www.komando.com Open in urlscan Pro
2606:4700::6812:a860 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/qRabxaM6G5
Effective URL:
https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Submission: On September 25 via api (September 25th 2020, 2:47:24 pm UTC) from US

Summary HTTP 313 Redirects Links 36 Behaviour Indicators

Summary

This website contacted 83 IPs in 11 countries across 61 domains to perform 313 HTTP transactions. The main IP is 2606:4700::6812:a860, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.komando.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 18th 2020. Valid for: 3 months.

This is the only time www.komando.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
10	2606:4700::68... 2606:4700::6812:a860	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6812:678	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:818::200a	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:6c0... 2a02:26f0:6c00::210:bb43	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	151.101.1.195 151.101.1.195	54113 (FASTLY) (FASTLY)
4	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
4	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
15	178.79.227.9 178.79.227.9	22822 (LLNW) (LLNW)
4	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:81a::2008	15169 (GOOGLE) (GOOGLE)
3	2606:4700:20:... 2606:4700:20::ac43:443c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.86.243.62 99.86.243.62	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81b::2003	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:825::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::ac43:4acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	52.72.80.38 52.72.80.38	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:4700:20:... 2606:4700:20::ac43:464d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	151.101.13.44 151.101.13.44	54113 (FASTLY) (FASTLY)
1	34.195.35.40 34.195.35.40	14618 (AMAZON-AES) (AMAZON-AES)
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	23.210.248.189 23.210.248.189	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a03:2880:f02... 2a03:2880:f02d:e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
7	216.58.206.2 216.58.206.2	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:819::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:821::200d	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
2	34.249.58.234 34.249.58.234	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:81c::2006	15169 (GOOGLE) (GOOGLE)
1	34.204.157.1 34.204.157.1	14618 (AMAZON-AES) (AMAZON-AES)
3	99.86.240.180 99.86.240.180	16509 (AMAZON-02) (AMAZON-02)
1	216.58.208.38 216.58.208.38	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:246	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.113.181 151.101.113.181	54113 (FASTLY) (FASTLY)
2 5	2.19.34.195 2.19.34.195	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 4	37.252.173.27 37.252.173.27	29990 (ASN-APPNEX) (ASN-APPNEX)
1	54.76.222.161 54.76.222.161	16509 (AMAZON-02) (AMAZON-02)
7	52.28.154.93 52.28.154.93	16509 (AMAZON-02) (AMAZON-02)
2	104.16.68.69 104.16.68.69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1460	41041 (VCLK-EU-) (VCLK-EU-)
1	3.120.51.72 3.120.51.72	16509 (AMAZON-02) (AMAZON-02)
5	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
2	2.18.68.31 2.18.68.31	16625 (AKAMAI-AS) (AKAMAI-AS)
1	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
26	151.101.113.44 151.101.113.44	54113 (FASTLY) (FASTLY)
1	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:817::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206e:d400:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	52.95.124.170 52.95.124.170	16509 (AMAZON-02) (AMAZON-02)
2 2	18.197.167.179 18.197.167.179	16509 (AMAZON-02) (AMAZON-02)
2 10	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	40.113.136.100 40.113.136.100	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	185.29.133.199 185.29.133.199	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 2	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
2 2	70.42.32.63 70.42.32.63	13789 (INTERNAP-...) (INTERNAP-BLK3)
1 1	184.30.210.81 184.30.210.81	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	172.217.16.162 172.217.16.162	15169 (GOOGLE) (GOOGLE)
1 5	2a00:1450:400... 2a00:1450:4001:824::2002	15169 (GOOGLE) (GOOGLE)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	34.249.135.160 34.249.135.160	16509 (AMAZON-02) (AMAZON-02)
1 2	216.52.2.19 216.52.2.19	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1 1	54.190.100.128 54.190.100.128	16509 (AMAZON-02) (AMAZON-02)
1	185.86.137.110 185.86.137.110	201081 (SMARTADSE...) (SMARTADSERVER)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
1	141.226.224.32 141.226.224.32	200478 (TABOOLA-AS) (TABOOLA-AS)
3 3	35.158.9.168 35.158.9.168	16509 (AMAZON-02) (AMAZON-02)
2 2	37.157.4.23 37.157.4.23	198622 (ADFORM) (ADFORM)
5	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:81e::2001	15169 (GOOGLE) (GOOGLE)
3 7	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:816::2006	15169 (GOOGLE) (GOOGLE)
2	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:818::2002	15169 (GOOGLE) (GOOGLE)
1	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.113.108 151.101.113.108	54113 (FASTLY) (FASTLY)
1 2	52.58.4.208 52.58.4.208	16509 (AMAZON-02) (AMAZON-02)
4	34.228.106.195 34.228.106.195	14618 (AMAZON-AES) (AMAZON-AES)
1	52.216.80.208 52.216.80.208	16509 (AMAZON-02) (AMAZON-02)
10	178.79.242.139 178.79.242.139	22822 (LLNW) (LLNW)
313	83

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6812:a860 (United States)

ASN13335 (CLOUDFLARENET, US)

www.komando.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:678 (United States)

ASN13335 (CLOUDFLARENET, US)

cookie-cdn.cookiepro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:818::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00::210:bb43 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

users.api.jeeng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.195 (United States)

ASN54113 (FASTLY, US)

sdk.jeeng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widget-modal-popup-v2-prod.firebaseapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 178.79.227.9 (Italy)

ASN22822 (LLNW, US)
PTR: https-178-79-227-9.vie.llnw.net

player.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
config.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::ac43:443c (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.243.62 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-243-62.vie50.r.cloudfront.net

www.stack-sonar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.188.71.214 (United States)

ASN15169 (GOOGLE, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4acf (United States)

ASN13335 (CLOUDFLARENET, US)

freestar-io.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 52.72.80.38 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-80-38.compute-1.amazonaws.com

pixel.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:464d (United States)

ASN13335 (CLOUDFLARENET, US)

mrb.upapi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.13.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.195.35.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-195-35-40.compute-1.amazonaws.com

api.stack-sonar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.248.189 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-189.deploy.static.akamaitechnologies.com

api.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 216.58.206.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s20-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.249.58.234 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-58-234.eu-west-1.compute.amazonaws.com

vid.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.204.157.1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-157-1.compute-1.amazonaws.com

lreprx-server.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.240.180 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-240-180.vie50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.208.38 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra15s12-in-f38.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:246 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.181 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

widget.perfectmarket.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.19.34.195 (Ascension Island) 2 redirects

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-19-34-195.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.173.27 (Ascension Island) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.222.161 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-222-161.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.28.154.93 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-154-93.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.68.69 (United States)

ASN13335 (CLOUDFLARENET, US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1460 (Sweden)

ASN41041 (VCLK-EU-, SE)

web.hb.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.120.51.72 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-51-72.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.68.31 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-68-31.deploy.static.akamaitechnologies.com

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.23.194 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

backend.upapi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 151.101.113.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

6deaf63485e83e86dc13f33f3b176636.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:817::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206e:d400:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.124.170 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.167.179 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 141.226.228.48 (Netherlands) 2 redirects

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 40.113.136.100 (Amsterdam, Netherlands) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.powerlinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.133.199 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.139 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.63 (United States) 2 redirects

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.210.81 (Netherlands) 1 redirects

ASN20940 (AKAMAI-ASN1, EU)
PTR: a184-30-210-81.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:824::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.249.135.160 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-135-160.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.19 (United States) 1 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.190.100.128 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)

www.storygize.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.110 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

e1.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)

cds.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.158.9.168 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-9-168.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.23 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:81e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:824::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.226.36.58 (United States)

ASN15169 (GOOGLE, US)

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:818::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.230.142 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.58.4.208 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.228.106.195 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

trafficmanager.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.80.208 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

anyclip-player.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 178.79.242.139 (Italy)

ASN22822 (LLNW, US)
PTR: https-178-79-242-139.fra.llnw.net

cdn5.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	anyclip.com player.anyclip.com config.anyclip.com pixel.anyclip.com assets.anyclip.com lreprx-server.anyclip.com trafficmanager.anyclip.com cdn5.anyclip.com	400 KB
43	taboola.com 2 redirects cdn.taboola.com trc.taboola.com sync.taboola.com match.taboola.com am-sync.taboola.com cds.taboola.com sync-t1.taboola.com trc-events.taboola.com	178 KB
26	googlesyndication.com 6deaf63485e83e86dc13f33f3b176636.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	475 KB
25	ampproject.org cdn.ampproject.org	534 KB
23	gstatic.com fonts.gstatic.com ssl.gstatic.com	185 KB
16	doubleclick.net 2 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net ad.doubleclick.net cm.g.doubleclick.net static.doubleclick.net googleads.g.doubleclick.net	197 KB
14	google.com 3 redirects apis.google.com www.google.com accounts.google.com adservice.google.com	111 KB
11	googleapis.com fonts.googleapis.com imasdk.googleapis.com	124 KB
10	komando.com www.komando.com	381 KB
7	rubiconproject.com fastlane.rubiconproject.com pixel.rubiconproject.com eus.rubiconproject.com	4 KB
7	sharethrough.com btlr.sharethrough.com	791 B
7	pub.network a.pub.network d.pub.network c.pub.network	252 KB
5	adnxs.com 2 redirects ib.adnxs.com acdn.adnxs.com	4 KB
5	scorecardresearch.com 2 redirects sb.scorecardresearch.com	4 KB
5	amazon-adsystem.com 1 redirects c.amazon-adsystem.com aax-eu.amazon-adsystem.com	32 KB
5	twitter.com platform.twitter.com syndication.twitter.com	32 KB
5	cookiepro.com cookie-cdn.cookiepro.com	83 KB
4	facebook.com www.facebook.com graph.facebook.com	642 B
4	wp.com stats.wp.com pixel.wp.com	3 KB
4	facebook.net connect.facebook.net	229 KB
3	bidswitch.net 3 redirects x.bidswitch.net	1 KB
3	3lift.com 1 redirects tlx.3lift.com eb2.3lift.com	786 B
3	upapi.net mrb.upapi.net backend.upapi.net	235 KB
3	jeeng.com users.api.jeeng.com sdk.jeeng.com	109 KB
2	adform.net 2 redirects c1.adform.net	587 B
2	lijit.com 1 redirects ce.lijit.com	1 KB
2	adsrvr.org 2 redirects match.adsrvr.org	917 B
2	zemanta.com 2 redirects b1sync.zemanta.com	1 KB
2	contextweb.com 1 redirects bh.contextweb.com	831 B
2	powerlinks.com 2 redirects px.powerlinks.com	1 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	media.net hbx.media.net	9 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	8 KB
2	districtm.io dmx.districtm.io cdn.districtm.io	426 B
2	perfectmarket.com widget.perfectmarket.com	34 KB
2	2mdn.net s0.2mdn.net	10 KB
2	springserve.com vid.springserve.com vpaid.springserve.com Failed	2 KB
2	google.de www.google.de adservice.google.de	274 B
2	youtube.com www.youtube.com
2	crazyegg.com script.crazyegg.com	34 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	stack-sonar.com www.stack-sonar.com api.stack-sonar.com	3 KB
1	amazonaws.com anyclip-player.s3.amazonaws.com	1 KB
1	bttrack.com bttrack.com	380 B
1	emxdgt.com e1.emxdgt.com	124 B
1	adkernel.com dsp.adkernel.com	233 B
1	smartadserver.com rtb-csync.smartadserver.com	697 B
1	storygize.net 1 redirects www.storygize.net	431 B
1	pubmatic.com simage2.pubmatic.com	1003 B
1	bluekai.com 1 redirects stags.bluekai.com	1 KB
1	mathtag.com 1 redirects sync.mathtag.com	798 B
1	quantcount.com rules.quantcount.com	1 KB
1	dotomi.com web.hb.ad.cpe.dotomi.com	641 B
1	yieldmo.com ads.yieldmo.com	225 B
1	ad-delivery.net ad-delivery.net	627 B
1	firebaseapp.com widget-modal-popup-v2-prod.firebaseapp.com
1	pinterest.com api.pinterest.com	379 B
1	videoplayerhub.com freestar-io.videoplayerhub.com	30 KB
1	googletagservices.com www.googletagservices.com	18 KB
1	googletagmanager.com www.googletagmanager.com	49 KB
1	t.co t.co	415 B
313	61

	Domain	Requested by
25	cdn.ampproject.org	securepubads.g.doubleclick.net
25	trc.taboola.com	cdn.taboola.com www.komando.com
21	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.komando.com cdn.ampproject.org tpc.googlesyndication.com
18	pixel.anyclip.com	www.komando.com
18	fonts.gstatic.com	fonts.googleapis.com
11	assets.anyclip.com	player.anyclip.com www.komando.com
10	cdn5.anyclip.com	www.komando.com player.anyclip.com
10	www.komando.com	t.co www.komando.com
8	www.google.com	3 redirects www.komando.com
7	btlr.sharethrough.com	a.pub.network
7	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.komando.com
6	am-sync.taboola.com	1 redirects www.komando.com
6	imasdk.googleapis.com	player.anyclip.com imasdk.googleapis.com
6	cdn.taboola.com	www.komando.com cdn.taboola.com
5	ssl.gstatic.com	www.komando.com
5	fastlane.rubiconproject.com	a.pub.network
5	sb.scorecardresearch.com	2 redirects cdn.taboola.com www.komando.com
5	fonts.googleapis.com	www.komando.com securepubads.g.doubleclick.net
5	cookie-cdn.cookiepro.com	www.komando.com cookie-cdn.cookiepro.com
4	trafficmanager.anyclip.com	player.anyclip.com
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
4	ib.adnxs.com	2 redirects a.pub.network
4	apis.google.com	www.komando.com apis.google.com
4	platform.twitter.com	www.komando.com platform.twitter.com
4	connect.facebook.net	www.komando.com connect.facebook.net t.co
3	googleads.g.doubleclick.net	www.komando.com
3	x.bidswitch.net	3 redirects
3	cm.g.doubleclick.net	2 redirects www.komando.com
3	c.amazon-adsystem.com	a.pub.network c.amazon-adsystem.com
3	pixel.wp.com	www.komando.com
3	www.facebook.com	connect.facebook.net www.komando.com
3	a.pub.network	www.komando.com a.pub.network
3	player.anyclip.com	www.komando.com player.anyclip.com imasdk.googleapis.com
2	eb2.3lift.com	1 redirects a.pub.network
2	c.pub.network	a.pub.network
2	c1.adform.net	2 redirects
2	ce.lijit.com	1 redirects www.komando.com
2	match.adsrvr.org	2 redirects
2	b1sync.zemanta.com	2 redirects
2	bh.contextweb.com	1 redirects www.komando.com
2	px.powerlinks.com	2 redirects
2	sync.taboola.com	1 redirects
2	rtb.mfadsrvr.com	2 redirects
2	aax-eu.amazon-adsystem.com	1 redirects c.amazon-adsystem.com
2	hbx.media.net	a.pub.network hbx.media.net
2	widget.perfectmarket.com	cdn.taboola.com widget.perfectmarket.com
2	s0.2mdn.net	player.anyclip.com imasdk.googleapis.com
2	vid.springserve.com	player.anyclip.com
2	www.youtube.com	apis.google.com
2	mrb.upapi.net	freestar-io.videoplayerhub.com mrb.upapi.net
2	d.pub.network	a.pub.network
2	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	users.api.jeeng.com	www.komando.com sdk.jeeng.com
1	trc-events.taboola.com	cdn.taboola.com
1	anyclip-player.s3.amazonaws.com	www.komando.com
1	cdn.districtm.io	a.pub.network
1	acdn.adnxs.com	a.pub.network
1	eus.rubiconproject.com	a.pub.network
1	static.doubleclick.net	www.komando.com
1	sync-t1.taboola.com
1	cds.taboola.com	www.komando.com
1	bttrack.com	www.komando.com
1	e1.emxdgt.com	www.komando.com
1	dsp.adkernel.com	www.komando.com
1	rtb-csync.smartadserver.com	www.komando.com
1	www.storygize.net	1 redirects
1	simage2.pubmatic.com	www.komando.com
1	stags.bluekai.com	1 redirects
1	sync.mathtag.com	1 redirects
1	pixel.rubiconproject.com	www.komando.com
1	match.taboola.com	www.komando.com
1	pixel.quantserve.com	www.komando.com
1	rules.quantcount.com	secure.quantserve.com
1	6deaf63485e83e86dc13f33f3b176636.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	syndication.twitter.com	www.komando.com
1	backend.upapi.net	mrb.upapi.net
1	secure.quantserve.com	a.pub.network
1	tlx.3lift.com	a.pub.network
1	web.hb.ad.cpe.dotomi.com	a.pub.network
1	dmx.districtm.io	a.pub.network
1	ads.yieldmo.com	a.pub.network
1	ad-delivery.net	www.komando.com
1	ad.doubleclick.net	www.komando.com
1	lreprx-server.anyclip.com	player.anyclip.com
1	accounts.google.com	apis.google.com
1	www.google.de	www.komando.com
1	widget-modal-popup-v2-prod.firebaseapp.com	sdk.jeeng.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	graph.facebook.com	www.komando.com
1	api.pinterest.com	www.komando.com
1	api.stack-sonar.com	www.komando.com
1	config.anyclip.com	player.anyclip.com
1	freestar-io.videoplayerhub.com	a.pub.network
1	www.googletagservices.com	a.pub.network
1	www.stack-sonar.com	www.komando.com
1	www.googletagmanager.com	www.komando.com
1	stats.wp.com	www.komando.com
1	sdk.jeeng.com	www.komando.com
1	t.co
0	vpaid.springserve.com Failed	player.anyclip.com
313	103

This site contains links to these domains. Also see Links.

Domain
community.komando.com
www.dreamstime.com
en.wikipedia.org
anyclip.com
us-cert.cisa.gov
deals.komando.com
www.amazon.com
om.forgeofempires.com
trc.taboola.com
www.conflictnations.com
hero-wars.com
om.elvenar.com
money-hero-tracking.org
popup.taboola.com
go.babbel.com
healthygeorge.com
www.healthy-woman-mag.com
stalence-alawants.icu
www.vpnmentor.com
om.grepolis.com
lovely-healthy.com
www.weststar.com
www.facebook.com
www.instagram.com
www.pinterest.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
www.komando.com Let's Encrypt Authority X3	`2020-08-18` - `2020-11-16`	3 months	crt.sh
cookiepro.com Cloudflare Inc ECC CA-3	`2020-07-06` - `2021-07-06`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
cert-00012-cdnedge-bluemix.akamaized.net Let's Encrypt Authority X3	`2020-09-18` - `2020-12-17`	3 months	crt.sh
www.filipg.se Let's Encrypt Authority X3	`2020-08-20` - `2020-11-18`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.anyclip.com Go Daddy Secure Certificate Authority - G2	`2020-07-13` - `2022-07-13`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-17` - `2021-07-17`	a year	crt.sh
www.stack-sonar.com Amazon	`2020-04-21` - `2021-05-21`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2020-03-17` - `2021-05-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.taboola.com DigiCert SHA2 Secure Server CA	`2020-08-10` - `2021-12-31`	a year	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2020-07-16` - `2021-08-04`	a year	crt.sh
firebaseapp.com GTS CA 1O1	`2019-10-28` - `2020-10-26`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
accounts.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.springserve.com Amazon	`2020-09-03` - `2021-10-03`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
p.ssl.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-09-03` - `2021-02-22`	a year	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.yieldmo.com Amazon	`2020-06-23` - `2021-07-23`	a year	crt.sh
*.sharethrough.com Amazon	`2020-09-09` - `2021-10-11`	a year	crt.sh
districtm.io Cloudflare Inc ECC CA-3	`2020-07-01` - `2021-07-01`	a year	crt.sh
ad.cpe.dotomi.com GlobalSign RSA OV SSL CA 2018	`2020-03-30` - `2022-06-25`	2 years	crt.sh
*.3lift.com Amazon	`2020-07-04` - `2021-08-05`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
backend.upapi.net GTS CA 1D2	`2020-09-09` - `2020-12-08`	3 months	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2020-06-15` - `2021-06-15`	a year	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
*.smartadserver.com DigiCert Global CA G2	`2020-02-03` - `2022-02-03`	2 years	crt.sh
*.adkernel.com COMODO RSA Domain Validation Secure Server CA	`2017-11-17` - `2021-01-05`	3 years	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2020-05-18` - `2021-07-17`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2019-03-19` - `2021-04-13`	2 years	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2020-04-13` - `2021-04-14`	a year	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2019-11-09` - `2021-03-12`	a year	crt.sh

This page contains 23 frames:

Primary Page: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Frame ID: ECAB2DFB42E1098D85D25E32387E1DFC
Requests: 208 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.komando.com
Frame ID: F538DEBE8F15DA321624D837F3E955E2
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v4.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df239358928a34a8%26domain%3Dwww.komando.com%26origin%3Dhttps%253A%252F%252Fwww.komando.com%252Ff109249f9c2a418%26relation%3Dparent.parent&container_width=394&href=https%3A%2F%2Fwww.facebook.com%2Fkimkomando&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&width=
Frame ID: B63D9F661C872DAE60718C1AD5FD198F
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?usegapi=1&channel=kimkomandoshow&layout=default&theme=dark&count=hidden&origin=https%3A%2F%2Fwww.komando.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__
Frame ID: 5BD7CA427C7C8888F20A47C84394B449
Requests: 1 HTTP requests in this frame

Frame: https://widget-modal-popup-v2-prod.firebaseapp.com/update-user-data.html?domain_id=VAkN2egYB1&uid=5381867c-7dd1-4045-9982-50c7bf41a5ff&language=en-US&profile=
Frame ID: 42D3D768184FDDF13CB818C6A3B029AD
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.komando.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__
Frame ID: 6618BEDCE1E0D84A7F1698807816C875
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
Frame ID: D01398EFA1E00A8F8429764B6D64E238
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t
Frame ID: 9D3835BF4DF26A3D13EBBD1B27F9EC89
Requests: 1 HTTP requests in this frame

Frame: https://hbx.media.net/checksync.php?&vsSync=1&cs=17&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C226%2C10000&refUrl=https%3A%2F%2Ft.co%2FqRabxaM6G5&usp_status=0&usp_consent=1&https=1&gdpr=1&gdprconsent=2
Frame ID: 2E3E342737B2F57E1FCAE072A2A97F49
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=a8563797-2904-4f54-b938-011b7056c592&tbid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&query=taboola_hm%3Da8563797-2904-4f54-b938-011b7056c592&isDirect=0
Frame ID: FFFA353A6BD4FE905F8CAC129B3F823F
Requests: 20 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCU9HtOaaO-lcitPVVdsq99w&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__
Frame ID: 4899CD02C94977F0B964ACC88485D979
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: 8FC1625806C68139D4B632BA553534D9
Requests: 15 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: C71921E45D0096E3C1B3C382F11FE4E4
Requests: 16 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: 8AB6E32BE79870D2113E1129DCC35673
Requests: 17 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: FDE381BDCC2A6F55001058BB7DDF3FC1
Requests: 20 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: 22EE5090F69B2DCEA981A1A6BF16078D
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html
Frame ID: 3756A68C055E01E92F6E2437BC5A3D43
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=0&gdpr_consent=
Frame ID: DD3E5803B13A91CEDBC02D51ED5FAABF
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 2C6D1D44B97068946041BE6AD8728062
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: CED6CADB51D9C40A828A10E3AB74DBBD
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: AF0E19B69191BE6C636A31CE9C7040AC
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html
Frame ID: 29C5C1DDF12BFF6DF47769567CA305A8
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/loader.js
Frame ID: 6DE1196DB243DEC14CAE8A68A0FB5EC8
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/qRabxaM6G5 Page URL
https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /script\.crazyegg\.com\/pages\/scripts\/\d+\/\d+\.js/i

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

Page Statistics

313
Requests

99 %
HTTPS

40 %
IPv6

61
Domains

103
Subdomains

83
IPs

11
Countries

3803 kB
Transfer

14405 kB
Size

37
Cookies

36 Outgoing links

These are links going to different origins than the main page.

