1cb0623670655c18badaf9bbfb3a7
c2a0ed3ea5aebdf80781e96b0e677656f9db72ea592b679299953852fef84b02
c33fa15bdec047c3c32ab54bb4c13b8e81bbb2fc8c12bb3ef25d1e653211a169
c99c96552b9ea3bca1a34272110edc6a5eef7eeb8cd6b37ef942e164e0c45ed7
cbd8236978dd3f165bc49566f78c460e3937e552df38787439c1ef2797c4c709
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d16375871b3270c80bc80ed55f08ecd609021f644d8c8375f08d3f43161b2e89
d3a970101d5c1c13fe97539903a8285d524c87295f551421ab9e40d9c1324e4a
d5aa66e21fc16c6f9f30321e51fd4228772c7d82074559b63dd88ba885a38e5c
d7b14748768134aaec65b13094c7f7c92eff569d1a25323c28c53a73f9b9d627
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
da24f37a3ad56fc3b77e90a32126666618054524db6f13f7be6ad68bfa84340f
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de029d5df78558facd90d94f1d36cc209d68f8af6e7b35753012d6846137acee
e099cbd4b2f4ddf8fc0c4715ac73f46a9c3134ec539a045c87db7252a854f77b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6d74e34050ec28b58e153e4692bf53219824abd604a1f10b424e3fba6c8792b
e6f53994bd0a6283fdf4da164ad798f20405f97f93d533091fc34bbe69a3c57f
e7222bc5c528d9ec52c9bbd96f11876e798562510cfb24e72335b402d5269da3
e78ce649cc7ce11ff42a14cdaa6ed610abb19fb1950540c71a55c8a2d44c237e
ea99b0d7d706f0144a121af332e2efaae3a1fa76a4a3dbdbec7faa2b0177a2b0
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ebbdc09f56e8b9cba9117f0d84b4903fdc89508496a9b5d5b8d6bf59ff13ebbf
ee469e3d281e77f7dcc2655ff8d187907f2240c76a03bf868e7dcfd67f08d880
ef879b83b39fe97ac9e83cc9329bf03ec9199fe7433b1ae62d311ef1dac86cbc
efb10c1af2d10f1240f2c2fe5ad0aacf3f59594cb02e292fdfb368254f9e3ff6
f05e5537bc91bd6026cd2ee7a4ce48d5141ba791f68f1ce1264283c8af6c3aeb
f168fdcc0480c636fd7d39dbbd16fa8a9a0d79f64ca63eb8412f7fd665182171
f34544ddb27241b3eccb8e06d7447230005e8718b463a30d9dd83d1e8bada1a1
f911bdd7b17d93b0528cbd2ece126cc99e61bc25addfb75e3d2ff4a69e115c9d
f988bd12377e5e223349a8283d2ff1b48c185d4ab13a11a9f9d0ed9bd374d071
fb182fea82c5fe2b1b8e719010edd3a5bf03d79ff97f6c4e7865a9ead22b4be0
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
ffdc18ac8f47bcd50dd9c33532c334e7073717a62b367d95b9cb1561048547dc

www.bleepingcomputer.com Open in urlscan Pro 104.20.60.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

213 Requests

98 %HTTPS

33 %IPv6

33 Domains

54 Subdomains

49 IPs

8 Countries

1174 kBTransfer

3676 kBSize

12 Cookies

7 Outgoing links

Page URL History

Redirected requests

213 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bleepingcomputer.com Open in urlscan Pro
104.20.60.209 Public Scan

Screenshot
Live screenshot

Full Image

213
Requests

98 %
HTTPS

33 %
IPv6

33
Domains

54
Subdomains

49
IPs

8
Countries

1174 kB
Transfer

3676 kB
Size

12
Cookies

213 HTTP transactions
1 data transactions