URL: https://community.komando.com/watch/
Title: Watch

Search URL Search Domain Scan URL

URL: https://community.komando.com/listen/
Title: Listen

Search URL Search Domain Scan URL

URL: https://community.komando.com/
Title: Login/join the community

Search URL Search Domain Scan URL

URL: https://www.dreamstime.com/bug-as-symbol-malware-trojan-virus-program-code-hacking-theft-personal-information-data-green-pixel-locks-red-image179472219
Title: Dreamstime.com

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Ryu_(Street_Fighter)
Title: Read More

Search URL Search Domain Scan URL

URL: https://anyclip.com/?source=logo&wid=0011r00002HG7NL_1462

Search URL Search Domain Scan URL

URL: https://us-cert.cisa.gov/ncas/alerts/aa20-266a
Title: The DHS is issuing a warning about Lokibot infections

Search URL Search Domain Scan URL

URL: https://deals.komando.com/sales/the-complete-american-sign-language-master-class-bundle?utm_source=komando.com&utm_medium=referral&utm_campaign=the-complete-american-sign-language-master-class-bundle&utm_term=scsf-433501&utm_content=a0x1P000004Y7oDQAS&scsonar=1
Title: Learn American Sign Language with this online master class

Search URL Search Domain Scan URL

URL: https://www.amazon.com/dp/B08DZ2GGJ7
Title: Get the eBook

Search URL Search Domain Scan URL

URL: https://om.forgeofempires.com/foe/?ref=tab_row_en_mktdet2&&external_param=235914724&pid=komando&bid=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F34ae3d8438b9f0684092dd84dd25fdb9.jpeg&tblci=GiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDJqD8#tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDJqD8
Title: Forge of Empires - Free Online Game

Search URL Search Domain Scan URL

URL: https://trc.taboola.com/komando/log/3/click?pi=%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&it=text&ii=~~V1~~55955240593467926~~Wvlx8Gz1J8z74M8LXV9bL5_sQ_3LbJGDv58BAKC6MjjTxvAnL2wqac4MyzR7uD46gj3kUkbS3FhelBtnsiJV6MhkDZRZzzIqDobN6rWmCPC48F0JiCmDMgkIHNlZwGHi2UHFokHn2KrdJW29vzrRTi0ek8iA64CMwCh_F3w9O33c970hLJsPrAvznXxwminWHVuIxD0HLGwDWSn9OyFDWg7Jpo7JxQKQKm2rHZN8kjOvKrtZVoqVwlQl-IkcdRmu&pt=text&li=rbox-t2m&sig=f3759a58e70b8f7f5181d5120a72a12b8644d9eb1a1f&redir=https%3A%2F%2Fom.forgeofempires.com%2Ffoe%2F%3Fref%3Dtab_row_en_mktdet2%26%26external_param%3D235914724%26pid%3Dkomando%26bid%3Dhttp%253A%252F%252Fcdn.taboola.com%252Flibtrc%252Fstatic%252Fthumbnails%252F34ae3d8438b9f0684092dd84dd25fdb9.jpeg%26tblci%3DGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDJqD8%23tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDJqD8&vi=1601045226133&p=innogamesforgeofempiressc&r=26&tvi2=2984&lti=cta2_var&ppb=CGU&cpb=El8yMDIwMDkxNy0xM19iMTktUFItMjk2OTAtREVWLTcxODY0LXdyaXRlLWN0YS1keW5hbWljLW1vZHVsZS1hcy1sYXp5LW1vZHVsZS00OGUyYzUzNmNjMy1TTkFQU0hPVBizISCX4TEqGWFtLnRhYm9vbGFzeW5kaWNhdGlvbi5jb20yCndhdGVyNDAxMTU4gPS6zwVAwasISO-JEFDop-EDWP___________wFjCIAVELEdGCBkYwioEBCoFxgCZGMIyQoQiRAYE2RjCNQUEJQdGAdkYwiWFBCZHBgYZGMI0gMQ4AYYCGRjCMwSEJAaGAlkYwieFRDWHRgKZGMI9AcQ5gwYDmRjCPQUEM8dGB9k&cta=true
Title: Play Now

Search URL Search Domain Scan URL

URL: https://www.conflictnations.com/index.php?id=322&lp=108&lpv=1&c=20041&r=18772&placement=komando_1008999&tblci=GiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCg3ko#tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCg3ko
Title: Conflict Of Nations : World War III

Search URL Search Domain Scan URL

URL: https://hero-wars.com/?hl=en&l=loot&l=loot&m=registration&nx_source=adx_taboola.hw_wb_u5_-.cc-ww_en.au-mix5_vid.cr-gofra63_h_en_8_vid.lp-loot.dt-taboola.cid-6306196.agid-2928551071.pt-1008999.csd-170920.-&tblci=GiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDlwUc#tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDlwUc
Title: Hero Wars

Search URL Search Domain Scan URL

URL: https://om.elvenar.com/ox/us/?ref=tab_row_en&&external_param=2924683243&pid=komando&bid=2924683243&tblci=GiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCPyT8#tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCPyT8
Title: Elvenar - Free Online Game

Search URL Search Domain Scan URL

URL: https://trc.taboola.com/komando/log/3/click?pi=%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&it=text&ii=~~V1~~6631270943088677674~~9_OxxREIfQmJlAYvsJIPqOsgJi0pZITZuiqllcjUCJs9ZEj1nSOh25J82sTDXEn1oWs157JoiAAXIKi9-eLaKG3GM7Q_aWDX9O8A-oTuarixBPCYZK8r6UBdD92-ZjSBuY_aRq3JUEQryUwnCdyeus2nqVeXMiehFdvv1dAgr2C9LUWFFG8tVKlufGtEdfpetiqOt2CS5yxOJEMXlpVRv8CWrmcdwkZyWIISdiXNNCIrQrAxM4T4oNVhfkvo7rIV&pt=text&li=rbox-t2m&sig=378a910bfc5a6db895eff65a0ebe473cbf19d8502937&redir=https%3A%2F%2Fom.elvenar.com%2Fox%2Fus%2F%3Fref%3Dtab_row_en%26%26external_param%3D2924683243%26pid%3Dkomando%26bid%3D2924683243%26tblci%3DGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCPyT8%23tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCPyT8&vi=1601045226133&p=elvinar-sc&r=75&tvi2=2984&lti=cta2_var&ppb=CGU&cpb=El8yMDIwMDkxNy0xM19iMTktUFItMjk2OTAtREVWLTcxODY0LXdyaXRlLWN0YS1keW5hbWljLW1vZHVsZS1hcy1sYXp5LW1vZHVsZS00OGUyYzUzNmNjMy1TTkFQU0hPVBizISCX4TEqGWFtLnRhYm9vbGFzeW5kaWNhdGlvbi5jb20yCndhdGVyNDAxMTU4gPS6zwVAwasISO-JEFDop-EDWP___________wFjCIAVELEdGCBkYwioEBCoFxgCZGMIyQoQiRAYE2RjCNQUEJQdGAdkYwiWFBCZHBgYZGMI0gMQ4AYYCGRjCMwSEJAaGAlkYwieFRDWHRgKZGMI9AcQ5gwYDmRjCPQUEM8dGB9k&cta=true
Title: Play Now

Search URL Search Domain Scan URL

URL: https://money-hero-tracking.org/click?trvid=10689&clickid=GiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCT1k0&campid={campaign}&creaid=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fd3003794a791c0ec027b38d894d0ac58.jpg&siteid=komando&titlex=Czech+Republic%3A+A+40%2B+Dating+Site+That+Actually+Works%21#tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCT1k0
Title: Singles50

Search URL Search Domain Scan URL

URL: https://trc.taboola.com/komando/log/3/click?pi=%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&it=text&ii=~~V1~~2216488164356695667~~sR4nLj47MW7W3sCLRj1R1sxBUgNS-hfqjz1iIw2xrzzTxvAnL2wqac4MyzR7uD46gj3kUkbS3FhelBtnsiJV6MhkDZRZzzIqDobN6rWmCPC48F0JiCmDMgkIHNlZwGHiaaASzke-g38X1igmdRMv-q53LSyMKeMQEsYfVCb5UqbdvD51NwvV-F4Ff9YYkJZYdU4C4qr07fjXIFUfkdoNDMYTNUtzS51CdFQfu3gvs40&pt=text&li=rbox-t2m&sig=742dddd8730838e6e054712346517f6f5a0727d25b18&redir=https%3A%2F%2Fmoney-hero-tracking.org%2Fclick%3Ftrvid%3D10689%26clickid%3DGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCT1k0%26campid%3D%7Bcampaign%7D%26creaid%3Dhttp%253A%252F%252Fcdn.taboola.com%252Flibtrc%252Fstatic%252Fthumbnails%252Fd3003794a791c0ec027b38d894d0ac58.jpg%26siteid%3Dkomando%26titlex%3DCzech%2BRepublic%253A%2BA%2B40%252B%2BDating%2BSite%2BThat%2BActually%2BWorks%2521%23tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCT1k0&vi=1601045226133&p=utgleadgen-sc2&r=74&tvi2=2984&lti=cta2_var&ppb=CGU&cpb=El8yMDIwMDkxNy0xM19iMTktUFItMjk2OTAtREVWLTcxODY0LXdyaXRlLWN0YS1keW5hbWljLW1vZHVsZS1hcy1sYXp5LW1vZHVsZS00OGUyYzUzNmNjMy1TTkFQU0hPVBizISCX4TEqGWFtLnRhYm9vbGFzeW5kaWNhdGlvbi5jb20yCndhdGVyNDAxMTU4gPS6zwVAwasISO-JEFDop-EDWP___________wFjCIAVELEdGCBkYwioEBCoFxgCZGMIyQoQiRAYE2RjCNQUEJQdGAdkYwiWFBCZHBgYZGMI0gMQ4AYYCGRjCMwSEJAaGAlkYwieFRDWHRgKZGMI9AcQ5gwYDmRjCPQUEM8dGB9k&cta=true
Title: Learn More

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=komando&utm_medium=referral&utm_content=alternating-thumbnails-rr:Alternating%20Right%20Rail%20Thumbnails:
Title:

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=komando&utm_medium=referral&utm_content=thumbnails-b:Right%20Rail%20Thumbnails:
Title:

Search URL Search Domain Scan URL

URL: https://om.forgeofempires.com/foe/us/?ref=tab_row_en_adeven4&&external_param=2853437569&pid=komando&bid=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fc47701d555fd706bf758fdfd01d2e9e5.jpeg&tblci=GiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDJqD8#tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDJqD8
Title: Forge of Empires - Free Online Game

Search URL Search Domain Scan URL

URL: https://go.babbel.com/v1/tl?bsc=engmag-belen-cd-global-xo-tb&btp=default&utm_source=Taboola&utm_medium=CON&utm_campaign=CD_ENGALL_gEN_cXO_Belen_TB_Global&utm_content=1008999_5567190_2928163050&tcid=GiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDuxj0&tblci=GiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDuxj0#tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDuxj0
Title: Babbel

Search URL Search Domain Scan URL

URL: https://trc.taboola.com/komando/log/3/click?pi=%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764&ri=2fcddf9508e5eb0dec65799da314bd17&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&it=text&ii=~~V1~~-6780617175985077637~~QSENowSTTLxMhR3R-82r8bhJFqWY8oHsw7RVDv2MvaondpXq_nTToVci-tV_1bYyPVPbFHdycXfyr1VxmozLcWANN93_dhGoNVU93HODOAawecwlYupV-ADLiqSJCBxnkF2brjDLkjXtE0mWjyPKoJstB9Mtqk8wFlolRmVfQtYZs1KikhCKEhLNYUVSRiLktKYegE-9eqjcB5q_-arhCW3lIBlMeGujdouPQDAcordJ3Vjc3de0zIhoJSH_1k7Buq180H09KMMGWKDra9vB9w&pt=text&li=rbox-t2m&sig=5b36ca989528101ca234f2aa2fdaf370c892ca9e10a5&redir=https%3A%2F%2Fgo.babbel.com%2Fv1%2Ftl%3Fbsc%3Dengmag-belen-cd-global-xo-tb%26btp%3Ddefault%26utm_source%3DTaboola%26utm_medium%3DCON%26utm_campaign%3DCD_ENGALL_gEN_cXO_Belen_TB_Global%26utm_content%3D1008999_5567190_2928163050%26tcid%3DGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDuxj0%26tblci%3DGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDuxj0%23tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDuxj0&vi=1601045226133&p=babbel-sc&r=34&tvi2=2984&lti=cta2_var&ppb=CKwB&cpb=El8yMDIwMDkxNy0xM19iMTktUFItMjk2OTAtREVWLTcxODY0LXdyaXRlLWN0YS1keW5hbWljLW1vZHVsZS1hcy1sYXp5LW1vZHVsZS00OGUyYzUzNmNjMy1TTkFQU0hPVBizISCX4TEqGWFtLnRhYm9vbGFzeW5kaWNhdGlvbi5jb20yCndhdGVyNDAxMTU4gPS6zwVAwasISO-JEFDop-EDWP___________wFjCIAVELEdGCBkYwioEBCoFxgCZGMIyQoQiRAYE2RjCNQUEJQdGAdkYwiWFBCZHBgYZGMI0gMQ4AYYCGRjCMwSEJAaGAlkYwieFRDWHRgKZGMI9AcQ5gwYDmRjCPQUEM8dGB9k&cta=true
Title: Try Now

Search URL Search Domain Scan URL

URL: https://healthygeorge.com/weight-loss/celebrities-lost-weight-jg?utm_source=taboola&utm_medium=komando&utm_campaign=5815077&utm_term=Remember+Him%3F+Take+A+Deep+Breath+Before+You+See+What+He+Looks+Like+Now&utm_content=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5136b73b6975b2faa2f69dbb77414565.jpg
Title: Healthy George

Search URL Search Domain Scan URL

URL: http://www.healthy-woman-mag.com/2020/01/04/21-hollywoods-golden-age-celebrities-who-are-still-alive-and-kicking/?utm_source=taboola&utm_medium=referral&utm_campaign=Ali_ALL-SITE&utm_term=komando&utm_content=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fe7f2dc9bb5bff0b7cf7f2a89c7077a94.jpg-Ali+MacGraw+Is+Almost+85%2C+Try+Not+To+Smile+When+You+See+Her+Now%21#tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiClu0Y
Title: HealthyWomenMag

Search URL Search Domain Scan URL

URL: https://stalence-alawants.icu/4900a54e-27a7-4c07-8dba-391edfe7dc5a?utm_source=taboola&utm_medium=referral&site=komando&site_id=1008999&thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F250f1743426da24d288a4b3d3934377a.jpg&c=5837762&tblci=GiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiD91Eo#tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiD91Eo
Title: News gadget

Search URL Search Domain Scan URL

URL: https://www.vpnmentor.com/popular/unblock-netflix-if-you-reside-outside-the-us/?utm_source=taboola&utm_medium=paid&tblcid=GiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCs8U4&campaign=Netflix+ROW+-+Premium+-+New&campaignid=5350647&site=komando&siteid=1008999&title=How+To+Watch+American+Netflix+if+You+Are+Outside+The+US&image=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FSKP%2F1032516774__UGubyCf8.jpg&accountid=1292460&ad=2912222944&tblci=GiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCs8U4#tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiCs8U4
Title: VPN Mentor

Search URL Search Domain Scan URL

URL: https://om.grepolis.com/grepo/us/?ref=tab_row_en&&external_param=2895607928&pid=komando&bid=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fd3e331528466d160ff1223da15f5ceab.png&tblci=GiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDlp0A#tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiDlp0A
Title: Grepolis - Online Free Game

Search URL Search Domain Scan URL

URL: https://lovely-healthy.com/21-celebs-who-have-already-come-out-that-they-are-gay/?utm_source=taboola&utm_medium=referral&utm_campaign=Gay_ALL-SITE&utm_term=komando&utm_content=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Ff474365cff6e89cb4df22ae1e68116da.jpg-21+Celebs+Who+Are+Gay+-+No.13+Will+Shock+Men%C2%A0%C2%A0#tblciGiCwq3tdy38JLzLdEl9BlOvjvCfQG7bq2-ERUX58HuG0ZiClu0Y
Title: LovelyHealthyMag

Search URL Search Domain Scan URL

URL: https://www.weststar.com/
Title: About us

Search URL Search Domain Scan URL

URL: https://www.facebook.com/kimkomando
Title: facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/kimkomando/
Title: instagram

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/kimkomando/
Title: pinterest

Search URL Search Domain Scan URL

URL: https://twitter.com/kimkomando
Title: twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/kimkomando
Title: youtube youtube

Search URL Search Domain Scan URL

URL: https://anyclip.com/?source=powered&wid=0011r00002HG7NL_1462
Title: Powered by AnyClip

Search URL Search Domain Scan URL

URL: https://anyclip.com/privacy-policy/?source=policy&wid=0011r00002HG7NL_1462
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/qRabxaM6G5 Page URL
https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 123

https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1601045225950&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=https%3A%2F%2Ft.co%2FqRabxaM6G5 HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1601045225950&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=https%3A%2F%2Ft.co%2FqRabxaM6G5&cs_ak_ss=1

Request Chain 124

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601045225956&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=https%3A%2F%2Ft.co%2FqRabxaM6G5 HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601045225956&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=https%3A%2F%2Ft.co%2FqRabxaM6G5&cs_ak_ss=1

Request Chain 133

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t

Request Chain 139

https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola HTTP 302
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=a8563797-2904-4f54-b938-011b7056c592 HTTP 302
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=a8563797-2904-4f54-b938-011b7056c592&tbid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&query=taboola_hm%3Da8563797-2904-4f54-b938-011b7056c592&isDirect=0

Request Chain 141

https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Fam-sync.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D&orig=trc HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=113&redir=%2F%2Fpx.powerlinks.com%2Fuser%2Fsync%2Fdsps%3FuserId%3D%5BMM_UUID%5D%26sourceId%3Daa4e7548-789b-4df8-a72f-d951a5b206eb%26sync%3D0%26rurl%3Dhttps%25253A%25252F%25252Fam-sync.taboola.com%25252Fsg%25252Fpowerlinksdsp-network%25252F1%25252Frtb-h%25252F%25253Ftaboola_hm%25253DKhx8UPChClI64NbmRdt1L5LMqYy03yKc4acfSP0AtbE%2525253D HTTP 302
https://px.powerlinks.com/user/sync/dsps?userId=6ac15f6e-02ea-4c00-83b4-c77f7ea7f2a0&sourceId=aa4e7548-789b-4df8-a72f-d951a5b206eb&sync=0&rurl=https%3A%2F%2Fam-sync.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3DKhx8UPChClI64NbmRdt1L5LMqYy03yKc4acfSP0AtbE%253D HTTP 302
https://am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=Khx8UPChClI64NbmRdt1L5LMqYy03yKc4acfSP0AtbE%3D

Request Chain 142

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fam-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc HTTP 302
https://am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=hugPDl6xHchh&ev=1&orig=trc&pid=562107

Request Chain 143

https://b1sync.zemanta.com/usersync/taboola/?puid={user_id}&cb=https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=__ZUID__&orig=trc HTTP 302
https://stags.bluekai.com/site/23178?id=u8i_z9WteNN-OP-wJzzq&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LBNZ2GC4TUMIWW4ZLUO5XXE2ZPGEXXE5DCFVUC6P3FPBRWQYLOM5ST25DBMJXW63DBEZ2GCYTPN5WGCX3INU6XKODJL55DSV3UMVHE4LKPKAWXOST2PJYQ HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LBNZ2GC4TUMIWW4ZLUO5XXE2ZPGEXXE5DCFVUC6P3FPBRWQYLOM5ST25DBMJXW63DBEZ2GCYTPN5WGCX3INU6XKODJL55DSV3UMVHE4LKPKAWXOST2PJYQ HTTP 302
https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=u8i_z9WteNN-OP-wJzzq

Request Chain 144

https://ib.adnxs.com/getuidnb?https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc HTTP 302
https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=7823814188528686151&orig=trc

Request Chain 145

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm=&google_sc=&google_tc= HTTP 302
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEOFgZoo5qP_gJLRUHqpECiw&google_cver=1

Request Chain 147

https://am-sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a

Request Chain 148

https://ib.adnxs.com/getuidnb?https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc HTTP 302
https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=7823814188528686151&orig=trc

Request Chain 149

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=393d20d1-d474-4171-a1db-84ea3a8fa6d0

Request Chain 150

https://ce.lijit.com/merge?pid=42&3pid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&us_privacy=&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=42&3pid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&us_privacy=&gdpr=0&gdpr_consent=&dnr=1

Request Chain 152

https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a HTTP 302
https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301

Request Chain 158

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=taboola HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=taboola HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=4954171450643499117&ssp=taboola HTTP 302
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=6bd478e3-9f77-4936-9b4b-ae9cc355dd60

Request Chain 258

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 259

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 260

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 280

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

313 HTTP transactions
19 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 qRabxaM6G5 Show response
t.co/ 386 B
415 B 166ms
166ms Document
text/html 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/qRabxaM6G5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

e4cf21977fe9d77ad54283c5762abe817fe7ee152cb5ce4aa967d6627d899143

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

:method: GET
:authority: t.co
:scheme: https
:path: /qRabxaM6G5
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: private,max-age=300
content-encoding: gzip
content-length: 226
content-type: text/html; charset=utf-8
date: Fri, 25 Sep 2020 14:47:04 GMT
expires: Fri, 25 Sep 2020 14:52:04 GMT
server: tsa_o
set-cookie: muc=8434695a-b96e-44cc-a28f-36f938a2a6ba; Max-Age=63072000; Expires=Sun, 25 Sep 2022 14:47:04 GMT; Domain=t.co; Secure; SameSite=None
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: be18d6482dc3c2d016ec6cfd1039c4b7
x-response-time: 119
x-xss-protection: 0

GET
H2 200 Primary Request / Show response
www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/ 406 KB
89 KB 236ms
204ms Document
text/html 2606:4700::6812:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Requested by

Host: t.co
URL: https://t.co/qRabxaM6G5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a860 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

cb4bfa8d3dd2fcd7fb508d8991e6ecde201b8f8fca49f130584b9cfc11445083

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.komando.com
:scheme: https
:path: /security-privacy/lokibot-keylogger-spreading/755764/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://t.co/qRabxaM6G5
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://t.co/qRabxaM6G5

Response headers

status: 200
date: Fri, 25 Sep 2020 14:47:04 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d01824133e2f64e62c73e19ecade7780d1601045224; expires=Sun, 25-Oct-20 14:47:04 GMT; path=/; domain=.www.komando.com; HttpOnly; SameSite=Lax k3FormInserters=%7B%2215940519701%22%3A%222020-10-02%2014%3A40%3A29%22%2C%22generalExpiration%22%3A%222020-09-28%2014%3A40%3A29%22%7D; expires=Wed, 01-Jan-2031 00:00:00 GMT; Max-Age=323947171; path=/ k3ModalInserters=%7B%2215940546631%22%3A%222020-10-02%2014%3A40%3A29%22%2C%22generalExpiration%22%3A%222020-09-28%2014%3A40%3A29%22%7D; expires=Wed, 01-Jan-2031 00:00:00 GMT; Max-Age=323947171; path=/
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-frame-options: SAMEORIGIN
link: <https://www.komando.com/wp-json/>; rel="https://api.w.org/" <https://www.komando.com/wp-json/wp/v2/posts/755764>; rel="alternate"; type="application/json" <https://www.komando.com/?p=755764>; rel=shortlink
x-elasticpress-query: true
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 5
x-cache-group: normal
cf-cache-status: DYNAMIC
cf-request-id: 05675472ec000096a42e964200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5d8589cb1f6c96a4-FRA
content-encoding: gzip

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ 12 KB
4 KB 53ms
28ms Script
application/javascript 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

396197a350c5f917f454cb764fa31f624d64f8fbac73445c4d2862bad7ca22bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: reFiWB6U0BSmOZ1FSpYaOw==
age: 5223
status: 200
cf-request-id: 05675473dd00002b126d279200000001
x-ms-lease-status: unlocked
last-modified: Fri, 11 Sep 2020 01:42:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f5babbb1-701e-00b1-3ce8-872658000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 5d8589cc98102b12-FRA

GET
H2 200 css
fonts.googleapis.com/ 17 KB
1 KB 21ms
20ms Stylesheet
text/css 2a00:1450:4001:818::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e4a66d01f6e756434873901b4c7c7fd74d0a2c08710e8e2bec2113f97dcff2d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 14:47:04 GMT
server: ESF
date: Fri, 25 Sep 2020 14:47:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Sep 2020 14:47:04 GMT

GET
H2 200 configs Show response
users.api.jeeng.com/users/domains/VAkN2egYB1/sdk/ 1 KB
927 B 92ms
49ms Script
text/javascript 2a02:26f0:6c00::210:bb43
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://users.api.jeeng.com/users/domains/VAkN2egYB1/sdk/configs
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:bb43 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Google Frontend / Express
Resource Hash: 4da0cfe7279f36691206db9bab178c333419282ddf72aff956b8408e4319471f

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: gzip
etag: W/"502-ViJ/sYEA7UIuNjUhFDujsEqHX7A"
server: Google Frontend
status: 200
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: bfadb1abc843fd9f7a3946330e0eca92
cache-control: max-age=3001
content-length: 700

GET
H2 200 v3.js Show response
sdk.jeeng.com/ 492 KB
108 KB 198ms
85ms Script
text/javascript 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.jeeng.com/v3.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

76acf8c85fbf30f66baaf8a77b45a8c55239360611284cbd426bafeaf12806ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Thu, 03 Sep 2020 16:24:28 GMT
x-timer: S1601045225.591051,VS0,VE0
etag: "86bc67d8013fe6abe723ac297daa52084dc88b1c37b0ad399cf0552e9ad9b41d-br"
x-served-by: cache-hhn4082-HHN
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=3600
date: Fri, 25 Sep 2020 14:47:04 GMT
accept-ranges: bytes
content-length: 110062
x-cache-hits: 44941

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 20ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2f97f0b5a1d96121848e4281cb62c032c59da56b68b873167e03b2c44c2b7a81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.komando.com
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: IR+M0GbyPAB1snxPyTCXVw==
status: 200
cross-origin-resource-policy: cross-origin
expires: Fri, 25 Sep 2020 14:47:44 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1781
etag: "a616b317a943e35ac42da1c7602e1d46"
x-fb-debug: fMvGecxSrggInx4FA5ztYpfbscA1dI844LuJuw4rGf72WM6lmyldiwEtSo8wcy7xvxphdB2OipLFMeJqQWymKg==
x-fb-trip-id: 1460883810
x-fb-content-md5: d80d67275ec9ee0e58b76a07bcc66df5
date: Fri, 25 Sep 2020 14:47:04 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 9ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40B0) /
Resource Hash: a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 20:40:54 GMT
Server: ECS (fcn/40B0)
Age: 981
Etag: "a58136137a93f33c1d165df7d4d973f8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28881

GET
H2 200 platform.js Show response
apis.google.com/js/ 49 KB
19 KB 31ms
27ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

092f3201317b7ef608f6a899d395d36cffcca4d6824f00bc50120e84341c76f2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2YFcXhBe4ZCRyveVQzW34Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "81b6c5d10475fc4c0084a56d3b41af80"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-2YFcXhBe4ZCRyveVQzW34Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Fri, 25 Sep 2020 14:47:04 GMT

GET
H/1.1 200
OK lre.js Show response
player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/ 921 KB
236 KB 156ms
64ms Script
application/javascript 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 777a900b48ed2b99b8a4ba93c8a314ee3caeba5ab77e866c8e5ef494f188c1f9

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:04 GMT
Content-Encoding: gzip
Age: 27883
Connection: keep-alive
Content-Length: 241556
x-amz-id-2: zJQQ/BX7Il1deM+LJ0Rq38eMpdljxgpMcvFaTjQWhZTKzfjUK2WZ5oCcHXhK/zapmjFlgKoDAgo=
Last-Modified: Thu, 17 Sep 2020 10:17:09 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: F1BD7E08FE1DE233
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-version-id: jwkzrAv8q8XuzJxtu9nJBgBo_0BcZ0B1
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: aae36ac042fa4f3fbf4dcc2ce5a1a534
Expires: Fri, 25 Sep 2020 07:03:21 GMT

GET
H2 200 lazysizes.min.js Show response
www.komando.com/wp-content/plugins/autoptimize/classes/external/js/ 9 KB
4 KB 36ms
34ms Script
application/javascript 2606:4700::6812:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-content/plugins/autoptimize/classes/external/js/lazysizes.min.js?ao_version=2.7.7
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a860 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b88ddfa92e4cb2646d5c7e19274939caa3495dcb33c307f1bbaec31b1d9691a

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sun, 30 Aug 2020 17:50:42 GMT
server: cloudflare
age: 2160691
etag: W/"5f4be6f2-22ea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5d8589cce89c96a4-FRA
cf-request-id: 0567547410000096a42e97b200000001

GET
H2 200 wp-polyfill.min.js Show response
www.komando.com/wp-includes/js/dist/vendor/ 97 KB
34 KB 24ms
22ms Script
application/javascript 2606:4700::6812:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a860 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96ed609b415be6ee67eadb8d2de7ce64d13de9c928bce8e1373bec97e233e74c

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 19 Sep 2019 15:19:18 GMT
server: cloudflare
age: 2160691
etag: W/"5d839c76-1833d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5d8589cc884796a4-FRA
cf-request-id: 05675473d7000096a42e96b200000001

GET
H2 200 lodash.min.js Show response
www.komando.com/wp-includes/js/dist/vendor/ 72 KB
24 KB 29ms
28ms Script
application/javascript 2606:4700::6812:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.15
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a860 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55e35a1415438685f71fe809dfb0e94ff9d3b994dd8d8ae8f7206bb878d59a84

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sun, 18 Aug 2019 12:31:00 GMT
server: cloudflare
age: 2160691
etag: W/"5d594504-11e2d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5d8589cc884996a4-FRA
cf-request-id: 05675473d7000096a42e96c200000001

GET
H2 200 jquery.js Show response
www.komando.com/wp-includes/js/jquery/ 95 KB
33 KB 27ms
26ms Script
application/javascript 2606:4700::6812:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a860 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: cloudflare
age: 1416558
etag: W/"5cde37d2-17a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5d8589cc884b96a4-FRA
cf-request-id: 05675473d8000096a42e96d200000001

GET
H2 200 formSubscribe.min.js Show response
www.komando.com/wp-content/plugins/k2-prefs-center/public/js/ 7 KB
3 KB 33ms
32ms Script
application/javascript 2606:4700::6812:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-content/plugins/k2-prefs-center/public/js/formSubscribe.min.js?ver=2.2.4
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a860 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aeb08680a67ab108b80d0d5eca97457046c90c4d885d817aac059ed5b47b5fbc

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 09 Jul 2020 23:30:05 GMT
server: cloudflare
age: 2160691
etag: W/"5f07a87d-1cfa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5d8589cc884c96a4-FRA
cf-request-id: 05675473d8000096a42e96e200000001

GET
H2 200 e-202039.js Show response
stats.wp.com/ 9 KB
3 KB 99ms
33ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202039.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
expires: Sun, 19 Sep 2021 22:23:43 GMT

GET
H2 200 autoptimize_31cd2dcd020668663b3824abe7f5215c.js Show response
www.komando.com/wp-content/cache/autoptimize/js/ 180 KB
60 KB 22ms
21ms Script
application/javascript 2606:4700::6812:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-content/cache/autoptimize/js/autoptimize_31cd2dcd020668663b3824abe7f5215c.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a860 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 126b0db475dac8550795ad28030ebfacde3d381588872e38c9828dc9458e3292

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 02 Sep 2020 15:25:16 GMT
server: cloudflare
age: 1984749
etag: W/"5f4fb95c-2cfcc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5d8589cce89e96a4-FRA
cf-request-id: 0567547410000096a42e97c200000001

GET
H2 200 a79128fe-d59a-42d8-9e14-0260245c83af.json Show response
cookie-cdn.cookiepro.com/consent/a79128fe-d59a-42d8-9e14-0260245c83af/ 2 KB
2 KB 38ms
23ms XHR
application/x-javascript 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/a79128fe-d59a-42d8-9e14-0260245c83af/a79128fe-d59a-42d8-9e14-0260245c83af.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb744b621e8b353c5c4b5cc39f2a7b06855a02634992cbcc0ec6ac30cee45b77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: zRP92IrOASvAvifTF2uOiQ==
age: 5756
status: 200
cf-request-id: 056754740b0000bed3893d0200000001
x-ms-lease-status: unlocked
last-modified: Wed, 23 Sep 2020 16:32:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 2234330e-201e-0077-4ae6-91edd9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 5d8589ccdfe3bed3-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 163 KB
49 KB 54ms
53ms Script
application/javascript 2a00:1450:4001:81a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PWK6RF

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9af6550ca2c42a37009bae2158dca11ca60287039f406a7cc4b6b1df1185ecfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49860
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 25 Sep 2020 14:47:04 GMT

GET
H2 200 pubfig.min.js Show response
a.pub.network/komando-com/ 305 KB
76 KB 98ms
72ms Script
application/javascript 2606:4700:20::ac43:443c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/komando-com/pubfig.min.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:443c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29468b66389df59555ae33050768a903311d689837e6aa6e8e33511869282b93

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: br
cf-cache-status: HIT
x-guploader-uploadid: ABg5-UznmbXhaL_812kjSCA32FNAlbGhJ7B-qXLOvx8Hw-Cp5CB3HQAUWRfyoHdDL1Adz2g7tBTJIweGgBVhglYu3uFpoRxG3g
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
cf-request-id: 05675474280000d6f5d433b200000001
last-modified: Mon, 21 Sep 2020 21:49:14 GMT
server: cloudflare
etag: W/"0c9f250c7d4ace14f64fa892a265565a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=l7/LmQ==, md5=DJ8lDH1KzhT2T6iSomVWWg==
x-goog-generation: 1600724954463575
cache-control: public, max-age=1800
x-goog-stored-content-length: 311838
cf-ray: 5d8589cd0f7fd6f5-FRA
expires: Thu, 24 Sep 2020 21:46:38 GMT

GET
H2 200 ping.js Show response
www.stack-sonar.com/ 6 KB
3 KB 98ms
30ms Script
application/javascript 99.86.243.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stack-sonar.com/ping.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.62 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-62.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5216fcdc6d278ba8cce42f910754b33365608bcba89401423816cc2b7b28f161

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:04:49 GMT
content-encoding: gzip
last-modified: Fri, 06 Sep 2019 17:57:21 GMT
server: AmazonS3
age: 2535
etag: W/"4ccf47293af41539d748a114e8658c75"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: WlwViYlbcMeXytgttauRil_7gsavLINWLHebeiXjdpwMZHGsNfMfWA==
via: 1.1 c2756f406c0dc2bb176f6e2181d7607e.cloudfront.net (CloudFront)

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 11:04:11 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 358973
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 21 Sep 2021 11:04:11 GMT

GET
DATA 200
OK truncated
/ 501 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 51885f3f46c7317c00dc6b36ae543d48f1b3d1c3768381c9f7c8fb47e38214f1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 985 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f3f58c2fd4529fffc91067658a9689ffc59257d6e329de3f156539fdc9d44c3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2fb500f34c1e92bea56bab8e0e5ccd68f794b9a514e5302a2f7e07723938d91b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 209c5a3d5663e93da5f73f50923b757791f11078e28ec10f6138d65d9b00b1a9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db03313b117d5687f500d3a57cf5a279c0e9c92cf8b2182b5ec74257257537c3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ad-background.png
www.komando.com/wp-content/themes/komando/assets/images/ 167 B
321 B 33ms
32ms Image
image/png 2606:4700::6812:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.komando.com/wp-content/themes/komando/assets/images/ad-background.png
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a860 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b94c0c588c960ee9b1b4fdc774c776f770059745e5219ecc28c1cbe5f633ba84

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
cf-cache-status: HIT
last-modified: Wed, 03 Jun 2020 17:53:13 GMT
server: cloudflare
age: 2160766
etag: "5ed7e389-a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 5d8589cd08b096a4-FRA
content-length: 167
cf-request-id: 0567547425000096a42e97d200000001

GET
H3-Q050 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 29ms
13ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 366049
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:15 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 28ms
12ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 10:07:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 362400
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Tue, 21 Sep 2021 10:07:04 GMT

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Origin: https://www.komando.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/6.6.0/ 338 KB
61 KB 73ms
29ms Script
application/javascript 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.6.0/otBannerSdk.js

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fefa6bc00a2fca4d3ca705862d42dfdbb8f69124b2f0cc0896d3c7c2c05890a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: Xs4BplpA7QV+zkRYpo3+wA==
age: 3805
status: 200
cf-request-id: 056754748300002b126d284200000001
x-ms-lease-status: unlocked
last-modified: Fri, 11 Sep 2020 01:42:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: aa6d9383-901e-0096-7e0c-88319c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 5d8589cd9b0e2b12-FRA

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 201 KB
61 KB 26ms
5ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=4c137689869064519d0f9adbe85c4b23&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

381ac7658bb5b6e6190b63502a0260462bcd9e6ecaa0e1e732bc6099b40bbf39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.komando.com
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: PxtzPA7tWBMA58fSNqvuLA==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 62344
etag: "6012a07813a0d95124c58743cb59757d"
x-fb-debug: +fUgZyjKmvJRlIJShuCSeFvHNdHF3htQrWGzpF+fRJ2DbgfYCJORVo8UO7vUjJ5wNpnBCj3axC6RPhuPb5NrPQ==
x-fb-trip-id: 1460883810
x-fb-content-md5: c690e3172531c661f22b27e9afab8585
x-frame-options: DENY
date: Fri, 25 Sep 2020 14:47:04 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Sat, 25 Sep 2021 14:27:45 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWK6RF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 803
date: Fri, 25 Sep 2020 14:33:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Fri, 25 Sep 2020 16:33:41 GMT

GET
H2 200 5696.js Show response
script.crazyegg.com/pages/scripts/0092/ 4 KB
2 KB 13ms
12ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0092/5696.js?444735
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWK6RF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1301a4fd823a6b23ec99783585c7d947d18c86a10cd7257b21e1c13ed4a4642a

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: gzip
cf-cache-status: HIT
ce-version: 11.1.118
age: 9524
cf-polished: origSize=4550
status: 200
cf-request-id: 05675474df00000609b70a4200000001
last-modified: Fri, 25 Sep 2020 12:08:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
cf-ray: 5d8589ce3ea20609-FRA
cf-bgj: minify

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 135 KB
34 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: t.co
URL: https://t.co/qRabxaM6G5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34302
x-xss-protection: 0
pragma: public
x-fb-debug: WLZhSXMQrfmRbgsO7twkum0slwuj4kjmNvqwiXBUNE92RPvPMyZHtVX4dA9bezSCq4F5BDhfvDNS/93fZj58Yw==
x-fb-trip-id: 1460883810
x-frame-options: DENY
date: Fri, 25 Sep 2020 14:47:04 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK cookie Show response
d.pub.network/ 36 B
463 B 574ms
146ms XHR
text/plain 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/cookie
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 59287deead23ff71ce08f07896e2fb703503b6b218992254ef7529cfa67c70d6

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 14:47:05 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 53 KB
18 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8265c3ffbaeaa2e41134a2e567043ed5850e05247a8130a4650c20cb24402de9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "643 / 923 of 1000 / last-modified: 1601032280"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 17894
x-xss-protection: 0
expires: Fri, 25 Sep 2020 14:47:04 GMT

GET
H2 200 gallery.js Show response
freestar-io.videoplayerhub.com/ 125 KB
30 KB 40ms
23ms Script
application/javascript 2606:4700:20::ac43:4acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-io.videoplayerhub.com/gallery.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13553abbe7402dd8026d333399456a89b427c236c31d3aa84d455215e74257dc

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
via: 1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 5392
x-cache: Hit from cloudfront
status: 200
content-encoding: br
content-type: application/javascript
cf-request-id: 05675475100000176ead9ce200000001
last-modified: Thu, 24 Sep 2020 17:17:29 GMT
server: cloudflare
etag: W/"e4a0a03c1876ced2f6773347be344fd5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: .wD8rxbvyZ8ncs64C4i3GddM6vT9Abwl
cache-control: max-age=86400
x-amz-cf-pop: FRA2-C1
cf-ray: 5d8589ce8d5e176e-FRA
x-amz-cf-id: EKg3knmrXNkALBDqSWYR7CgQifzaNBilxuNh0dAmmghwJU_TvTHHQg==

GET
H2 200 prebid-analytics-3.26.12.js Show response
a.pub.network/core/ 413 KB
122 KB 39ms
39ms Script
text/html 2606:4700:20::ac43:443c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:443c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46fe925aebeb82c977cf241c08c4708f57641674f6f4065796cc4b454649b6ae

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: br
cf-cache-status: HIT
x-guploader-uploadid: ABg5-UxIz802srrdJd57Xy2JUbsAuSlY64M5WS7AscX_riPVF8hBgloQLNje57WED7pddv4UDH1izF8bZM-DQ4vx5QHMihQRFg
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
content-type: text/html
cf-request-id: 05675475100000d6f5d4347200000001
last-modified: Wed, 26 Aug 2020 18:54:36 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=o4JEAg==, md5=xNvwCSi8qTO4CMgYt+2Y2A==
x-goog-generation: 1598468076316093
cache-control: private, max-age=86400
x-goog-stored-content-length: 423274
cf-ray: 5d8589ce8aa5d6f5-FRA
expires: Fri, 24 Sep 2021 21:42:13 GMT

GET
H/1.1 200
OK location Show response
d.pub.network/ 66 B
504 B 567ms
140ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/location
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 49a3bdbf69279eee7040e5bb90d869df196f5ea2fb9a4ef6a9fe80c72dff8a59

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 14:47:05 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1 200
OK conf.js Show response
config.anyclip.com/anyclip-widget/config/komandocom/0011r00002HG7NL_1462/ 7 KB
8 KB 161ms
56ms Script
application/javascript 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://config.anyclip.com/anyclip-widget/config/komandocom/0011r00002HG7NL_1462/conf.js?cb=925149
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 633aeda2d57927567b195da28166cf7d5a619539c2a3dc4793a88d62ea9bbe25

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:04 GMT
Content-Encoding: UTF-8
Age: 112411
x-amz-meta-updatedby: yahalom@anyclip.com
Connection: keep-alive
Content-Length: 7047
x-amz-id-2: Aar7JDg+9hvkznvjpQXpianT+NXZn7IptUdfgakVGiWjMMW7BaMpeQrivPK2sSPlcynzdQFbNpE=
Last-Modified: Wed, 16 Sep 2020 11:29:10 GMT
Server: AmazonS3
x-amz-request-id: DY6Q1ZBH8X1M8G0Y
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-version-id: VxplPuldHc.gUbsTH07dwjjGaA1XDphf
Accept-Ranges: bytes
Content-Type: application/javascript;charset=UTF-8
X-LLID: 30b800ebed232b8b77a841f55d129357
Expires: Thu, 24 Sep 2020 07:34:33 GMT

GET
H/1.1 200
OK rules.js Show response
player.anyclip.com/anyclip-widget/lre-widget/sps-flow/ 474 B
959 B 63ms
62ms Script
application/javascript 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://player.anyclip.com/anyclip-widget/lre-widget/sps-flow/rules.js
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: bf8a3d71354828a837da5f234fdeab608b2e535b11b4851e89d75b1686686635

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:04 GMT
Content-Encoding: gzip
Age: 37675
x-amz-meta-sha256: bf8a3d71354828a837da5f234fdeab608b2e535b11b4851e89d75b1686686635
Connection: keep-alive
Content-Length: 216
x-amz-id-2: vSLogpMDrNBm2IYWcVta1K5bPOfmlqgU3XyVZfmtf8AdaIbQMGMC1MwXj+7MKU4F9xWaVaMycZc=
Last-Modified: Thu, 30 Apr 2020 15:11:24 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 2B575A414AE4DC7A
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-meta-s3b-last-modified: 20200430T151051Z
x-amz-version-id: Dnob.rNfaHkFPCA9eGou8IS.DrpBU9EH
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: e0cd7544ae3a07969fdf9b38148cb5b4
Expires: Fri, 25 Sep 2020 04:20:09 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 394ms
129ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=0&val=vjs&wnx=0&abc=&ty=wlo&v=0&ext=0&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 393ms
128ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?dom=www.komando.com&cke=true&lan=en-US&plat=Linux+x86_64&net=-&ver=js3.0.32.1.821&dev=desktop&os=MacOS&bw=Chrome%2C83&ua=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&ty=data&rt=4&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/a79128fe-d59a-42d8-9e14-0260245c83af/544e2fd0-57e1-4ac1-a1c1-d69d2056980e/ 77 KB
13 KB 46ms
43ms Fetch
application/x-javascript 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/a79128fe-d59a-42d8-9e14-0260245c83af/544e2fd0-57e1-4ac1-a1c1-d69d2056980e/en.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.6.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75f09c10bc7e746f5dd81f4b7c6c0a41c61977e622d0c92c946362e4cc279d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: JZHDM4Kk1VOGNyvp9hAK1w==
age: 5756
status: 200
cf-request-id: 05675475710000bed3893e7200000001
x-ms-lease-status: unlocked
last-modified: Wed, 23 Sep 2020 16:32:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 433b117a-b01e-0091-5de6-915dff000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 5d8589cf195fbed3-FRA

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 993dd9c705fd43f0ae68f0f6bd7dd6e40e1120a16327b21339f5da90bc238c28

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3-Q050 200 KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b6863771c330f7b6a857dbfee3959d8e8c61c0e34f1e9ba5f6f38268d05573d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:13:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:08 GMT
server: sffe
age: 365612
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11012
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:13:32 GMT

GET
BLOB 200
OK 5641116b-4146-492a-a8ca-7aae82a981d5
https://www.komando.com/ 429 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.komando.com/5641116b-4146-492a-a8ca-7aae82a981d5
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3d5535fc993e2a02b5523add7738f08a15fabac527da55db4834d64603e97e83

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 429

GET
BLOB 200
OK 0e7262ab-ed47-40d2-82b0-14e08960675c
https://www.komando.com/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.komando.com/0e7262ab-ed47-40d2-82b0-14e08960675c
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H2 200 11.1.118.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 99 KB
32 KB 22ms
22ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.118.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0092/5696.js?444735
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9417079952dbe5d1b1bc0bf209d04bcf97459ce3c271837b4d9c45a48e3ecfa

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:04 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 161545
cf-polished: origSize=105320
status: 200
cf-request-id: 05675475ca00000609b70b5200000001
last-modified: Mon, 14 Sep 2020 15:45:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
cf-ray: 5d8589cfaae00609-FRA
cf-bgj: minify

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
65 B 13ms
13ms XHR
text/plain 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=1358651&t=pageview&_s=1&dl=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&dr=https%3A%2F%2Ft.co%2FqRabxaM6G5&ul=en-us&de=UTF-8&dt=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1025496791&gjid=2049997966&cid=1333880291.1601045225&tid=UA-230639-2&_gid=1376617982.1601045225&_r=1&gtm=2wg9g1PWK6RF&z=988474611

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.komando.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 2818864641552220 Show response
connect.facebook.net/signals/config/ 524 KB
132 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2818864641552220?v=2.9.24&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f0b5290ffd7ebefe5bb9d7cde55f244efb5076db25b9b2a85b9d1b14f7972d25

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 134833
x-xss-protection: 0
pragma: public
x-fb-debug: o9JnFvgaMLVIs7jqphTUDV2iatzmldcIP9ADUanOZTbem6mf7NIHXPUsPu3PFvxTWgTIDVsj0dhrD7Gq2xcK3g==
x-fb-trip-id: 1460883810
x-frame-options: DENY
date: Fri, 25 Sep 2020 14:47:04 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ 135 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1632e13bb4b75973ab4e1ae7b45ebbcf3aae9dc050a24048d6875d6e3a466088

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 org Show response
mrb.upapi.net/ 21 KB
10 KB 36ms
17ms Script
application/javascript 2606:4700:20::ac43:464d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrb.upapi.net/org?o=5714937848528896&upapi=true
Requested by: Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:464d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 394ee880685b17bc2c3e8a5a628c4ddce428531b165836c0b5717c71d76faeb7

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
via: 1.1 google
cf-cache-status: HIT
age: 356
status: 200
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 056754764d00002bc2f4b96200000001
server: cloudflare
etag: W/"c1be2d710a898d640eb2197efebe33ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800, must-revalidate
cf-ray: 5d8589d07e3d2bc2-FRA

GET
H2 200 personalized-content Show response
www.komando.com/wp-json/komando/v1/ 84 B
689 B 385ms
385ms XHR
application/json 2606:4700::6812:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.komando.com/wp-json/komando/v1/personalized-content?_wpnonce=a00d41d97f&post_ids=null&current_post_id=755764

Requested by

Host: www.komando.com
URL: https://www.komando.com/wp-content/cache/autoptimize/js/autoptimize_31cd2dcd020668663b3824abe7f5215c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a860 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

e9e40f737e08ad5b6c7ec3d3ee2232ce91f00b1f4f753c79f5e8e4f74c1c4a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-powered-by: WP Engine
status: 200
cf-request-id: 05675476aa000096a42e9a6200000001
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
server: cloudflare
x-wp-nonce: a00d41d97f
x-wp-doingitwrong: wp_send_json (since 5.5.0; Return a WP_REST_Response or WP_Error object from your callback when using the REST API.)
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-NR-SAMPLE-PERCENT
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-robots-tag: noindex
cf-ray: 5d8589d11adc96a4-FRA
link: <https://www.komando.com/wp-json/>; rel="https://api.w.org/"
x-pass-why: custom-cookie

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/komando/ 212 KB
29 KB 289ms
206ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/komando/loader.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/wp-content/cache/autoptimize/js/autoptimize_31cd2dcd020668663b3824abe7f5215c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: obaker.88.1.2-10.358 /
Resource Hash: 2bd278e98ed3d2e4bf4e7afc91e6f519860d3eeaf9ba4d918d11637bda22eaf6

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: WO2Dp7boCNaYR8gCSi3VC7dLV3oFvROF
content-encoding: gzip
etag: "d9d52e4ec2af0877c5686eb8c63b5243d27e7302"
age: 0
x-cache: MISS
status: 200
content-length: 29299
x-amz-id-2: cfUel4l0GjTzVx9pQyp5jKk+JMAuBQmaPZ0WPeg54YFBG3iIvvBFi/E9Tnv2kJbDOIncYT3y2ko=
x-served-by: cache-fra19158-FRA
x-from-cache: 1
access-control-allow-origin: *
last-modified: Thu, 24 Sep 2020 17:01:20 UTC
server: obaker.88.1.2-10.358
x-timer: S1601045225.232901,VS0,VE167
date: Fri, 25 Sep 2020 14:47:05 GMT
vary: Accept-Encoding, Accept-Encoding
x-amz-request-id: D311CAE810B3EBE8
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 3
x-cache-hits: 0

GET
H/1.1 200
OK widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html
platform.twitter.com/widgets/ Frame F538 0
0 7ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.komando.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/418E) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 837962
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 25 Sep 2020 14:47:05 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Tue, 01 Sep 2020 17:58:17 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/418E)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 5825

GET
H2 204 event
api.stack-sonar.com/v1/ 0
100 B 414ms
146ms Image
text/plain 34.195.35.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.stack-sonar.com/v1/event?ts=1601045224460&_v=1.1.6&_c=stack-connect-wp&_a=d8d92097-4956-4278-a4fb-e4f90a0cbe03&_f=0&_u=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&_r=https%3A%2F%2Ft.co%2FqRabxaM6G5&_x=1&_l=https%3A%2F%2Fdeals.komando.com%2Fsales%2Fthe-complete-american-sign-language-master-class-bundle%3Futm_source%3Dkomando.com%26utm_medium%3Dreferral%26utm_campaign%3Dthe-complete-american-sign-language-master-class-bundle%26utm_term%3Dscsf-433501%26utm_content%3Da0x1P000004Y7oDQAS%26scsonar%3D1&_p=0&_z=1601045225147.1867366143&_y=1601045225147.1425628917&_t=1601045225&_s=send&_e=session-start
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.195.35.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-195-35-40.compute-1.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Fri, 25 Sep 2020 14:47:05 GMT
cache-control: no-cache, no-store, must-revalidate
server: nginx/1.14.1
vary: Origin

GET
H2 200 like.php
www.facebook.com/v4.0/plugins/ Frame B63D 0
0 55ms
54ms Document
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v4.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df239358928a34a8%26domain%3Dwww.komando.com%26origin%3Dhttps%253A%252F%252Fwww.komando.com%252Ff109249f9c2a418%26relation%3Dparent.parent&container_width=394&href=https%3A%2F%2Fwww.facebook.com%2Fkimkomando&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&width=

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=4c137689869064519d0f9adbe85c4b23&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /v4.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df239358928a34a8%26domain%3Dwww.komando.com%26origin%3Dhttps%253A%252F%252Fwww.komando.com%252Ff109249f9c2a418%26relation%3Dparent.parent&container_width=394&href=https%3A%2F%2Fwww.facebook.com%2Fkimkomando&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&width=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-xss-protection: 0
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
content-encoding: br
facebook-api-version: v4.0
x-content-type-options: nosniff
vary: Accept-Encoding
pragma: no-cache
content-type: text/html; charset="utf-8"
x-fb-debug: ziYYF+ok7sHYElYF926WQludJwslmN8tqz+cV5ZStzPEyWFqK5HGQ/aP79JT+Df2El900N9QYovITwI+UzWiQQ==
date: Fri, 25 Sep 2020 14:47:05 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 count.json Show response
api.pinterest.com/v1/urls/ 133 B
379 B 259ms
165ms Script
application/javascript 23.210.248.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pinterest.com/v1/urls/count.json?callback=WPCOMSharing.update_pinterest_count&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&_=1601045225078

Requested by

Host: www.komando.com
URL: https://www.komando.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.189 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-189.deploy.static.akamaitechnologies.com

Software

Resource Hash

167eefa83e1aa1374767855f64054dde21c967fc23cd0dfe4217aaa4cb02a7db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
x-content-type-options: nosniff
x-cdn: akamai
age: 0
status: 200
content-type: application/javascript
access-control-allow-origin: *
cache-control: private
x-envoy-upstream-service-time: 2
content-length: 133
x-pinterest-rid: 9741038844311420
expires: Fri, 25 Sep 2020 15:02:05 GMT

GET
H2 200 / Show response
graph.facebook.com/ 244 B
359 B 37ms
37ms Script
text/javascript 2a03:2880:f02d:e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&_=1601045225079

Requested by

Host: www.komando.com
URL: https://www.komando.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3dd816afb0837912182ae4135c970615b91ce0af138a385d69ee8115690798bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
status: 200
x-fb-rev: 1002724411
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 180
pragma: no-cache
x-fb-debug: GZycd+9JbqH5pv2+8quqhcOnDM8Gx2Nv5SEBBDKeyO46/ZTMQ888NnW/QblYOQ+kEZlCNOlq/jfXKuXnzFhK0w==
x-fb-trace-id: GJ2iJ1emybG
date: Fri, 25 Sep 2020 14:47:05 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AlmrV0fS8lqjKtW9ExWqOVh
cache-control: no-store
facebook-api-version: v3.1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
115 B 32ms
30ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=pinterest&r=0.6010788077532689
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 14:47:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 32ms
31ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.5244241313830245
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 14:47:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3-Q050 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/ 116 KB
41 KB 34ms
19ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b8e8b6c26d7b34cc48b04df5633f14745f22c06826c70ac7e5f3a226bfcb869

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 11:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 02 Aug 2020 22:35:54 GMT
server: sffe
age: 357814
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41995
x-xss-protection: 0
expires: Tue, 21 Sep 2021 11:23:31 GMT

GET
H3-Q050 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/ 119 KB
41 KB 28ms
15ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

521ceb171869c1862404b31bd4768200aa4c5a1cb53ab27bb8e9d4e08a424a32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 11:12:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 02 Aug 2020 22:35:54 GMT
server: sffe
age: 358467
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41259
x-xss-protection: 0
expires: Tue, 21 Sep 2021 11:12:38 GMT

GET
H2 200 subscribe_embed
www.youtube.com/ Frame 5BD7 0
0 54ms
54ms Document
text/html 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/subscribe_embed?usegapi=1&channel=kimkomandoshow&layout=default&theme=dark&count=hidden&origin=https%3A%2F%2Fwww.komando.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /subscribe_embed?usegapi=1&channel=kimkomandoshow&layout=default&theme=dark&count=hidden&origin=https%3A%2F%2Fwww.komando.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
strict-transport-security: max-age=31536000
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
x-content-type-options: nosniff
cache-control: no-cache
expires: Tue, 27 Apr 1971 19:44:06 GMT
content-length: 1614
content-type: text/html; charset=utf-8
content-encoding: br
date: Fri, 25 Sep 2020 14:47:05 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: YSC=Zg2t_Ga2p7s; path=/; domain=.youtube.com; secure; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Fri, 25-Sep-2020 15:17:05 GMT VISITOR_INFO1_LIVE=IcYoAIGDKZQ; path=/; domain=.youtube.com; secure; expires=Wed, 24-Mar-2021 14:47:05 GMT; httponly; samesite=None
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pubads_impl_2020091601.js Show response
securepubads.g.doubleclick.net/gpt/ 263 KB
92 KB 68ms
68ms Script
text/javascript 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

sffe /

Resource Hash

3be81ab15cc2905d3ef54418cd0fa664e85d19c4a5550e28b071a39bd1316070

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Sep 2020 08:40:34 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94378
x-xss-protection: 0
expires: Fri, 25 Sep 2020 14:47:05 GMT

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/6.6.0/assets/ 12 KB
4 KB 18ms
18ms Fetch
application/json 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.6.0/assets/otFlat.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.6.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae407e415a45b6c720d8d61fef8c28756883d0f546a64e7a2969d6174c669951

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Sep 2020 14:47:05 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: R7qOr1WClmhADOzbz5s+Bw==
age: 3269
status: 200
cf-request-id: 05675476f80000bed38904e200000001
x-ms-lease-status: unlocked
last-modified: Fri, 11 Sep 2020 01:41:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ab24967c-f01e-005b-070d-880176000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 5d8589d18b5abed3-FRA

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
87 B 29ms
29ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-230639-2&cid=1333880291.1601045225&jid=1025496791&gjid=2049997966&_gid=1376617982.1601045225&_u=YEBAAEAAAAAAAC~&z=776750290

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 25 Sep 2020 14:47:05 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.komando.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 35ms
31ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A8.8.2&blog=166923932&post=755764&tz=-7&srv=www.komando.com&host=www.komando.com&ref=https%3A%2F%2Ft.co%2FqRabxaM6G5&fcp=395&rand=0.6026939281011348
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 14:47:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H/1.1 200
OK button.e24f3bcdec527b80b9c80e88b62047c3.js Show response
platform.twitter.com/js/ 7 KB
3 KB 12ms
11ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.e24f3bcdec527b80b9c80e88b62047c3.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40B0) /
Resource Hash: da3e524928bcca821af2551eb6f9e9ae2449ceb48642cce4f2dae23383098537

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:05 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 17:58:08 GMT
Server: ECS (fcn/40B0)
Age: 838011
Etag: "2288bbd5e30b6dba457d3d615de9e136+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2295

GET
H2 200 update-user-data.html
widget-modal-popup-v2-prod.firebaseapp.com/ Frame 42D3 0
0 463ms
342ms Document
text/html 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://widget-modal-popup-v2-prod.firebaseapp.com/update-user-data.html?domain_id=VAkN2egYB1&uid=5381867c-7dd1-4045-9982-50c7bf41a5ff&language=en-US&profile=

Requested by

Host: sdk.jeeng.com
URL: https://sdk.jeeng.com/v3.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: widget-modal-popup-v2-prod.firebaseapp.com
:scheme: https
:path: /update-user-data.html?domain_id=VAkN2egYB1&uid=5381867c-7dd1-4045-9982-50c7bf41a5ff&language=en-US&profile=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
cache-control: max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
etag: "37c821f4e5a356fc27353b7ba6da1863cce689e0753f44bac5e094d0a7d80d4b"
last-modified: Mon, 10 Jun 2019 11:44:02 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Fri, 25 Sep 2020 14:47:05 GMT
x-served-by: cache-hhn4036-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1601045225.416557,VS0,VE305
vary: x-fh-requested-host, accept-encoding
content-length: 372

GET
H2 200 lokibot-malware.jpg
www.komando.com/wp-content/uploads/2020/09/ 132 KB
132 KB 81ms
77ms Image
image/jpeg 2606:4700::6812:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.komando.com/wp-content/uploads/2020/09/lokibot-malware.jpg
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a860 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5416bb3c019c4a5687c50ecb53535f402e8baaa3d24812d662e8d9cbd2a9d69b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
cf-cache-status: HIT
age: 53114
status: 200
content-length: 135250
cf-request-id: 0567547743000096a42e9ab200000001
last-modified: Thu, 24 Sep 2020 21:37:14 GMT
server: cloudflare
etag: "5f6d118a-21052"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 5d8589d20b8a96a4-FRA
cf-bgj: h2pri

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
106 B 71ms
70ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-230639-2&cid=1333880291.1601045225&jid=1025496791&_u=YEBAAEAAAAAAAC~&z=2106679891

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 31ms
29ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-230639-2&cid=1333880291.1601045225&jid=1025496791&_u=YEBAAEAAAAAAAC~&z=2106679891

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 code Show response
mrb.upapi.net/ 710 KB
225 KB 59ms
58ms Script
application/javascript 2606:4700:20::ac43:464d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrb.upapi.net/code?w=5715376530784256&upapi=true
Requested by: Host: mrb.upapi.net
URL: https://mrb.upapi.net/org?o=5714937848528896&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:464d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52d1fa8a9ebff6670209bdaf47bafa374eb128a7c83a73d372f5538fbaa2e6e1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
via: 1.1 google
cf-cache-status: HIT
age: 297
status: 200
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 056754775800002bc2f4baa200000001
server: cloudflare
etag: W/"1e4b92d725f13691728721882c009b60"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800, must-revalidate
cf-ray: 5d8589d22aa92bc2-FRA

GET
H2 200 /
www.facebook.com/tr/ 44 B
235 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2818864641552220&ev=PageView&dl=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&rl=https%3A%2F%2Ft.co%2FqRabxaM6G5&if=false&ts=1601045225379&sw=1600&sh=1200&v=2.9.24&r=stable&ec=0&o=30&fbp=fb.1.1601045225378.55958500&it=1601045224976&coo=false&rqm=GET

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 14:47:05 GMT

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 postmessageRelay
accounts.google.com/o/oauth2/ Frame 6618 0
0 88ms
65ms Document
text/html 2a00:1450:4001:821::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.komando.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-o3fMcT3T4wis2iqDfnjkIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.komando.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=204=UFDjS2ZiYqNvbe0--fdaEuJblXNcbrR9tVJSVOb7xJbjCoRGKoZ_TQ8_K8mCM_40lzz4a6kaA9TE1V_5O3kEfvJrtUNmZG04E5YTLmyhFwTBR9kRfOGmaISi5_YYH7mLcFcjX_6Mdr9P_2jgZELpavPnxHRC4r3-CvLEg_1KALk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 25 Sep 2020 14:47:05 GMT
content-security-policy: script-src 'report-sample' 'nonce-o3fMcT3T4wis2iqDfnjkIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

HEAD
H/1.1 200
OK advertising.js
assets.anyclip.com/anyclip-widget/lre-widget/assets/js/ 0
0 161ms
62ms Fetch
application/javascript 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/js/advertising.js
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:05 GMT
Age: 5158
Connection: keep-alive
Content-Length: 32
x-amz-id-2: Yn4PqvXDRmtC3XYcVYiT+WKUApb5/kz734gzN/yKLOPfA5jpkfju2J1DavNDh8lSfp9IidMvOEo=
Last-Modified: Mon, 10 Dec 2018 11:26:45 GMT
Server: AmazonS3
x-amz-request-id: 6NFR2MCN9PDT8WDJ
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 17:21:07 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: yQR7I__mdWlTGiugUbenyyFFuDDzo_a4
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: a60336bd7779047714f669364895c1cc
x-amz-meta-s3b-last-modified: 20181210T110233Z

HEAD
H2 200 ima3.js
imasdk.googleapis.com/js/sdkloader/ 0
0 112ms
39ms Fetch
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 25 Sep 2020 14:47:05 GMT

GET
H/1.1 200
OK 362290
vid.springserve.com/vast/ 22 B
0 288ms
63ms Fetch
application/xml 34.249.58.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/362290
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.58.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-58-234.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:05 GMT
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 22

HEAD
H2 200 loader.js
imasdk.googleapis.com/js/sdkloader/ 0
0 89ms
17ms Fetch
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/loader.js

Requested by

Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:44:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 23 Sep 2020 23:32:11 GMT
server: sffe
age: 159
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18664
x-xss-protection: 0
expires: Fri, 25 Sep 2020 14:59:26 GMT

HEAD
H2 200 client.js
s0.2mdn.net/instream/video/ 0
0 77ms
7ms Fetch
text/javascript 2a00:1450:4001:81c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 25 Sep 2020 14:47:05 GMT

HEAD
H2 200 bridge3.377.0_en.html
imasdk.googleapis.com/js/core/ 0
0 89ms
18ms Fetch
text/html 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://imasdk.googleapis.com/js/core/bridge3.377.0_en.html
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

HEAD
H2 400 /
lreprx-server.anyclip.com/ 0
0 399ms
130ms Fetch
text/html 34.204.157.1
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lreprx-server.anyclip.com/?
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.204.157.1 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-204-157-1.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
x-powered-by: Express
etag: W/"12-aYDwc8aOzxQtGy9nc7j5YT71TdA"
status: 400
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 18

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 130ms
129ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=716&val=0&wnx=0&abc=&ty=blo&v=0&ext=0&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK follow_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
platform.twitter.com/widgets/ Frame D013 0
0 9ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40B0) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 838008
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 25 Sep 2020 14:47:05 GMT
Etag: "ddc15fa67e38644c860f8d9dba000a69+gzip"
Last-Modified: Tue, 01 Sep 2020 17:58:09 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40B0)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 13677

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 108 KB
28 KB 130ms
31ms Script
application/javascript 99.86.240.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.180 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-180.vie50.r.cloudfront.net
Software: Server /
Resource Hash: 02a2079808b1d062ff16a7d19627e9ee4a94f989aa879d9f81333364fa5a8ea0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:10:26 GMT
content-encoding: gzip
server: Server
age: 5798
etag: 7332ce399a8e629a25d60312745ef936
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: B5GCcCLSUmq8Qs7sCCBr_n7G3gEpZvCsxiPTCI3qbs_8GOhpx3_S7A==
via: 1.1 c2756f406c0dc2bb176f6e2181d7607e.cloudfront.net (CloudFront)

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
491 B 118ms
38ms Image
image/x-icon 216.58.208.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.208.38 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s12-in-f38.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 05:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34897
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 26 Sep 2020 05:05:28 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
627 B 57ms
38ms Image
image/gif 2606:4700:20::681a:246
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.466292930833085
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
via: 1.1 a7dcca466407f1871feceef50bc84272.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 6486
x-cache: Hit from cloudfront
status: 200
content-type: image/gif
content-length: 43
cf-request-id: 056754789f00002bc2ed24f200000001
last-modified: Thu, 27 Jul 2017 18:59:05 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=86400
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 5d8589d43fdb2bc2-FRA
x-amz-cf-id: zx5or2QQz0UItFDMtwaIOBc4eiC9w6ElSPb05w8jTHIHaP1qWucf7A==

GET
H2 200 load.js Show response
widget.perfectmarket.com/komando/ 3 KB
1 KB 308ms
223ms Script
application/javascript 151.101.113.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/komando/load.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/komando/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.181 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61fbc34f91d8af09b7d8434e27d4f7f12fdfae8311d2d26d0eea187ad16c4dd6

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: zbbQXN6FX1TkmBGibAJpQk24j4NgmgPf
content-encoding: gzip
etag: "831b8a927926b7ec203a2adfe80150fc"
age: 0
x-cache: HIT, MISS
status: 200
content-length: 1097
x-amz-id-2: 9sXYLSXAAFJPtiDA+kybWqDhmEAy700LI5rQCrZWMO/pF+lo/mOjKK4pir8RpFDwo1IDtHENn90=
x-served-by: cache-lax8651-LAX, cache-hhn4070-HHN
last-modified: Mon, 30 Mar 2020 06:23:42 GMT
server: AmazonS3
x-timer: S1601045226.775817,VS0,VE177
date: Fri, 25 Sep 2020 14:47:05 GMT
vary: Accept-Encoding,,
x-amz-request-id: 6639671747E3F50A
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=300
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 1, 0

GET
H2 200 impl.20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT.js Show response
cdn.taboola.com/libtrc/ 443 KB
125 KB 60ms
48ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/komando/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3dacca5a57f24880dc26f2b9538d55d7688417e82d30cf21253c7c75f780afbd

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: r40PMd1k6BxOePEfHNBe51W4kTPXPU1O
content-encoding: gzip
etag: "1ca0a9317cbbec4664c1227a769ca9be"
age: 50
x-cache: HIT
status: 200
x-amz-replication-status: FAILED
content-length: 128064
x-amz-id-2: 8hSwlbjEUQAJUkdtbYHgtaZp1Xyb0mb1Tm4faKaiZOPKLwKANq6JNz09gZmXGeq64RGtwheZwlI=
x-served-by: cache-fra19158-FRA
last-modified: Thu, 24 Sep 2020 15:12:19 GMT
server: AmazonS3
x-timer: S1601045226.698089,VS0,VE0
date: Fri, 25 Sep 2020 14:47:05 GMT
vary: Accept-Encoding
x-amz-request-id: BNES1K6W3NBY5Y1J
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 58
x-cache-hits: 6

GET
H2 200 vv.20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT.js Show response
cdn.taboola.com/libtrc/ 11 KB
4 KB 89ms
78ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/vv.20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/komando/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 460cfd89e017dfe6bb1e17a20833c0f144e3896a2923ea88da68862ab8a68fd9

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: r0FrK_AaiwTLMcZrCo8Xa6wOycllxq6y
content-encoding: gzip
etag: "0a5b5f20236c746d077beb6d30ee4a84"
age: 23139
x-cache: HIT
status: 200
x-amz-replication-status: FAILED
content-length: 3925
x-amz-id-2: 92VdPluQ38MAMMsbKEmQbBRi70GqRUcP4mLkEQiZjPy4LmPtDLqVkC/xfdCuR022mBFDlVL4iE4=
x-served-by: cache-fra19158-FRA
last-modified: Thu, 24 Sep 2020 15:12:26 GMT
server: AmazonS3
x-timer: S1601045226.698112,VS0,VE1
date: Fri, 25 Sep 2020 14:47:05 GMT
vary: Accept-Encoding
x-amz-request-id: 5C5879CC932C68FF
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 58
x-cache-hits: 1

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 113ms
34ms Script
application/x-javascript 2.19.34.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/komando/loader.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.34.195 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-19-34-195.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:05 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Sat, 26 Sep 2020 14:47:05 GMT

GET
H2 200 tr5
cdn.taboola.com/libtrc/ 3 B
80 B 57ms
48ms Image
text/html 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/tr5?abgroup=cta2_var
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1601045226.698108,VS0,VE0
x-served-by: cache-fra19158-FRA
x-cache: HIT
content-type: text/html
status: 200
cache-control: private,max-age=14400
accept-ranges: bytes
content-length: 3
retry-after: 0
x-cache-hits: 0

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 606 B
1 KB 145ms
70ms XHR
application/json 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

5e7bc8baff05453b58bdd1f86b27cf11f303992876b1269b3e8cddab2b8948e9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 25 Sep 2020 14:47:05 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.149:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d67b980f-9597-4354-998e-37a9511a8501
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 prebid Show response
ads.yieldmo.com/exchange/ 0
225 B 234ms
72ms XHR
text/plain 54.76.222.161
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/exchange/prebid?p=%5B%7B%22placement_id%22%3A%22Komando_Adhesion%22%2C%22callback_id%22%3A%2281136b0b09dd02%22%2C%22sizes%22%3A%5B%5B1%2C1%5D%2C%5B728%2C90%5D%2C%5B970%2C90%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%2C%7B%22placement_id%22%3A%22Komando_Leaderboard_1%22%2C%22callback_id%22%3A%22912d079cab54dc%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%2C%7B%22placement_id%22%3A%22Komando_Right_Rail_1%22%2C%22callback_id%22%3A%22101d51ea3d6e456%22%2C%22sizes%22%3A%5B%5B300%2C600%5D%2C%5B160%2C600%5D%2C%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%2C%7B%22placement_id%22%3A%22Komando_Right_Rail_3%22%2C%22callback_id%22%3A%221196d4a132aa6a%22%2C%22sizes%22%3A%5B%5B300%2C600%5D%2C%5B160%2C600%5D%2C%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%2C%7B%22placement_id%22%3A%22Komando_Right_Rail_4%22%2C%22callback_id%22%3A%22122b26374146735%22%2C%22sizes%22%3A%5B%5B300%2C600%5D%2C%5B160%2C600%5D%2C%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%5D&page_url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&bust=1601045225733&pr=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&scrd=1&dnt=false&e=0&description=If%20your%20device%20is%20infected%20with%20Lokibot%20malware%2C%20kiss%20your%20credit%20cards%20goodbye.%20This%20keylogger%20can%20capture%20everything%20you%20type.&title=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3Afalse%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=c561b01c-8c23-4912-9f33-6993faec2057&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.222.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-222-161.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:05 GMT
status: 204
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
x-robots-tag: none,NOINDEX,NOFOLLOW
access-control-request-headers: Cache-Control, Pragma

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 613 B
1 KB 236ms
156ms XHR
application/json 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

62c1de725ef9c7f25dde6c3a6a0d6f63a08fa178a301cc6ae49535f410af1c4f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 25 Sep 2020 14:47:05 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.13:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 1cc81a58-e275-4e94-985a-557adac48eed
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 245ms
89ms XHR
text/plain 52.28.154.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=9MEQZN2deHJrCcpvbkL54Zkc&bidId=20c7059a4622d75&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.154.93 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-154-93.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 14:47:05 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 298ms
143ms XHR
text/plain 52.28.154.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=NsczxcWw93Nv4keUqcRTu8gR&bidId=21259a5d0bb5969&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.154.93 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-154-93.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 14:47:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 250ms
95ms XHR
text/plain 52.28.154.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=KYVqfjZMQtN1DsZXVKCAPhr2&bidId=2221cfdf86a0d31&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.154.93 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-154-93.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 14:47:05 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 240ms
85ms XHR
text/plain 52.28.154.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=NsczxcWw93Nv4keUqcRTu8gR&bidId=233d22b272ee65b&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.154.93 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-154-93.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 14:47:05 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 329ms
174ms XHR
text/plain 52.28.154.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=KYVqfjZMQtN1DsZXVKCAPhr2&bidId=24e3828dfedfdce&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.154.93 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-154-93.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 14:47:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 239ms
84ms XHR
text/plain 52.28.154.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=NsczxcWw93Nv4keUqcRTu8gR&bidId=25bb0c64cb58685&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.154.93 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-154-93.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 14:47:05 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 294ms
140ms XHR
text/plain 52.28.154.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=KYVqfjZMQtN1DsZXVKCAPhr2&bidId=26108c849004839&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.154.93 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-154-93.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 14:47:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
426 B 207ms
56ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
cf-ray: 5d8589d61a220c05-AMS
access-control-allow-headers: Content-Type, Origin
cf-request-id: 05675479d100000c0527263200000001

POST
H2 200 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 456 B
641 B 55ms
19ms XHR
application/json 2a02:fa8:8806:13::1460
VCLK-EU-

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:fa8:8806:13::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: dec2e854df79e4357c644c86cadc33cffe2deb609ae07c5e35352ec56034f614

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:05 GMT
server: nginx
status: 200
content-type: application/json
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
content-length: 456
expires: 0

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
477 B 322ms
181ms XHR
application/json 3.120.51.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=3.26.0&referrer=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tmax=1200&gdpr=false

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.120.51.72 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-120-51-72.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:06 GMT
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.komando.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 302 B
781 B 217ms
53ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=2&alt_size_ids=55%2C221&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=dacf34eb-1dc9-4706-9707-81e488da2072&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.15904532641137337
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: dd98b5d85e778d1de4a79ed200de88f6af81234db54d4671213bb3106e221cd7

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:05 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 302
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 282 B
761 B 223ms
53ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=2&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=c9be4c23-cfc8-4a3b-8602-4c6bb6ec0658&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.14174670706479908
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: a981bef86d746674a68718b4ea57eb04f1095f62ce2d1f4bda736a73d456e6fe

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:05 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 282
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 305 B
784 B 210ms
38ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=15&alt_size_ids=9%2C10&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=964429ce-1d9b-4745-8926-bc07a340c24f&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.06432200807077915
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: d247ec7bcf9f52fcd857500ab9ee7dabbb36784e92d8f3cd1feb567b914cdb86

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:05 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 305
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 305 B
784 B 229ms
53ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=15&alt_size_ids=9%2C10&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=32618a69-0dde-45ea-a4c7-263bfdbb7cb8&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9304669918745143
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 0358fdd4584557323d22352335dda6824cbb326920c16d5036067dbfed267292

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:05 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 305
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 305 B
784 B 233ms
49ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=15&alt_size_ids=9%2C10&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=9ce9917e-039f-49d6-b57f-e9da9d9f6056&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.4634054344601246
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 02dff311505ad8415a644560e02c12306cffdb991f6f9475a384959f9b031d37

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:05 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 305
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
8 KB 12ms
7ms Script
application/javascript 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 403bfa21e733c139da9d7d87c48fa0ebbed91514fbbadf34cbc455294a004389

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
content-encoding: gzip
etag: "M/QWkfLVS4vR+GrkCudkBg=="
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Fri, 02 Oct 2020 14:47:05 GMT

GET
H2 200 bxl.js Show response
hbx.media.net/ 23 KB
9 KB 245ms
109ms Script
text/javascript 2.18.68.31
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=www.komando.com&version=&https=1

Requested by

Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.68.31 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-68-31.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b467fa0e89f2d2a1d13af1205994f32f9ece948559b32f966e719edcf8c90c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Fri, 25 Sep 2020 14:47:06 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=86400
content-length: 8896
x-mnet-hl2: E
expires: Sat, 26 Sep 2020 14:47:06 GMT

GET
H2 200 pubfig.messaging.2.1.2.js Show response
a.pub.network/core/ 196 KB
52 KB 45ms
42ms Script
text/javascript 2606:4700:20::ac43:443c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:443c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6883ce59605b04b6c6782ba17cb02dae671c9228e429ced6c1ab1171a38e12a1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:05 GMT
content-encoding: br
cf-cache-status: HIT
x-guploader-uploadid: ABg5-UzlCZQbHEcuhmKxmG6SCdiALbP0Gf7LFvp1VD5Cq7Xa2dKRhh1rZE7LldyNNB6PESWRgntNy8eiwSF0OfO26tLQV-DwDg
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-type: text/javascript
cf-request-id: 056754796b0000d6f5d4397200000001
last-modified: Thu, 21 May 2020 18:48:40 GMT
server: cloudflare
etag: W/"a191b1edb3810d2c6bbd73bfed144567"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=ZRmSfw==, md5=oZGx7bOBDSxrvXO/7RRFZw==
x-goog-generation: 1590086920350282
cache-control: private, max-age=1800
x-goog-stored-content-length: 200438
cf-ray: 5d8589d57bbad6f5-FRA
expires: Fri, 24 Sep 2021 21:42:12 GMT

GET
H2 200 pv Show response
backend.upapi.net/ 0
108 B 291ms
182ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://backend.upapi.net/pv?pid=MiJCEBO4&br=chrome&sid=6SmKunXOVt&w=5715376530784256&cv=14b17a51-v2&r=false&upapi=true
Requested by: Host: mrb.upapi.net
URL: https://mrb.upapi.net/code?w=5715376530784256&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 14:47:06 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: https://www.komando.com
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2 200 entities Show response
users.api.jeeng.com/ 236 B
445 B 2889ms
2866ms XHR
application/json 2a02:26f0:6c00::210:bb43
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://users.api.jeeng.com/entities?url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&domain_id=VAkN2egYB1&read_only=false
Requested by: Host: sdk.jeeng.com
URL: https://sdk.jeeng.com/v3.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:bb43 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Google Frontend / Express
Resource Hash: a05b6b902fc0110a35204d05a8360b0fcff6bf23859f7fca952444bf6184b248

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:08 GMT
etag: W/"ec-Sgdujy0zDXxAtyqjVjI7pGazUMg"
server: Google Frontend
x-powered-by: Express
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 630bf74946d98779931d57fe0375e349
cache-control: max-age=3597
content-length: 236

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 132 B
515 B 218ms
215ms XHR
text/javascript 99.86.240.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&pr=https%3A%2F%2Ft.co%2FqRabxaM6G5&pid=MqNUEuvGnk4QI&cb=0&ws=1600x1200&v=7.54.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%221x1%22%2C%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Adhesion%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Leaderboard_1%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Right_Rail_1%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Right_Rail_3%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Right_Rail_4%22%7D%5D&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.180 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-180.vie50.r.cloudfront.net
Software: Server /
Resource Hash: baccc36f4643b5739459f6075bbe88ef37d443e9c6a87e7b9f5c617774732094

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:06 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: VIE50-C1
status: 200
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 137
via: 1.1 c2756f406c0dc2bb176f6e2181d7607e.cloudfront.net (CloudFront)
x-amz-cf-id: vuaG7OfkyM87tuXJB0fk9B2k4XYV8ZVNRwGR4OxvzinBlKz3vPfP7Q==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 93ms
27ms XHR
application/javascript 99.86.240.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.180 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-180.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 06:29:27 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 29860
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Wed, 09 Sep 2020 11:16:19 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 93f2a781416975f99355acc4c81d60d2.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: M-F0J9iwva8RbCLcdD6uEQI0iiHCc6q64vHRSVx-F3ABpYtJXPKfIg==

POST
H2 200 /
www.facebook.com/tr/ 0
48 B 8ms
7ms Other
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarycc0YiHIEoeUdxK6A

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 25 Sep 2020 14:47:05 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1601045225950&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F...
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1601045225950&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2...

0
528 B

34ms
34ms

Image
text/plain

2.19.34.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1601045225950&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=https%3A%2F%2Ft.co%2FqRabxaM6G5&cs_ak_ss=1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.34.195 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-19-34-195.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:06 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1601045225950&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=https%3A%2F%2Ft.co%2FqRabxaM6G5&cs_ak_ss=1
Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:05 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601045225956&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fww...
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601045225956&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fw...

0
528 B

34ms
33ms

Image
text/plain

2.19.34.195
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601045225956&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=https%3A%2F%2Ft.co%2FqRabxaM6G5&cs_ak_ss=1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.34.195 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-19-34-195.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:06 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601045225956&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=https%3A%2F%2Ft.co%2FqRabxaM6G5&cs_ak_ss=1
Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:06 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
trc.taboola.com/komando/trc/3/ 27 KB
10 KB 507ms
443ms Script
application/javascript 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/trc/3/json?tim=16%3A47%3A06.149&lti=cta2_var&data=%7B%22id%22%3A377%2C%22ii%22%3A%22%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1600955214397%2C%22vi%22%3A1601045226133%2C%22cv%22%3A%2220200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22pev%22%3A3798%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22e%22%3A%22https%3A%2F%2Ft.co%2FqRabxaM6G5%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A4474%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A10%2C%22uim%22%3A%22alternating-thumbnails-rr%3Aabp%3D0%22%2C%22uip%22%3A%22Alternating%20Right%20Rail%20Thumbnails%22%2C%22orig_uip%22%3A%22Alternating%20Right%20Rail%20Thumbnails%22%2C%22cd%22%3A1841.90625%2C%22mw%22%3A320%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A8%2C%22uim%22%3A%22thumbnails-b%3Aabp%3D0%22%2C%22uip%22%3A%22Right%20Rail%20Thumbnails%22%2C%22orig_uip%22%3A%22Right%20Rail%20Thumbnails%22%2C%22cd%22%3A1841.90625%2C%22mw%22%3A320%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22cta2_var%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 45fbc6c05dc98ede6c39981e157a346b0a120d7705cf6bc9b1dd971a6e4faf02

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 410
date: Fri, 25 Sep 2020 14:47:06 GMT
content-encoding: gzip
access-control-allow-origin: *
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 200
x-served-by: cache-hhn4044-HHN
server: nginx
x-timer: S1601045226.231053,VS0,VE410
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
166 B 165ms
165ms Image
image/gif 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22kimkomando%22%2C%22widget_creator_screen_name%22%3A%22kimkomando%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22l%3Awithcount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1601045226159%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22219d021%3A1598982042171%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22follow%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 118
pragma: no-cache
last-modified: Fri, 25 Sep 2020 14:47:06 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: bfff43ccbedc8d4e479e7a22820c9708
x-transaction: 00acbb4d00fa630c
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
168 B 17ms
16ms Script
application/javascript 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.komando.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 14:47:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
168 B 15ms
15ms Script
application/javascript 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.komando.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 14:47:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 261 KB
27 KB 750ms
708ms XHR
text/plain 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4006302023472830&correlator=501152159968454&output=ldjh&impl=fifs&vrg=2020091601&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200925&iu_parts=15184186%2CKomando_Adhesion%2CKomando_Leaderboard_1%2CKomando_Right_Rail_1%2CKomando_Right_Rail_3%2CKomando_Right_Rail_4&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=1x1%7C728x90%7C970x90%2C728x90%2C300x600%7C160x600%7C300x250%2C300x600%7C160x600%7C300x250%2C300x600%7C160x600%7C300x250&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0&eri=1&cust_params=referrer%3Dtwitter%26user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1601045226&dt=1601045226217&dlt=1601045224378&idt=1189&frm=20&biw=1600&bih=1200&oid=3&adxs=800%2C180%2C1080%2C1079%2C1079&adys=1199%2C944%2C1106%2C2439%2C3162&adks=1494144272%2C2773792623%2C2252915286%2C2269316213%2C2252560996&ucis=1%7C2%7C3%7C4%7C5&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&ref=https%3A%2F%2Ft.co%2FqRabxaM6G5&dssz=72&icsg=2315321292&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x-1%7C1263x112%7C322x626%7C320x600%7C320x600&msz=1600x-1%7C1241x90%7C320x620%7C320x600%7C320x600&ga_vid=1333880291.1601045225&ga_sid=1601045226&ga_hid=1358651&fws=516%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

49ddcc778de9283a8d54134e28b366b39c95e754cab856a5473f591222bb24de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27089
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
6deaf63485e83e86dc13f33f3b176636.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 47ms
14ms Other
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://6deaf63485e83e86dc13f33f3b176636.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 6ms
5ms Other
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 rules-p-UeXruRVtZz7w6.js Show response
rules.quantcount.com/ 2 KB
1 KB 59ms
17ms Script
application/x-javascript 2600:9000:206e:d400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:d400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:24:20 GMT
content-encoding: gzip
last-modified: Thu, 07 Dec 2017 17:06:25 GMT
server: AmazonS3
age: 1367
etag: W/"cbc97d16c77ea1fcbbf42d246001e982"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: 6O0i7tUuvmjNSV5FwiU0cfrEdUMV1u-SYlhXDKeWguxlxgCOfgsoZA==
via: 1.1 19e8b9893b6330d5d62599a448aea7db.cloudfront.net (CloudFront)

GET
H/1.1

200
OK

Cookie set iu3
aax-eu.amazon-adsystem.com/s/ Frame 9D38
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t

0
0

217ms
217ms

Document
text/html

52.95.124.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.124.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A4BXUYhzUEvhnPsxQC7znaA|t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Server: Server
Date: Fri, 25 Sep 2020 14:47:06 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 203
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie: ad-id=A4BXUYhzUEvhnPsxQC7znaA; Domain=.amazon-adsystem.com; Expires=Thu, 01-Apr-2021 14:47:06 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Wed, 01-Oct-2025 14:47:06 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

Redirect headers

Server: Server
Date: Fri, 25 Sep 2020 14:47:06 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t
Set-Cookie: ad-id=A4BXUYhzUEvhnPsxQC7znaA|t; Domain=.amazon-adsystem.com; Expires=Thu, 01-Apr-2021 14:47:06 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: User-Agent

GET
H2 200 pmk-202003261.3.js Show response
widget.perfectmarket.com/komando/ 123 KB
33 KB 36ms
35ms Script
application/javascript 151.101.113.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/komando/pmk-202003261.3.js
Requested by: Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/komando/load.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.181 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdc6f35981582b0bb0423b70243eac10776c99215aaa26dede1b002555215e99

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: YhuGJjURZcrX1KZYhHO4_Ttv7PP3uqxa
content-encoding: gzip
etag: "b260aa8e83f78718a8ac4ccd94927248"
age: 15495801
x-cache: HIT, HIT
status: 200
content-length: 33475
x-amz-id-2: +VW0umj+V3gU9R6cX+XRiQsT3v6VjNYdH83nGJoW/Y/BNdOq/EENOnjlJHQK5x+CbY0wktAbi8g=
x-served-by: cache-lax8651-LAX, cache-hhn4070-HHN
last-modified: Mon, 30 Mar 2020 06:23:41 GMT
server: AmazonS3
x-timer: S1601045226.299711,VS0,VE0
date: Fri, 25 Sep 2020 14:47:06 GMT
vary: Accept-Encoding,,
x-amz-request-id: 684F1121138BDF42
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 2, 2

GET
H2 200 checksync.php
hbx.media.net/ Frame 2E3E 0
0 59ms
59ms Document
text/html 2.18.68.31
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/checksync.php?&vsSync=1&cs=17&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C226%2C10000&refUrl=https%3A%2F%2Ft.co%2FqRabxaM6G5&usp_status=0&usp_consent=1&https=1&gdpr=1&gdprconsent=2

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=www.komando.com&version=&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.68.31 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-68-31.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: hbx.media.net
:scheme: https
:path: /checksync.php?&vsSync=1&cs=17&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C226%2C10000&refUrl=https%3A%2F%2Ft.co%2FqRabxaM6G5&usp_status=0&usp_consent=1&https=1&gdpr=1&gdprconsent=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Mon, 29 Mar 2021 14:47:06 GMT; domain=.media.net; Path=/; sameSite=none; secure=true visitor-id=2440468261765106000V10; Expires=Sat, 25 Sep 2021 14:47:06 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=26687
expires: Fri, 25 Sep 2020 22:11:53 GMT
date: Fri, 25 Sep 2020 14:47:06 GMT
content-length: 6817

GET
H2 200 pixel;r=1265289849;labels=title.Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet;rf=0;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keyl...
pixel.quantserve.com/ 35 B
371 B 26ms
24ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1265289849;labels=title.Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet;rf=0;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F;ref=https%3A%2F%2Ft.co%2FqRabxaM6G5;fpan=1;fpa=P0-1129707095-1601045226330;ns=0;ce=1;qjs=1;qv=4f9b77f5-20200917130726;cm=;gdpr=0;d=komando.com;je=0;sr=1600x1200x24;enc=n;dst=1;et=1601045226330;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet%2Cdescription.If%20your%20device%20is%20infected%20with%20Lokibot%20malware%252C%20kiss%20your%20credit%20cards%20goodbye%252E%2Curl.https%3A%2F%2Fwww%252Ekomando%252Ecom%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F%2Csite_name.Komando%252Ecom%2Cimage.https%3A%2F%2Fwww%252Ekomando%252Ecom%2Fwp-content%2Fuploads%2F2020%2F09%2Flokibot-malware%252Ejpg%2Cimage%3Awidth.1200%2Cimage%3Aheight.675

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:06 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
status: 200
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 cta-branding.js Show response
cdn.taboola.com/demand-formats/cta-branding/ 14 KB
3 KB 41ms
41ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8545e4ac13ffdd710cf8d0922c6a80ae3cc7ece72eb330133f46757814c4c5be

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: n1xEEz9IIiJxOUuV6fZe.t0kkFnhqzGy
content-encoding: gzip
etag: "180c81ca63f5066e4c1aebf298d778fe"
age: 25308
x-cache: HIT
status: 200
x-amz-replication-status: COMPLETED
content-length: 3165
x-amz-id-2: k8Rckp5d9hqw627NI1tI0KSDQy2mXHF5he0bo1tvQKXaTt0gy+7zsUOjqLuWBXbpIdZpsa2oHpQ=
x-served-by: cache-fra19158-FRA
last-modified: Wed, 09 Sep 2020 07:43:37 GMT
server: AmazonS3
x-timer: S1601045227.692726,VS0,VE0
date: Fri, 25 Sep 2020 14:47:06 GMT
vary: Accept-Encoding
x-amz-request-id: CFA6FDA4A3EF2F4C
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 83
x-cache-hits: 811

GET
H2 200 cta-branding.css
cdn.taboola.com/demand-formats/cta-branding/ 2 KB
843 B 42ms
41ms Stylesheet
text/css 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.css
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6a85bdd389762c5c321e6f3e5b6ce160e1a0c529e15e078827101c826dad81b6

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: uEZaGCcrHXQ9WG2z6s8IZ6bIIfP95rhl
content-encoding: gzip
etag: "7f135d3588974a9a2cbf9fcdfa471279"
age: 25326
x-cache: HIT
status: 200
x-amz-replication-status: COMPLETED
content-length: 579
x-amz-id-2: rTz8RBQQ6vAnbVqSoHjQxBXm491+1CsqYh32pAPdRVraBuwQ27QjhI6tcuYIFbS9gHp1ZOjbLHM=
x-served-by: cache-fra19158-FRA
last-modified: Wed, 09 Sep 2020 07:43:36 GMT
server: AmazonS3
x-timer: S1601045227.692651,VS0,VE0
date: Fri, 25 Sep 2020 14:47:06 GMT
vary: Accept-Encoding
x-amz-request-id: BB8EF748FF09D10F
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: text/css
abp: 83
x-cache-hits: 815

GET
H2

200

rtb-h
match.taboola.com/sg/mediaforcebidder-network/1/ Frame FFFA
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=taboola
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=a8563797-2904-4f54-b938-011b7056c592
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=a8563797-2904-4f54-b938-011b7056c592&tbid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&query=taboola_hm%3Da8563797-2904-...

0
52 B

45ms
43ms

Image
text/plain

151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=a8563797-2904-4f54-b938-011b7056c592&tbid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&query=taboola_hm%3Da8563797-2904-4f54-b938-011b7056c592&isDirect=0
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:07 GMT
via: 1.1 varnish
server: nginx
x-timer: S1601045227.245174,VS0,VE9
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn4044-HHN

Redirect headers

status: 302
tbl-x-upstream: 10.40.20.11:10213
date: Fri, 25 Sep 2020 14:47:06 GMT
server: nginx
x-fastly-to-nlb-rtt: 32251
location: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=a8563797-2904-4f54-b938-011b7056c592&tbid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&query=taboola_hm%3Da8563797-2904-4f54-b938-011b7056c592&isDirect=0

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame FFFA 0
239 B 248ms
45ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=16698
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Content-Type: image/gif

GET
H2

200

/
am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/ Frame FFFA
Redirect Chain

https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Fam-sync.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D...
https://sync.mathtag.com/sync/img?mt_exid=113&redir=%2F%2Fpx.powerlinks.com%2Fuser%2Fsync%2Fdsps%3FuserId%3D%5BMM_UUID%5D%26sourceId%3Daa4e7548-789b-4df8-a72f-d951a5b206eb%26sync%3D0%26rurl%3Dhttps...
https://px.powerlinks.com/user/sync/dsps?userId=6ac15f6e-02ea-4c00-83b4-c77f7ea7f2a0&sourceId=aa4e7548-789b-4df8-a72f-d951a5b206eb&sync=0&rurl=https%3A%2F%2Fam-sync.taboola.com%2Fsg%2Fpowerlinksdsp...
https://am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=Khx8UPChClI64NbmRdt1L5LMqYy03yKc4acfSP0AtbE%3D

45 B
272 B

48ms
48ms

Image
image/gif

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=Khx8UPChClI64NbmRdt1L5LMqYy03yKc4acfSP0AtbE%3D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
tbl-x-upstream: 10.41.30.18:10213
date: Fri, 25 Sep 2020 14:47:08 GMT
server: nginx
x-fastly-to-nlb-rtt: 39803

Redirect headers

Location: https://am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=Khx8UPChClI64NbmRdt1L5LMqYy03yKc4acfSP0AtbE%3D
Date: Fri, 25 Sep 2020 14:47:08 GMT
Server: nginx
Connection: close
Etag: "Khx8UPChClI64NbmRdt1L5LMqYy03yKc4acfSP0AtbE="
Content-Length: 0

GET
H2

204

/
am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/ Frame FFFA
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fam-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc
https://am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=hugPDl6xHchh&ev=1&orig=trc&pid=562107

0
218 B

48ms
48ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=hugPDl6xHchh&ev=1&orig=trc&pid=562107
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
tbl-x-upstream: 10.41.32.36:10213
date: Fri, 25 Sep 2020 14:47:07 GMT
server: nginx
x-fastly-to-nlb-rtt: 34196

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
status: 302
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
location: https://am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=hugPDl6xHchh&ev=1&orig=trc&pid=562107
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-577cbfbc5c-hsq7t
expires: -1

GET
H2

204

/
am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/ Frame FFFA
Redirect Chain

https://b1sync.zemanta.com/usersync/taboola/?puid={user_id}&cb=https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=__ZUID__&orig=trc
https://stags.bluekai.com/site/23178?id=u8i_z9WteNN-OP-wJzzq&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LB...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LBNZ2GC4TUMIWW4ZLUO5XXE2ZPGEXXE5DCFVUC6P3FPBRWQYLOM5ST25DBMJXW63DBEZ2GCYTPN5WGCX3INU6XK...
https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=u8i_z9WteNN-OP-wJzzq

0
218 B

72ms
71ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=u8i_z9WteNN-OP-wJzzq
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
tbl-x-upstream: 10.41.32.34:10213
date: Fri, 25 Sep 2020 14:47:08 GMT
server: nginx
x-fastly-to-nlb-rtt: 41470

Redirect headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:08 GMT
P3p: CP="We do not support P3P header."
Location: https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=u8i_z9WteNN-OP-wJzzq
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 113
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

/
am-sync.taboola.com/sg/appnexus-network/1/rtb-h/ Frame FFFA
Redirect Chain

https://ib.adnxs.com/getuidnb?https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc
https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=7823814188528686151&orig=trc

0
227 B

75ms
74ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=7823814188528686151&orig=trc
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
tbl-x-upstream: 10.40.20.11:10213
date: Fri, 25 Sep 2020 14:47:06 GMT
server: nginx
x-fastly-to-nlb-rtt: 31177

Redirect headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:06 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.55:80
AN-X-Request-Uuid: d195919e-60bd-43dc-afdc-39889e84205f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=7823814188528686151&orig=trc
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame FFFA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm=&google_sc=&google_tc=
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEOFgZoo5qP_gJLRUHqpECiw&google_cver=1

0
54 B

51ms
50ms

Image
text/plain

151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEOFgZoo5qP_gJLRUHqpECiw&google_cver=1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 8
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
server: nginx
x-timer: S1601045227.909996,VS0,VE8
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn4044-HHN

Redirect headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:06 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEOFgZoo5qP_gJLRUHqpECiw&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 304
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK Pug
simage2.pubmatic.com/AdServer/ Frame FFFA 42 B
1003 B 66ms
55ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMxNjAmdGw9MTI5NjAw&piggybackCookie=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:06 GMT
X-lat: Pug23013:0:335
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame FFFA
Redirect Chain

https://am-sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a

170 B
200 B

93ms
17ms

Image
image/png

2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:06 GMT
server: HTTP server (unknown)
content-type: image/png
status: 200
cache-control: no-cache, must-revalidate
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

status: 302
tbl-x-upstream: 10.40.0.117:10213
date: Fri, 25 Sep 2020 14:47:06 GMT
server: nginx
x-fastly-to-nlb-rtt: 31536
location: https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a

GET
H2

204

/
am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/ Frame FFFA
Redirect Chain

https://ib.adnxs.com/getuidnb?https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc
https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=7823814188528686151&orig=trc

0
218 B

88ms
83ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=7823814188528686151&orig=trc
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
tbl-x-upstream: 10.41.24.10:10213
date: Fri, 25 Sep 2020 14:47:06 GMT
server: nginx
x-fastly-to-nlb-rtt: 31177

Redirect headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:06 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.234:80
AN-X-Request-Uuid: 9de54b2f-060b-4b4d-bfac-cdb4caab8a0d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=7823814188528686151&orig=trc
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame FFFA
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=393d20d1-d474-4171-a1db-84ea3a8fa6d0

0
78 B

40ms
39ms

Image
text/plain

151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=393d20d1-d474-4171-a1db-84ea3a8fa6d0
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 8
date: Fri, 25 Sep 2020 14:47:07 GMT
via: 1.1 varnish
server: nginx
x-timer: S1601045227.997072,VS0,VE8
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn4044-HHN

Redirect headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:06 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=393d20d1-d474-4171-a1db-84ea3a8fa6d0
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 239

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame FFFA
Redirect Chain

https://ce.lijit.com/merge?pid=42&3pid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&us_privacy=&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=42&3pid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&us_privacy=&gdpr=0&gdpr_consent=&dnr=1

0
618 B

96ms
46ms

Image
text/plain

216.52.2.19
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=42&3pid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:07 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:07 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=42&3pid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 200 rtset
bh.contextweb.com/bh/ Frame FFFA 49 B
406 B 233ms
131ms Image
image/gif 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=553204&ev=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
status: 200
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-577cbfbc5c-76lgm
expires: -1

GET
H2

200

rtb-h
sync.taboola.com/sg/storygize-network/1/ Frame FFFA
Redirect Chain

https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a
https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301

0
227 B

49ms
48ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
tbl-x-upstream: 10.41.32.36:10213
date: Fri, 25 Sep 2020 14:47:07 GMT
server: nginx
x-fastly-to-nlb-rtt: 38558

Redirect headers

Location: https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301
Pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: CP ALL ADM DEV PSAi COM OUR OTRo STP IND ONL
Content-Length: 0
expires: 0

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame FFFA 43 B
697 B 211ms
50ms Image
image/gif 185.86.137.110
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=107&partneruserid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&gdpr=0&gdpr_consent=
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.86.137.110 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:06 GMT
Cache-Control: no-cache,no-store
Content-Type: image/gif
Transfer-Encoding: chunked
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame FFFA 42 B
233 B 377ms
125ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=281&r=%2F%2Ftrc.taboola.com%2Fsg%2Fadkernelrtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%7BUID%7D
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 Garden City, United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 14:47:07 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2 200 put
e1.emxdgt.com/ Frame FFFA 43 B
124 B 935ms
36ms Image
image/gif 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d41&uid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 14:47:07 GMT
content-length: 43
x-nosync: emp
content-type: image/gif

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame FFFA 35 B
380 B 517ms
124ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-ServerName: Track004-dc3
Pragma: no-cache
Date: Fri, 25 Sep 2020 14:46:46 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H/1.1 204
No Content /
cds.taboola.com/ Frame FFFA 0
157 B 1468ms
138ms Image
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cds.taboola.com/?uid=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&_r=6199324
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:08 GMT
cache-control: no-store
x-envoy-upstream-service-time: 0
Server: nginx
Connection: close

GET
H2

200

rtb-h
sync-t1.taboola.com/sg/bidswitch-network/1/ Frame FFFA
Redirect Chain

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=taboola
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=taboola
https://x.bidswitch.net/sync?dsp_id=70&user_id=4954171450643499117&ssp=taboola
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=6bd478e3-9f77-4936-9b4b-ae9cc355dd60

0
227 B

50ms
49ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=6bd478e3-9f77-4936-9b4b-ae9cc355dd60
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
tbl-x-upstream: 10.41.32.34:10213
date: Fri, 25 Sep 2020 14:47:07 GMT
server: nginx
x-fastly-to-nlb-rtt: 37284

Redirect headers

status: 302
date: Fri, 25 Sep 2020 14:47:07 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=6bd478e3-9f77-4936-9b4b-ae9cc355dd60
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 204 social
trc.taboola.com/komando/log/3/ 0
88 B 44ms
44ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/social?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%22%2C%22rref%22%3A%22https%3A%2F%2Ft.co%2FqRabxaM6G5%22%2C%22sref%22%3A%22_sessionPending_%22%2C%22hdl%22%3A%22Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet%22%2C%22sec%22%3A%22security-privacy%22%2C%22aut%22%3A%5B%22James%20Gelinas%22%2C%22Komando.com%22%5D%2C%22img%22%3A%22https%3A%2F%2Fwww.komando.com%2Fwp-content%2Fuploads%2F2020%2F09%2Flokibot-malware.jpg%22%2C%22v%22%3A15%2C%22pw%22%3Afalse%7D%5D%7D&tim=16%3A47%3A06.729&id=1916&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.746362,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
58 B 89ms
80ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22event%5C%22%3A%5C%22cta_render_candidate%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A0%2C%5C%22index%5C%22%3A0%2C%5C%22placement%5C%22%3A%5C%22Alternating%20Right%20Rail%20Thumbnails%5C%22%7D%22%2C%22eventTime%22%3A1601045226753%7D&tim=16%3A47%3A06.753&id=8915&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 10
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.795398,VS0,VE10
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
56 B 90ms
81ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22cta_render_candidate%22%2C%22eventTime%22%3A1601045226753%7D&tim=16%3A47%3A06.754&id=5657&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.795376,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
57 B 87ms
78ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22event%5C%22%3A%5C%22cta_render_candidate%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A6%2C%5C%22index%5C%22%3A6%2C%5C%22placement%5C%22%3A%5C%22Alternating%20Right%20Rail%20Thumbnails%5C%22%7D%22%2C%22eventTime%22%3A1601045226754%7D&tim=16%3A47%3A06.754&id=141&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.795346,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
56 B 90ms
81ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22cta_render_candidate%22%2C%22eventTime%22%3A1601045226754%7D&tim=16%3A47%3A06.754&id=2400&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.795860,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
56 B 88ms
79ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22event%5C%22%3A%5C%22cta_render_candidate%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A8%2C%5C%22index%5C%22%3A8%2C%5C%22placement%5C%22%3A%5C%22Alternating%20Right%20Rail%20Thumbnails%5C%22%7D%22%2C%22eventTime%22%3A1601045226755%7D&tim=16%3A47%3A06.755&id=4866&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.795864,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
56 B 88ms
79ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22cta_render_candidate%22%2C%22eventTime%22%3A1601045226755%7D&tim=16%3A47%3A06.755&id=7431&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.795853,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
56 B 89ms
80ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22event%5C%22%3A%5C%22cta_render_candidate%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A11%2C%5C%22index%5C%22%3A1%2C%5C%22placement%5C%22%3A%5C%22Right%20Rail%20Thumbnails%5C%22%7D%22%2C%22eventTime%22%3A1601045226755%7D&tim=16%3A47%3A06.755&id=2897&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.795835,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
56 B 88ms
80ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22cta_render_candidate%22%2C%22eventTime%22%3A1601045226755%7D&tim=16%3A47%3A06.756&id=1524&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.795798,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
61 B 86ms
79ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22event%5C%22%3A%5C%22rendered%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A0%2C%5C%22index%5C%22%3A0%2C%5C%22placement%5C%22%3A%5C%22Alternating%20Right%20Rail%20Thumbnails%5C%22%7D%22%2C%22eventTime%22%3A1601045226756%7D&tim=16%3A47%3A06.756&id=3695&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 10
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.796286,VS0,VE10
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
56 B 87ms
80ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22rendered%22%2C%22eventTime%22%3A1601045226756%7D&tim=16%3A47%3A06.756&id=5543&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.796264,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
56 B 89ms
83ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22event%5C%22%3A%5C%22rendered%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A6%2C%5C%22index%5C%22%3A6%2C%5C%22placement%5C%22%3A%5C%22Alternating%20Right%20Rail%20Thumbnails%5C%22%7D%22%2C%22eventTime%22%3A1601045226764%7D&tim=16%3A47%3A06.765&id=1290&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.814907,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
85 B 90ms
83ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22rendered%22%2C%22eventTime%22%3A1601045226765%7D&tim=16%3A47%3A06.765&id=8604&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 10
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.814923,VS0,VE10
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
65 B 87ms
82ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22event%5C%22%3A%5C%22rendered%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A8%2C%5C%22index%5C%22%3A8%2C%5C%22placement%5C%22%3A%5C%22Alternating%20Right%20Rail%20Thumbnails%5C%22%7D%22%2C%22eventTime%22%3A1601045226767%7D&tim=16%3A47%3A06.767&id=2476&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 8
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.814879,VS0,VE8
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
315 B 87ms
82ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22rendered%22%2C%22eventTime%22%3A1601045226767%7D&tim=16%3A47%3A06.767&id=8512&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.814875,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
141 B 87ms
82ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22CTA%22%2C%22type%22%3A%22%7B%5C%22module%5C%22%3A%5C%22cta-branding%5C%22%2C%5C%22event%5C%22%3A%5C%22rendered%5C%22%2C%5C%22cardIndexOnPage%5C%22%3A11%2C%5C%22index%5C%22%3A1%2C%5C%22placement%5C%22%3A%5C%22Right%20Rail%20Thumbnails%5C%22%7D%22%2C%22eventTime%22%3A1601045226769%7D&tim=16%3A47%3A06.770&id=5327&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.815294,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 abtests
trc.taboola.com/komando/log/3/ 0
56 B 87ms
82ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/abtests?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22cta-branding%22%2C%22type%22%3A%22rendered%22%2C%22eventTime%22%3A1601045226770%7D&tim=16%3A47%3A06.770&id=6401&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:06 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.815299,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H3-Q050 200 cb=gapi.loaded_2 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=gapi_iframes_style_bubble/exm=auth,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/ 27 KB
9 KB 16ms
6ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=gapi_iframes_style_bubble/exm=auth,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/cb=gapi.loaded_2

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ada70caed6a7e67d4c10a6de4c07c7863d48d6819c700c39d6b24234d9b4f0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 11:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 02 Aug 2020 22:35:54 GMT
server: sffe
age: 358017
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9263
x-xss-protection: 0
expires: Tue, 21 Sep 2021 11:20:09 GMT

GET
H3-Q050 200 subscribe_embed
www.youtube.com/ Frame 4899 0
0 54ms
53ms Document
text/html 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCU9HtOaaO-lcitPVVdsq99w&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/cb=gapi.loaded_0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /subscribe_embed?action_card=1&channelid=UCU9HtOaaO-lcitPVVdsq99w&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: YSC=Zg2t_Ga2p7s; VISITOR_INFO1_LIVE=IcYoAIGDKZQ
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
expires: Tue, 27 Apr 1971 19:44:06 GMT
content-length: 326
cache-control: no-cache
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
strict-transport-security: max-age=31536000
date: Fri, 25 Sep 2020 14:47:06 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: GPS=1; path=/; domain=.youtube.com; expires=Fri, 25-Sep-2020 15:17:06 GMT
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 border_3.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 43 B
397 B 27ms
13ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/border_3.gif

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 366041
content-type: image/gif
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:25 GMT

GET
H3-Q050 200 spacer.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 43 B
65 B 28ms
14ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/spacer.gif

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 366041
content-type: image/gif
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:25 GMT

GET
H3-Q050 200 bubbleSprite_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 318 B
352 B 25ms
14ms Image
image/png 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 366041
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 318
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:25 GMT

GET
H3-Q050 200 bubbleDropR_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 116 B
141 B 26ms
16ms Image
image/png 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 366041
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:25 GMT

GET
H3-Q050 200 bubbleDropB_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 117 B
142 B 26ms
15ms Image
image/png 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 366041
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:25 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 8FC1 206 KB
57 KB 29ms
5ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102027
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:40 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 8FC1 16 KB
6 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102000
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:07 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 8FC1 95 KB
29 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 101988
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:19 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 8FC1 4 KB
2 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 101989
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:18 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 8FC1 47 KB
14 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102021
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:46 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 8FC1 4 KB
647 B 39ms
24ms Stylesheet
text/css 2a00:1450:4001:818::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

02fec5849f8ab7bceb4450d167f382e9079bd3a5d0f33a00942869641811ab3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 13:59:34 GMT
server: ESF
date: Fri, 25 Sep 2020 14:47:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Sep 2020 14:47:07 GMT

GET
DATA 200
OK truncated
/ Frame 8FC1 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8ca3326327fd5217cf2b21abc357a69adbf59d0ae7590860d35d5be7c5b2b58d

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame C719 206 KB
56 KB 34ms
21ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102027
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:40 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame C719 16 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102000
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:07 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame C719 95 KB
29 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 101988
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:19 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame C719 4 KB
2 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 101989
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:18 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame C719 47 KB
14 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102021
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:46 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame C719 809 B
418 B 31ms
25ms Stylesheet
text/css 2a00:1450:4001:818::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Slabo+27px:400,700&lang=cs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3a42f56cf05504bef889040572a6ac7c53ae944e6d95eeab0323ffd69ef8f8e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 14:47:07 GMT
server: ESF
date: Fri, 25 Sep 2020 14:47:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Sep 2020 14:47:07 GMT

GET
DATA 200
OK truncated
/ Frame C719 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 71eefc84aabccebf4efe3dc19237f38d8645202d927b68f33dbdc16e6c06e0a1

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 8AB6 206 KB
56 KB 19ms
14ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102027
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:40 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 8AB6 16 KB
6 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102000
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:07 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 8AB6 95 KB
29 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 101988
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:19 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 8AB6 4 KB
2 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 101989
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:18 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 8AB6 47 KB
14 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102021
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:46 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 8AB6 7 KB
1 KB 20ms
19ms Stylesheet
text/css 2a00:1450:4001:818::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d3838febe02ee1538a1336ac01f452a6fe7682106cd21b46cda9c40092c8e3aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 13:54:39 GMT
server: ESF
date: Fri, 25 Sep 2020 14:47:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Sep 2020 14:47:07 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/11534748495865621853/ Frame 8AB6 183 KB
183 KB 36ms
19ms Image
image/jpeg 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11534748495865621853/downsize_200k_v1

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

792611074295953bb82efd698f368e63f292c39eabc04493978d3da793fd6a5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 11:53:51 GMT
x-content-type-options: nosniff
age: 355996
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 186951
x-xss-protection: 0
last-modified: Wed, 20 May 2020 11:36:14 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Sep 2021 11:53:51 GMT

GET
DATA 200
OK truncated
/ Frame 8AB6 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 8AB6 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34f437e51b58eab1c30921d462306b968e6212c6efe5f6df9bbd2f719449bc6b

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame FDE3 206 KB
56 KB 41ms
15ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102027
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:40 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame FDE3 16 KB
6 KB 40ms
15ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102000
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:07 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame FDE3 95 KB
29 KB 36ms
11ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 101988
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:19 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame FDE3 4 KB
2 KB 42ms
16ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 101989
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:18 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame FDE3 47 KB
14 KB 40ms
15ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102021
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:46 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame FDE3 7 KB
750 B 26ms
25ms Stylesheet
text/css 2a00:1450:4001:818::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d3838febe02ee1538a1336ac01f452a6fe7682106cd21b46cda9c40092c8e3aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 13:58:46 GMT
server: ESF
date: Fri, 25 Sep 2020 14:47:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Sep 2020 14:47:07 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/11534748495865621853/ Frame FDE3 183 KB
183 KB 26ms
21ms Image
image/jpeg 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11534748495865621853/downsize_200k_v1

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

792611074295953bb82efd698f368e63f292c39eabc04493978d3da793fd6a5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 11:53:51 GMT
x-content-type-options: nosniff
age: 355996
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 186951
x-xss-protection: 0
last-modified: Wed, 20 May 2020 11:36:14 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Sep 2021 11:53:51 GMT

GET
DATA 200
OK truncated
/ Frame FDE3 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame FDE3 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68665f0f6c246a75047c559aacb273bc8ad154cf7f448fdb051e7b5a5999c302

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame 22EE 206 KB
56 KB 33ms
16ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102027
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:40 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 22EE 16 KB
6 KB 35ms
17ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102000
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:07 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 22EE 95 KB
29 KB 28ms
12ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 101988
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:19 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 22EE 4 KB
2 KB 30ms
14ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 101989
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:18 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame 22EE 47 KB
15 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 102021
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:46 GMT

GET
DATA 200
OK truncated
/ Frame 22EE 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 726b12550533b454dbb967e74cf90cc6c76862cf3a82818b4caf084f5454e361

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8FC1 2 KB
3 KB 34ms
12ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 02:38:56 GMT
x-content-type-options: nosniff
server: cafe
age: 43691
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2471
x-xss-protection: 0
expires: Sat, 26 Sep 2020 02:38:56 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8FC1 295 B
388 B 34ms
13ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 62409
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 25 Sep 2020 21:26:58 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 8FC1 0
0 39ms
17ms Image
text/html 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR33MALrBiGt9zbatMOgnYKqnEdls2_DHXR0IjaFqMdl-IEpkvH1vFor6Jg2Ylcw1PY8WV7
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8FC1 0
0 92ms
71ms Image
text/html 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CiZH36gJuX7-WF7eH3gOWjKX4ArO24ZJf5Iqw9v4LwI23ARABINeVjQJgzOHtgfwuoAGt1aLcA8gBAeACAKgDAcgDCqoEiwJP0OSorOndp1fMBIJ2HT8bP8JHXkn2ktu3qgmNSoFLwx6F2KEgPEitPExCRpkXYoiYAXnDTg4VfbdZIumsa5-47dB0MjgLWLaumtJZPELJbDIeFEvN2GDwfrdNNuDDpOmRHZ3sFdbAwb3-lciLvvFo0dy_npYV96l1BLImJtgPpk7siyXm-pbp3lRP-4AXDPbI6j4b5QBSjHIbKs2w2Q3eQ9bqCm9lAZZEVYkTQRKtZvQhj4N_Lwhq0kQsHb4Db14KXmxTISueSe_7dCAFvwypfDbWI_NOxR6tVYHMpHfC10vNh7_Qo_boXcBouzEaIKRz8nczrH46yXTMuB_C2fovXyKDB0jyi30N3j_ABICk6Z6pA-AEAZIFBAgEGAGSBQQIBRgEoAZmgAej19mRAagHjs4bqAfVyRuoB5PYG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAfIHBBDsyg3SCAkIgOGAUBABGB2ACgHICwGyDBRwdWItMTU4MTg3MTUyNzYyODA2NtgTDA&sigh=GDWoT-4__hQ&tpd=AGWhJmssJQJRwRtmdoKLtmcCjfMZvsKRBYa0CZ-tuyD2rQZ5dQ
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s20-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 12116030280004408740_12599353145832260917.jpeg
static.doubleclick.net/dynamic/5/163357407/ Frame C719 75 KB
76 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:816::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/163357407/12116030280004408740_12599353145832260917.jpeg

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91627b8a03a108068da8e957a08af995912335ac17f1b4530870b310ad8caf68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 19:47:21 GMT
x-content-type-options: nosniff
last-modified: Tue, 28 Jul 2020 01:22:27 GMT
server: sffe
age: 154786
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77181
x-xss-protection: 0
expires: Thu, 23 Sep 2021 19:47:21 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C719 0
0 92ms
72ms Image
text/html 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cfe9W6gJuX-aXF7eH3gOWjKX4Au6gkKNf2qPo9t4L0uHS4LIBEAEg2tfFOWDM4e2B_C6gAcrc98gDyAEGqQJhstheKQlnPuACAKgDAcgDCqoEkwJP0LeN9_wn8HweB40eEo8vDS2FMOyH8TAA4HWA03JJJkH0SjP-Aqy296E0u8tFps1TB9mH-Q9wzA4gJH9QfKL6XQrJUTEPbR0bUn4tl2Tzs_2Vz3AEHx5rKNi41liyhAe9p00i8Bly35j_Uy072rPAxqiuxd8JkER_KCRpAnIaHnmOK1HafEQEz4XII9zX7mdjmTLVNgMFgAm76vx5T7vV18OHC0ipHcYuQ89CohgvbmkjwHhxesobn4wh4Fa7d8UULcXxRRRn5-4DDyvgboJUkhGK7BZdbtBtZ-PiqKIk5uF2Z2SSUx9PAyiwyTlbXyWdigyjc3QaI2TxtaU3Nm4kHRhxbAXooGgCrdtniM5PmhFoCcAE9cCZq_UC4AQBkgUECAQYAZIFBAgFGASgBjeAB56jiDeoB47OG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEP_NBtIICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tOTUzMTM3OTk4MjE3OTc2MIAKA8gLAbIMFHB1Yi0zNjA1MjU3MzYwODUzMTg12BMN&sigh=sDwx6FosgV4&template_id=493&tpd=AGWhJmviPMiXNBP8_x9WFvXDbsEoal33s8w1pYZ7OBdPctatNA
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s20-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame C719 0
0 37ms
17ms Image
text/html 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRud8Mg190UlUH9ouuzBPiiTU55zkiGR3L9EMzbNhRz5TiL2hNv3wa7fFXHEvimI-WzLuFr
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C719 2 KB
3 KB 40ms
12ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 13089
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 26 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C719 295 B
319 B 29ms
13ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 62409
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 25 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8AB6 2 KB
2 KB 40ms
12ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 13089
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 26 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8AB6 295 B
319 B 39ms
12ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 62409
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 25 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8AB6 0
0 97ms
71ms Image
text/html 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cp3dn6gJuX5-ZF7eH3gOWjKX4AobVxoxf8fuEyuQLv-EeEAEg2tfFOWDM4e2B_C6gAcz7nOgCyAEJqQJhstheKQlnPuACAKgDAcgDCqoEmQJP0JjEkB1hYoJAM5pmkI1OckAt7aUa2QKGU056eovPRaaCkTBnLKCvMR6h7xdHujAMpHFFEtbuuLcEgJZso7CWDvK_38rvcvJJl31PDe1dUpChAexdhQoYC3Zqw64ZVqurr7Z0hme1fWDpdR1eUC8DCgd0n5dCqyIaWz968jjHqJB3UzkViQUn7aGPTAhjfOEgeDkBGG8IdqJUnFrOvua4D_nPBq6rirOFKxuaaSplgoG8EsHWQqFZMAd6eSC07KKzDjwNugkNV_Y5gcsBOrGaY3brGcX3kSvXJquMRrUVcmJ0TUT3Dnqz4N9ame9YEHHM-cEy5MY0eG6MgveNqA7wJsmBrajkofp3EiZxZNmlNaGmFsavNINqUcAE4Zu_1oMD4AQBkgUECAQYAZIFBAgFGASgBi6AB5yE45cBqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcA8gcEEO_cA9IICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tOTUzMTM3OTk4MjE3OTc2MIAKA8gLAbIMFHB1Yi0zNjA1MjU3MzYwODUzMTg12BMMiBQG&sigh=CvaYfI2xcSA&template_id=5000&tpd=AGWhJmt24t_xkVwl5XMtvagrFg9n8EOYn1u-wwe6Oq1PPOHN2w
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s20-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FDE3 2 KB
2 KB 46ms
11ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 13089
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 26 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FDE3 295 B
319 B 45ms
15ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 62409
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 25 Sep 2020 21:26:58 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame FDE3 0
0 42ms
16ms Image
text/html 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQxRgs4Is8Boo0bgqOludKq1O-wvWnR_VvoMiMXsLCpK7Y7nyIdeHHrN0jCN5dLpgwFx1HA
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FDE3 0
0 98ms
72ms Image
text/html 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CNBdV6gJuX--aF7eH3gOWjKX4AobVxoxf8fuEyuQLv-EeEAEg2tfFOWDM4e2B_C6gAcz7nOgCyAEJqQJhstheKQlnPuACAKgDAcgDCqoEmQJP0NRG9T8Qa_mb05Wd1NgH3NC5B4DJV5vsmvnrlyhcxUT-0jDQC6sixgAsKdvWzdGJOQm3PDmcWhzY0yzmuJOrRs6f_WR8z3opKyiJdXAGsnPYR4cjzv4WnJiB3WjL3fdKZ_Km9JF69Tcmal5MqZfKAHFUrw_P9f4WaSiGZMIFUyYynmYWSipNLSM1Wxy1qI-Lz3KVkE7Zm4DjM_eDlqs64kLd2FhjRkxrPzT0G9TOLn6btTNuZYtddb44uGN9V3vVDzM7QbFjprmzdXN8WiqEu-_MykdVOzGR8WvySlopsv74WG7L4sfcOqSX23Gm6JqodL0_Z7IA3coT2WdCyJ_NAv1uPD10tpUKIIZPwU1NVaru8Mi7XocjVsAE4Zu_1oMD4AQBkgUECAQYAZIFBAgFGASgBi6AB5yE45cBqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcA8gcEELutAtIICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tOTUzMTM3OTk4MjE3OTc2MIAKA8gLAbIMFHB1Yi0zNjA1MjU3MzYwODUzMTg12BMMiBQG&sigh=QmAkGocHWmI&template_id=5000&tpd=AGWhJmu0E9l2lw8vhRl06F8rFnN-cI0ML98Imi_lTXr536Y0YQ
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s20-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 16391326294601455738
tpc.googlesyndication.com/simgad/ Frame 22EE 38 KB
38 KB 43ms
17ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16391326294601455738?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnHwSbsdJySWKlbIpynlAdc8fXHjw

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56b862dba246ca1a60fc4fa53e23580c28e9af62734f30451f9f138805eb8c8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 11:24:40 GMT
x-content-type-options: nosniff
last-modified: Mon, 18 Nov 2019 14:56:31 GMT
server: sffe
age: 98547
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39229
x-xss-protection: 0
expires: Fri, 24 Sep 2021 11:24:40 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 22EE 2 KB
2 KB 46ms
5ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 13089
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 26 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 22EE 295 B
319 B 44ms
11ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 62409
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 25 Sep 2020 21:26:58 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 22EE 0
0 41ms
16ms Image
text/html 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaScPdZ9ImhygKEKhY0odNLNyGz_Z1I9lGFnRUlBO9mkmvPfSPZHZTT8mTOftWkp1kNKAeSS
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 22EE 0
0 97ms
72ms Image
text/html 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CCXD46gJuX7-cF7eH3gOWjKX4Aqq-6p5ayPKi6bEKloLNhYgWEAEg2tfFOWDM4e2B_C6gAfzf9IIDyAECqQJhstheKQlnPuACAKgDAcgDCKoEoQJP0CBIhMreF8YwFxnz6X5M4rH3IINuDXYS7YYEApciw1Z43tqaQ3LbUa5IMAS74WGBVfKWeEdKq4bZ8ff9DgIb2VKLOIdx0Kdl3SgjtQ0ko5uz5t9B8W-m6t8gIJAFa652HOqyQAuoEmxJSSi7Mg-3sa4EUPct7Swt-tNsXlhF7J8SCmhbsfgUFJcTQSTlK6UiKsR9Lwe2z_Q_nqxnwZsCokz5zRnPdts4dOKxDZzK7F70fGqeLML8yS80qFjhnUDL9lfwdVlvPyEP8084naHffxx33yRyKzukLTSR45fGmQGdZ-vrIO4LyvBPTHSvTHupn3-cGn4ay2PWd0B4vFBYuvoElcJdsbYEB3lS8TWODTIre1qeJZTyePLPjVA0xjy9wATU-b-W2QLgBAGSBQQIBBgBkgUECAUYBKAGAoAH7J-LfagHjs4bqAfVyRuoB5PYG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAfIHAxDwLtIICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tOTUzMTM3OTk4MjE3OTc2MIAKA8gLAbIMFHB1Yi0zNjA1MjU3MzYwODUzMTg12BMN&sigh=K7TcC4M76D0&tpd=AGWhJmvnj4EuNi-JVdeq_x6n37Wfw4CRJXwsMFUJwxKSAAOmZQ
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s20-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame 8FC1 14 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:18 GMT
server: sffe
age: 366035
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14816
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:32 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame 8FC1 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:04:00 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:26 GMT
server: sffe
age: 366187
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14608
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:04:00 GMT

GET
H3-Q050 200 mFT0WbgBwKPR_Z4hGN2qgx8D1WB4m9w.woff2
fonts.gstatic.com/s/slabo27px/v7/ Frame C719 10 KB
10 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/slabo27px/v7/mFT0WbgBwKPR_Z4hGN2qgx8D1WB4m9w.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Slabo+27px:400,700&lang=cs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd9bcbab811ce6e61d6bf392bf33663b945108ce5536b983ea8b5aa2cf875171

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Slabo+27px:400,700&lang=cs
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 17:40:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:30 GMT
server: sffe
age: 75969
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9752
x-xss-protection: 0
expires: Fri, 24 Sep 2021 17:40:58 GMT

GET
H3-Q050 200 mFT0WbgBwKPR_Z4hGN2qgxED1WB4m9xv3Q.woff2
fonts.gstatic.com/s/slabo27px/v7/ Frame C719 5 KB
5 KB 17ms
7ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/slabo27px/v7/mFT0WbgBwKPR_Z4hGN2qgxED1WB4m9xv3Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Slabo+27px:400,700&lang=cs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c79dc3a4d62f6fcbbd2bbae85ab5956c3088eec4d06a6317ae5c0346807d51e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Slabo+27px:400,700&lang=cs
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 17:40:42 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:22 GMT
server: sffe
age: 75985
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5404
x-xss-protection: 0
expires: Fri, 24 Sep 2021 17:40:42 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8AB6 11 KB
11 KB 12ms
5ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 10:07:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 362403
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Tue, 21 Sep 2021 10:07:04 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8AB6 11 KB
11 KB 9ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:17 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 366050
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11180
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:17 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmSU5fChc4AMP6lbBP.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8AB6 8 KB
8 KB 11ms
7ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fChc4AMP6lbBP.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b58c11dac0fae1d40040bda04c6d4d8d5ba9f2cde7a53568f0741c973b301abb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:11:01 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:40 GMT
server: sffe
age: 365766
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8088
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:11:01 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8AB6 11 KB
11 KB 13ms
9ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:19 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 366048
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:19 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8AB6 8 KB
8 KB 13ms
9ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac4f45c63e7192b1c9fb64be19be7a03084e16dc33b4dcfedabb44cb390c25a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:10:33 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:45 GMT
server: sffe
age: 365794
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7924
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:10:33 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame FDE3 11 KB
11 KB 13ms
11ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 10:07:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 362403
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Tue, 21 Sep 2021 10:07:04 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame FDE3 11 KB
11 KB 14ms
11ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:17 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 366050
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11180
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:17 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmSU5fChc4AMP6lbBP.woff2
fonts.gstatic.com/s/roboto/v20/ Frame FDE3 8 KB
8 KB 14ms
12ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fChc4AMP6lbBP.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b58c11dac0fae1d40040bda04c6d4d8d5ba9f2cde7a53568f0741c973b301abb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:11:01 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:40 GMT
server: sffe
age: 365766
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8088
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:11:01 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame FDE3 11 KB
11 KB 14ms
12ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:19 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 366048
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:19 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2
fonts.gstatic.com/s/roboto/v20/ Frame FDE3 8 KB
8 KB 14ms
12ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fChc4AMP6lbBP.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac4f45c63e7192b1c9fb64be19be7a03084e16dc33b4dcfedabb44cb390c25a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:10:33 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:45 GMT
server: sffe
age: 365794
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7924
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:10:33 GMT

POST
H2 204 fullPageRevenue Show response
trc.taboola.com/komando/log/3/ 0
201 B 40ms
40ms XHR
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/log/3/fullPageRevenue
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:07 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045227.343022,VS0,VE9
content-type: image/gif
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
335 B 577ms
149ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 59287deead23ff71ce08f07896e2fb703503b6b218992254ef7529cfa67c70d6

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 14:47:07 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 8FC1
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

38ms
38ms

Image
text/html

2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Fri, 25 Sep 2020 14:47:07 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame C719
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
39ms

Image
text/html

2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Fri, 25 Sep 2020 14:47:07 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 22EE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
39ms

Image
text/html

2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Fri, 25 Sep 2020 14:47:07 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FDE3 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 13089
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 26 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame FDE3 295 B
319 B 6ms
6ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 62409
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 25 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 16391326294601455738
tpc.googlesyndication.com/simgad/ Frame 22EE 38 KB
38 KB 6ms
6ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16391326294601455738?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnHwSbsdJySWKlbIpynlAdc8fXHjw

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56b862dba246ca1a60fc4fa53e23580c28e9af62734f30451f9f138805eb8c8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 11:24:40 GMT
x-content-type-options: nosniff
last-modified: Mon, 18 Nov 2019 14:56:31 GMT
server: sffe
age: 98547
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39229
x-xss-protection: 0
expires: Fri, 24 Sep 2021 11:24:40 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 22EE 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 13089
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 26 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 22EE 295 B
319 B 7ms
6ms Image
image/png 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 62409
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 25 Sep 2020 21:26:58 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 22ms
22ms XHR
application/json 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020091601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

89ae0e0b8cb01acdf0f3a97193fd457b39860813f90680fa148971baa0bd91ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 14:47:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6485
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600730918364481"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5975
x-xss-protection: 0
expires: Fri, 25 Sep 2020 14:47:07 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/216/ Frame 3756 0
0 6ms
5ms Document
text/html 2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/216/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4674
date: Fri, 25 Sep 2020 14:22:36 GMT
expires: Sat, 25 Sep 2021 14:22:36 GMT
last-modified: Mon, 21 Sep 2020 21:29:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1471
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 204 bulk Show response
trc.taboola.com/komando/log/3/ 0
62 B 100ms
100ms XHR
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/log/3/bulk?tvi2=2984&route=AM%3AAM%3AV&lti=cta2_var&bulkSize=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 66
date: Fri, 25 Sep 2020 14:47:07 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045228.754916,VS0,VE66
content-type: image/gif
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
165 B 43ms
42ms Image
image/gif 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=216&t=2&li=gpt_2020091601&jk=4006302023472830&bg=!9_Sl9OxYgFNSLhSYlyoCAAAAUFIAAAAMCgHDkB7UpI9S69euRHetTRUAQBXru7wbdVKVEtV-elM---bq8BGK52UgFF10sKwXfwTxaOhQc4a2GCU1-3vMelajj2yFuYeDiNlJYgzvve_uZ5BO1zYpjywzWMNmL5aPhEl9uvAVe4ToLG2WEB0Rssm4pMEjJcqdMlhVCU-EhB6tt7k905DhWWzD5djIhEd7Qirs89T0OTV2ooPRp6L8q1afudDzqNR7J_NwPNdzI-jMcutv-nQySdSokejZkpw4jNKPAyFFfCCPGoKpmQ0X0XCoUkFzxaso5SJfcnXLqSqN6Pxx5IJAr9h2B7w30epBHEbKdAKTjX9_nXe6w-IwWGdqvHHQezeOOKFh0hRzsB_WTfO0yt8jki2-PuhNxt5qzM5PRYOhzDxsMVmI8Fw9zEiViGktT9HssJgRb71MiPKrCG6zNwYlD7ChHCkIp4ilPzKyK9xFKXoPyQcaM8BevsxFBD0EDrX9BvjFvgJVKDWBqz1UDQruHMl0qu_cevWwkcm354NoBtFQqZd_zSko59p1DolHMFoID6yZxAGsvyHQawmpzt_g652b3a9ND242JYd1urIfT7N6e5mlfU8IDberdEpQ9JkBqDnSwFcxzn7OOK-QXz0WENr5cIDtqweDfYlpknjYWq7b4LBAjElk_kOwbekRZSkULW4r-YCjFYisAmNQIqPSS-42yANWcWyXC9j6FVnro51rMQYezxyTUUE-C4Bz4PmZfmLBPbFJ8u8t00JNxm2pZ5qiLttZlt_BR1mcjY0-wTD2txrZRzv33vjMRD7nFF_6B7bzU-vbWrAmTNJ4eg8DA3iNcoG8Rc217Xc2FRkpTE2vkFnbFihgPN5VpCXEYhvEXUJQ4oIWTuS2bPkFL446WZ482hA982FFPvs530ZLdsYF6W_50whAZKoWGq-Pqr4qSxcZ9m7fUBZjLoX70h8m92DMKISiY2Xi6EQLzOzQzSCfSejYKBVFnmfyataVDOHVpaavPKvtTX-uy2nYrR21HWJQlbmbMNeUtW9pk-U_zaqUbe-nQl3E7K6LzJ6oA4sf8aa1hB-28ZK_a7zbWa6nXcmA_SZPlxBY-7ZIzirWsP6GKq1lDpmIsjt6to3ywnSw16PsE21o_BiI6h_GWTRZEFdLr7qk29STSrcvtxWuLG4SrKeDq58LoTQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
335 B 338ms
151ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 59287deead23ff71ce08f07896e2fb703503b6b218992254ef7529cfa67c70d6

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 14:47:08 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 204 social
trc.taboola.com/komando/log/3/ 0
57 B 41ms
41ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/social?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22like%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-share%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-link%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22widget%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%22%2C%22rref%22%3A%22https%3A%2F%2Ft.co%2FqRabxaM6G5%22%2C%22sref%22%3A%22https%3A%2F%2Ft.co%2FqRabxaM6G5%22%2C%22hdl%22%3A%22Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet%22%2C%22sec%22%3A%22security-privacy%22%2C%22aut%22%3A%5B%22James%20Gelinas%22%2C%22Komando.com%22%5D%2C%22img%22%3A%22https%3A%2F%2Fwww.komando.com%2Fwp-content%2Fuploads%2F2020%2F09%2Flokibot-malware.jpg%22%2C%22v%22%3A15%2C%22pw%22%3Afalse%7D%5D%7D&tim=16%3A47%3A07.892&id=7920&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:07 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045228.907191,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 social
trc.taboola.com/komando/log/3/ 0
56 B 42ms
41ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/social?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&st=social-visible&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-share%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A1%2C%22ln%22%3A%22below-fold%22%2C%22lx%22%3A618%2C%22ly%22%3A867%2C%22m%22%3A%22stp%22%2C%22v%22%3A3%7D%5D%7D&tim=16%3A47%3A07.938&id=5297&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:07 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045228.953395,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 social
trc.taboola.com/komando/log/3/ 0
208 B 57ms
57ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/social?route=AM:AM:V&tvi2=2984&lti=cta2_var&ri=d676745c8edb897b6224b1c9a78f499a&sd=v2_eb022623bb410febbfd75213dd6a76cf_b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a_1601045226_1601045226_CGoQ58o9GJXF7a3MLiABKAEwNzjBqwhA74kQSOin4QNQ____________AVgAYABo4qaqkbKtl-Jw&ui=b512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601045226133&st=social-visible&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-link%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A1%2C%22ln%22%3A%22below-fold%22%2C%22lx%22%3A586%2C%22ly%22%3A867%2C%22m%22%3A%22stp%22%2C%22v%22%3A3%7D%5D%7D&tim=16%3A47%3A08.147&id=1918&llvl=1&cv=20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 14:47:08 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4044-HHN
pragma: no-cache
server: nginx
x-timer: S1601045228.179040,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame C719 42 B
93 B 46ms
46ms Image
image/gif 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0h3GPYIM0iBuDhQPrDlqN3B-M3BGC9uS9IiL0Xk_hVj20pDKki0403Ge4XrRzDwuwLM9ABrDK73oQ6P6sjiCpzX4VE0IzymU6cXNbn3049kHvNSU_RYQ819GsA2nfdFkaSs1as1CtfRgsjdYLNWw6&sai=AMfl-YRMwJvIxoxHKlysAfW1kvst3aIkTE2tIZBKc0X67h2nxLi3-cpxVjW5ugTdYi0xND-C3SUQhUydjfVhncSzMvyF-Hk07kAEvEfduoosyU7baJYlyJHILU_oKMVsB1U&sig=Cg0ArKJSzPFH49D1Kzp-EAE&cid=CAASPeRoZCuVTWYeQqqKcEqugA0R_I6NxBiSA2Dtqx8ypIkuocxvsakBik38mieqnKXGO1tI-9bM1-WVPBQjxLM&id=ampim&o=436,944&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=202&tls=1202&g=100&h=100&tt=1202&r=v&avms=ampa&adk=2773792623

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 8FC1 42 B
65 B 40ms
40ms Image
image/gif 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstaNAFi3gApHe0OXBAc9XW0Ht39jgrX17WnnnNOodhyk_j0YB6ZiqR2B0xYkDcvH_5S48PqM_8GHWfMf268MtfN8fcShtUHjDLAUtgkDMI6QtBXhsSME9paoxSI4Q&sai=AMfl-YS6lOcCI64Fm1k4SysQYB7hBnz4_3r1JvculUdWBkpJ_G-YGsLGq0aHSStrZBZh0c57ieZKs7nkxKaTLAUHFrD7eQsUJYfuPs649siY-SN8G4aWITmSDQ3qWozbaYU&sig=Cg0ArKJSzPSA8tJj_w3oEAE&cid=CAASPeRofVl2ZtyOV1IG0opF_jW_PZYbfx1at1ne0hDI003Sf-LP9h-urObhGPbFjVV4396Y5vfC9UIF-bUJLXc&id=ampim&o=436,1110&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=260&tls=1260&g=100&h=100&tt=1260&r=v&avms=ampa&adk=1494144272

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame DD3E 0
0 67ms
66ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=0&gdpr_consent=
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Wed, 19 Aug 2020 18:23:01 GMT
Content-Encoding: gzip
Content-Length: 9456
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=29267
Expires: Fri, 25 Sep 2020 22:54:59 GMT
Date: Fri, 25 Sep 2020 14:47:12 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 2C6D 0
0 115ms
41ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Connection: keep-alive
Content-Length: 17037
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: W/"5e7a2cb3-cefd"
Expires: Fri, 04 Sep 2020 06:04:52 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 25 Sep 2020 14:47:12 GMT
Age: 31296
X-Served-By: cache-lga21955-LGA, cache-hhn4051-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 2, 392622
X-Timer: S1601045232.291712,VS0,VE0
Vary: Accept-Encoding

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame CED6 0
0 59ms
57ms Document
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 204
date: Fri, 25 Sep 2020 14:47:12 GMT
set-cookie: __cfduid=dbfeba575f0629b1588e26fe7c3fa30f41601045232; expires=Sun, 25-Oct-20 14:47:12 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin
access-control-allow-methods: GET, HEAD, POST, OPTIONS
cf-request-id: 056754926200000c0527075200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 5d8589fd6e300c05-AMS

GET
H2

200

sync
eb2.3lift.com/ Frame AF0E
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

39ms
38ms

Document
text/html

52.58.4.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.4.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=8161145703879705710
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
date: Fri, 25 Sep 2020 14:47:12 GMT
content-type: text/html; charset=utf-8
content-length: 467
set-cookie: sync=CgoIgQIQl_XtrcwuCgoIoQEQl_XtrcwuCgoI4gEQl_XtrcwuCgoI5gEQl_XtrcwuCgoI1gEQl_XtrcwuCgoIhwIQl_XtrcwuCgkIOhCX9e2tzC4KCQgLEJf17a3MLgoJCF8Ql_XtrcwuCgkIHxCX9e2tzC4=; Max-Age=7776000; Expires=Thu, 24 Dec 2020 14:47:12 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=8161145703879705710; Max-Age=7776000; Expires=Thu, 24 Dec 2020 14:47:12 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Fri, 25 Sep 2020 14:47:12 GMT
content-length: 0
set-cookie: tluid=8161145703879705710; Max-Age=7776000; Expires=Thu, 24 Dec 2020 14:47:12 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 296 KB
102 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7db90d988f2d569ee665c1666e383f3ccb226e4532320946bb42d09702c6ed8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104172
x-xss-protection: 0
expires: Fri, 25 Sep 2020 14:47:13 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 128ms
128ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=8851&val=ima&wnx=0&abc=&ty=ami&v=0&ext=0&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:13 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

OPTIONS
H2 200 playlist
trafficmanager.anyclip.com/trafficmanager/api/v2/player/ Frame 0
0 402ms
131ms Other
text/plain 34.228.106.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trafficmanager.anyclip.com/trafficmanager/api/v2/player/playlist?
Protocol: H2
Server: 34.228.106.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.komando.com
Sec-Fetch-Mode: cors

Response headers

status: 200
date: Fri, 25 Sep 2020 14:47:13 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
allow: HEAD,POST,GET,OPTIONS

POST
H2 200 playlist Show response
trafficmanager.anyclip.com/trafficmanager/api/v2/player/ 15 KB
3 KB 138ms
138ms Fetch
application/json 34.228.106.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trafficmanager.anyclip.com/trafficmanager/api/v2/player/playlist?
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.106.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: bb77911d951f4a4727a07cb7cfb8236218a17581c729c52686c5c21b2d7edd60

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/no-referrer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 25 Sep 2020 14:47:14 GMT
content-encoding: gzip
status: 200
vary: accept-encoding
access-control-allow-methods: GET,POST
content-type: application/json
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 129ms
129ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=8861&val=0&wnx=0&abc=&ty=prq&v=0&ext=0&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:13 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H3-Q050 200 bridge3.411.1_en.html
imasdk.googleapis.com/js/core/ Frame 29C5 0
0 28ms
14ms Document
text/html 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.411.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 193074
date: Tue, 22 Sep 2020 18:42:18 GMT
expires: Wed, 22 Sep 2021 18:42:18 GMT
last-modified: Tue, 22 Sep 2020 18:32:46 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 245095
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 26 KB
10 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:81c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10523
x-xss-protection: 0
expires: Fri, 25 Sep 2020 14:47:13 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 129ms
128ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9404&val=%7B%22userAgent%22%3A%7B%22allow%22%3Atrue%2C%22software%22%3A%7B%22nameCode%22%3A%22chrome%22%2C%22ver%22%3A%2283%22%7D%2C%22os%22%3A%7B%22nameCode%22%3A%22macos%22%2C%22ver%22%3A%22Mojave%22%7D%2C%22hw%22%3A%7B%22type%22%3A%22computer%22%2C%22subType%22%3Anull%7D%7D%7D&wnx=0&abc=&ty=prs&v=0&ext=0&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK play-big.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 650 B
1 KB 195ms
38ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/play-big.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 3cc9389c9cfdbc0fb7c282c3026c3cd9c11894913f4cf60cf9d1140a1415ad0a

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Content-Encoding: gzip
Age: 4057
Connection: keep-alive
Content-Length: 400
x-amz-id-2: 0dc/gRLqfDQxcYDeGKtGmw51KvAIAQC/978w51z+oLFQmz/kdQSpa/ksuHJwndkDOckr+gsWYRg=
Last-Modified: Tue, 06 Aug 2019 13:18:15 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: E83DC4A31D0E9DA2
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 17:39:37 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: P54LBC7dA7.CKZKZL0usNEXn5r08cUmk
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 63734c3bc8191626b6222d875c9e0277
x-amz-meta-s3b-last-modified: 20190806T131201Z

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 129ms
128ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9455&val=&wnx=0&abc=&ty=cuc&v=0&ext=0&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 129ms
128ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9456&val=0&wnx=0&abc=&ty=wre&v=0&ext=0&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK anyclip-logo.png
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 1 KB
2 KB 173ms
39ms Image
image/png 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/anyclip-logo.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: a9face165b5af8cc8cd1aef61858dc946c4296ee34ef63790747394d4f25c38b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Age: 11257
Connection: keep-alive
Content-Length: 1316
x-amz-id-2: gMEgWbrwBtCb8rsLdk6FpC5XWROKmfN5gtsa4/OuNj+257QCxn3+UTbTsmpiDniHY4I7XuzGWVM=
Last-Modified: Thu, 20 Dec 2018 13:30:18 GMT
Server: AmazonS3
x-amz-request-id: F4AB1589F240DC73
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 15:39:37 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: OklAUkiF01qvm0z5Jbxqbgl4N5mndRTg
Accept-Ranges: bytes
Content-Type: image/png
X-LLID: ed7b77c8352f18ea19e125f10114fe6c
x-amz-meta-s3b-last-modified: 20180812T120014Z

GET
H/1.1 200
OK venturebeat-close-btn.svg
anyclip-player.s3.amazonaws.com/anyclip-widget/lre-widget/assets/lre_theme/ 802 B
1 KB 785ms
386ms Image
image/svg+xml 52.216.80.208
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anyclip-player.s3.amazonaws.com/anyclip-widget/lre-widget/assets/lre_theme/venturebeat-close-btn.svg
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.80.208 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0fbdde14de3aa39d2b3ef4a34deef57b0a4905a2464f7b257b600bd696e6b6c4

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-meta-cb-modifiedtime: Wed, 01 Apr 2020 19:12:29 GMT
Date: Fri, 25 Sep 2020 14:47:15 GMT
Last-Modified: Wed, 01 Apr 2020 19:17:30 GMT
Server: AmazonS3
x-amz-request-id: 0A6841705497A8AA
ETag: "3908f3e1f2497918401dab39cfb9727b"
x-amz-version-id: 6LuYe03Jb9Jy8U.xUPb4addAqbVIp5tw
Accept-Ranges: bytes
Content-Type: image/svg+xml
Content-Length: 802
x-amz-id-2: IUCzVjos/ACBQTcSpV24Xcj/LJQovdb71WRNWe5tbubxZPLzZ8/Y7Ah8tZf3IhFxI20v6pIblAk=

GET
H/1.1 200
OK 1600689719929_480x270_thumbnail.jpg
cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/ 14 KB
15 KB 139ms
44ms Image
image/jpeg 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/1600689719929_480x270_thumbnail.jpg?wid=0011r00002HG7NL_1462
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: bcdf7b6ec5fe23c3049d66b4a6f1881cb1a6dfbbbd52088c60b4f0b6c538f36d

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Last-Modified: Mon, 21 Sep 2020 12:02:00 GMT
Server: AmazonS3
Age: 43584
x-amz-id-2: xRFRvroJgJT2pGVRAy4c6/Y1ledMJ2fOWHPlLxyF0e6jTmwJg1rK27MDpTjee5AXjO6435bT46o=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 14817
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 34B2A147FFA3BCE4
X-LLID: 006c42a491124714b8b17e7ed7448d3a

GET
H/1.1 200
OK scroll-right.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 645 B
1 KB 164ms
41ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/scroll-right.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 6c73cf3d94d29e498f66facb6891a9be80ef4f5caee6c9b09e6128b167b3c966

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Content-Encoding: gzip
Age: 9780
Connection: keep-alive
Content-Length: 403
x-amz-id-2: b9E5m+qXQcmmebyWu+vwVWHPP4C8fRwcFpjiMc1XXVNtZPiKezwHSgcsXxlbF1jjWeVA5Of5Tpw=
Last-Modified: Thu, 09 Aug 2018 13:37:36 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 44988C07DA3ADAFA
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 16:04:14 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: LWFiUmbBDbZYtKTcsVUC4L21DxkdHU5h
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: e49823eb51496c9e0c60b5e3440157f8
x-amz-meta-s3b-last-modified: 20180710T071342Z

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 133ms
130ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9469&val=0&wnx=0&abc=&ty=pll&v=0&ext=0&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK 1600689719880_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/ 8 KB
8 KB 134ms
45ms Image
image/jpeg 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/1600689719880_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 39cb24159c965e9896b3b1d3ecf5e29e88bdd771bc50a0d3c417d8ce2875236b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Last-Modified: Mon, 21 Sep 2020 12:02:00 GMT
Server: AmazonS3
Age: 57205
x-amz-id-2: XYib8PsIIs7UnD5NYcq2Hr2xsf5A48X1p61zqQ0697kYfKno47gUwC/pj4otwbiFHcn8f1l65C4=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 7769
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 536C03A519970913
X-LLID: 025498b9ef1824fa35917e787364c577

GET
H/1.1 200
OK 1600655131888_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSuesPjHXgLKT6SHgGH/ 12 KB
12 KB 134ms
45ms Image
image/jpeg 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSuesPjHXgLKT6SHgGH/1600655131888_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 8bdab1eac9d2b05029f47b7436dfacc93b2cc5f89f4b8dff900c98c9a0774ebd

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Last-Modified: Mon, 21 Sep 2020 02:25:32 GMT
Server: AmazonS3
Age: 49796
x-amz-id-2: RVYSllo8rn2obwz2BstILzjM50KExbJf/77NN24pHB0mdmVSgdng9n1eH3Hll4leS6q3se0r2HI=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 12300
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: C17DBD3C47A84497
X-LLID: 5beca5d531732df88ec8ac59cea9ff1f

GET
H/1.1 200
OK 1600711422645_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSx1Ykg_m-VE7xV7Na_/ 18 KB
18 KB 361ms
272ms Image
image/jpeg 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSx1Ykg_m-VE7xV7Na_/1600711422645_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 776bc870aebdc54c7bfac7b59b26cd7fd79f7119ba5c14094ef8da5545ce237b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Last-Modified: Mon, 21 Sep 2020 18:03:43 GMT
Server: AmazonS3
x-amz-request-id: 392EFC454FCCDFF3
x-amz-id-2: d5i9W4sba1gSYkfgSHeaBAvD+awVDdPvjNDQuoT1vk02Ry/bHIGhe/oXNBTOCjNgDqnnwov2inM=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18088
X-LLID: d3fbac56e8faaf84238886ae6ad0bda0

GET
H/1.1 200
OK 1600430448089_248x140_thumbnail.jpg
cdn5.anyclip.com/AXShFhuR8FeKAZ26JZ_N/ 7 KB
7 KB 135ms
44ms Image
image/jpeg 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXShFhuR8FeKAZ26JZ_N/1600430448089_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: f00dd1db7de0e8916241284a33f65ff7a044c45ed2a7c1ee969f084cf6b0d63b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Last-Modified: Fri, 18 Sep 2020 12:00:49 GMT
Server: AmazonS3
Age: 93968
x-amz-id-2: ky9iGX+4SF1/xtW6kTQZrLdqIqflDIH/Cl+rg2Pv+tELNUBE5E4bxcCc7uOpidhUzkNJsvu6gB4=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 6938
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: D49A9E5A835BA428
X-LLID: 2c84664c5bc6afb123e7e135791979c1

GET
H/1.1 200
OK 1600859101229_248x140_thumbnail.jpg
cdn5.anyclip.com/AXS6oxpBWFtAUqhf4Fii/ 25 KB
26 KB 181ms
44ms Image
image/jpeg 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXS6oxpBWFtAUqhf4Fii/1600859101229_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 2cecc971cba1f2e7b8891f65ae30fa0fb7dd9972a8342ff3bed23e4ba38cb978

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Last-Modified: Wed, 23 Sep 2020 11:05:02 GMT
Server: AmazonS3
Age: 27855
x-amz-id-2: ltUe3imFGVzPGc6zPTyJ82A05wq4rMjPytHxLoBSRym0k9Iwn1xAS5k4Wkvncy1sF9ODfn2qKBc=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 25901
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 18DFC4C1E5EA8907
X-LLID: 90a173af703ed4e3f2267715e7eb3776

GET
H/1.1 200
OK 1600046742822_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSKN2lyd5xZlIas6-Ym/ 25 KB
25 KB 46ms
44ms Image
image/jpeg 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSKN2lyd5xZlIas6-Ym/1600046742822_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 772f30f80abc4903d2b32118044a9c210abb95bdf422f8e22c9923fe18a1611f

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Last-Modified: Mon, 14 Sep 2020 01:25:43 GMT
Server: AmazonS3
Age: 20891
x-amz-id-2: TrVW/5mlRhTA6OKY4WKtgm4AtnTZCbqM7mq44wp1lH0dJB0Tql1KLIoDBc4q8lvmA6s7tf/el1Q=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 25538
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 0F6DE390C0C06A88
X-LLID: 367f756a40b1776298987ba72a7a0412

GET
H/1.1 200
OK 1600103753256_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSNnSJn0rh-7rkqqyvZ/ 12 KB
12 KB 47ms
45ms Image
image/jpeg 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSNnSJn0rh-7rkqqyvZ/1600103753256_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 6f613a44dbe81266c39e923fbf649e2a37670c6329d52d12f6a3b1c0addf4232

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Last-Modified: Mon, 14 Sep 2020 17:15:54 GMT
Server: AmazonS3
Age: 43584
x-amz-id-2: qkPBNTo/YbVtZrxv3kx02O3TRyL3M7mVXogrqrs9wnRB9lTtawltSW843rUtVwq39YfJoqBd+cI=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 11971
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 19530FCA4F828451
X-LLID: d928bc4520d5c6a48ab0bac5c1c642aa

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 129ms
129ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9491&val=375&wnx=0&abc=&ty=psw&v=0&ext=0&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 129ms
128ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9491&val=211&wnx=0&abc=&ty=psh&v=0&ext=0&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK 1600689646679_subtitles.vtt Show response
cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/ 2 KB
2 KB 130ms
43ms XHR
application/octet-stream 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/1600689646679_subtitles.vtt
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 90dd355c112d81a2acb4e3647df6d4a7cf473b52e46cc8ddb81e950b81330075

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Last-Modified: Mon, 21 Sep 2020 12:00:47 GMT
Server: AmazonS3
Age: 45427
x-amz-id-2: GYHERQlXVDetcFT5OxXPmEgFB405p0qK2YteGzQHR2iDow8v1qbt0kht7jiMwakPQKkmuGRXJZc=
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 1896
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 7B13149E717EC424
X-LLID: a186a5159edf8968d80f21bf6fca2057

GET
H/1.1 200
OK watch.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 364 B
981 B 78ms
38ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/watch.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 67386f7f6c11079518c59fdca44b5a6c5b17f4b8cda8ead4e993f3b2dfda0e5d

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Content-Encoding: gzip
Age: 1889
x-amz-meta-sha256: 67386f7f6c11079518c59fdca44b5a6c5b17f4b8cda8ead4e993f3b2dfda0e5d
Connection: keep-alive
Content-Length: 245
x-amz-id-2: awpXwKBN5K15YJVCN7r4q49vyd7FxR1ED5evbFmjveMNPpvJAT7IPbI8ug7J/p8H6rLrW7I9thg=
Last-Modified: Tue, 04 Aug 2020 10:39:53 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: C0ED9BD01C9D243B
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=14400
x-amz-meta-s3b-last-modified: 20200804T103752Z
x-amz-version-id: jJ7plitpaP9q57Aey2ETnqu6JQKZQWu3
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 8687e489b48c82fa8109114eff003be2
Expires: Fri, 25 Sep 2020 18:15:45 GMT

GET
H/1.1 200
OK like.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 401 B
1023 B 51ms
38ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/like.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 453e9cc6fc295196d8914da9858a388ce58a1dcb9b033aab9037aa2badbbc0d9

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Content-Encoding: gzip
Age: 1892
x-amz-meta-sha256: 453e9cc6fc295196d8914da9858a388ce58a1dcb9b033aab9037aa2badbbc0d9
Connection: keep-alive
Content-Length: 287
x-amz-id-2: G4nyHcFvoFm1g4jbQcVlWxZhYWQLd46sdN5EJGlHDMMQpqEDfOQJXSFcV8Wf9XtRGUIIchNooDw=
Last-Modified: Tue, 04 Aug 2020 10:39:58 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: C7F84F926ED2649F
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=14400
x-amz-meta-s3b-last-modified: 20200804T103803Z
x-amz-version-id: AgMuGLHw2p4hvvpUt5__8K6ZhGhprdTJ
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 231a928a039a78cf8ef043b7b5b898b3
Expires: Fri, 25 Sep 2020 18:15:42 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 129ms
128ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=9501&val=&wnx=1&abc=&ty=pli&v=0&ext=0&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 206
Partial Content 1600689865945_480x270_video.mp4
cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/ 3 MB
0 46ms
45ms Media
video/mp4 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/1600689865945_480x270_video.mp4?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Last-Modified: Mon, 21 Sep 2020 12:04:26 GMT
Server: AmazonS3
Age: 25711
x-amz-id-2: lSiKrKXCsPiH+aVAWFMSlg4mZGRSIl1ySV4b3oa02k5MgT5bbKuLOObxeKMMx2EuDtWUG2TRPfY=
Content-Type: video/mp4
Content-Range: bytes 0-5171122/5171123
Cache-Control: public,max-age=86400
x-amz-request-id: 8ECEB738841F5795
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 5171123
X-LLID: 7f1395c0fc230858ff1aa97a7e9c3164

OPTIONS
H2 200 action
trafficmanager.anyclip.com/trafficmanager/api/videos/video/ Frame 0
0 132ms
131ms Other
text/plain 34.228.106.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trafficmanager.anyclip.com/trafficmanager/api/videos/video/action
Protocol: H2
Server: 34.228.106.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.komando.com
Sec-Fetch-Mode: cors

Response headers

status: 200
date: Fri, 25 Sep 2020 14:47:14 GMT
content-type: text/plain
content-length: 13
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
allow: POST,OPTIONS

POST
H2 200 action
trafficmanager.anyclip.com/trafficmanager/api/videos/video/ 0
0 134ms
134ms Fetch 34.228.106.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trafficmanager.anyclip.com/trafficmanager/api/videos/video/action
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.106.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/no-referrer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

status: 200
date: Fri, 25 Sep 2020 14:47:14 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
access-control-allow-headers: Content-Type
content-length: 0
access-control-allow-methods: GET,POST

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 133ms
128ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=9513&val=&wnx=1&abc=&ty=cla&v=1&ext=1&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 128ms
127ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=9513&val=&wnx=1&abc=&ty=cmp&v=1&ext=1&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK pause.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 758 B
1 KB 71ms
38ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/pause.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: d544eae637d61ee786c0a45bb0a7f250f9280bcd2ea1576655a761f1d397b8df

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Content-Encoding: gzip
Age: 1091
Connection: keep-alive
Content-Length: 426
x-amz-id-2: 9fCWMv5ujJlsj25Q74mKAzStB9+OMU3BnDerPk+AmawjrBqB4x7X1vMRzsp+SonPSLwBvJWTMaE=
Last-Modified: Thu, 09 Aug 2018 13:37:34 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: FD36B69EAE016B14
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 18:29:03 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: COllNS2vUDfTYhxXvQJ57jWZVnnMficH
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 38e173c00a10bac7199dc79e86f95c3a
x-amz-meta-s3b-last-modified: 20180704T113405Z

GET
H/1.1 200
OK volume-off.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 901 B
1 KB 99ms
40ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/volume-off.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 2bf4b5202559dbe01d8188a3adb26d68755a69064f233ef63f284b08efaed6ad

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Content-Encoding: gzip
Age: 1054
Connection: keep-alive
Content-Length: 521
x-amz-id-2: V0dGex4dPSSpC6gDNXvMMHxevLu3MadVMPKKIr0X4B/t6Ll4ZlbyIeHaLkkQwl148jM9TDaMhsk=
Last-Modified: Sun, 12 Aug 2018 11:52:27 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: B4EA300CC808B7F1
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 18:29:40 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: LD1v9d__0LhgJzdvbwPuMTNvxNdup1gK
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 06ec86d5372ba574e453fb4eadaa87df
x-amz-meta-s3b-last-modified: 20180812T115113Z

GET
H/1.1 200
OK cc-hidden.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 909 B
1 KB 97ms
38ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/cc-hidden.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 2391cc30306861b59fcdb16b83a8f427ee342e5f5d6e8299a91d586687e8bef2

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Content-Encoding: gzip
Age: 3486
Connection: keep-alive
Content-Length: 458
x-amz-id-2: S5pbvcZBJCNwS+PddPhewV26PhaEg4PkWfnfqpBFxSBIIFLe8ibaZpxd5WzObSX2KFz36yDDIIk=
Last-Modified: Wed, 13 Nov 2019 11:51:46 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: EFBDEEB50D42AF68
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 17:49:08 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: y.QX4vCTrlpSO9kX_WB6RqB1CKq9apE_
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 2bd122923c2ec00b6c1b5287d3aac6ba
x-amz-meta-s3b-last-modified: 20191113T095137Z

GET
H/1.1 200
OK fullscreen.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 1 KB
1 KB 78ms
38ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/fullscreen.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 0b7b74a139779fba8e1d17d597aa7cbffa27bd33d2b5c43d8039264c2a627412

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Content-Encoding: gzip
Age: 850
Connection: keep-alive
Content-Length: 524
x-amz-id-2: isOXxnkauLsCbh0mrFwmwF6FZFzYYmY4IZQp0nPHRTVDirF1O9ohoPcgT4/F9RxSqyUlSG+vc88=
Last-Modified: Thu, 09 Aug 2018 13:37:33 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 77EA1CBD3650D186
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 18:33:04 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: U03j5muVk7AbvhQemSaiRqevJSRY_Dma
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 479dddcc6dc96c1f93e3047aad8975b6
x-amz-meta-s3b-last-modified: 20180704T113429Z

GET
H/1.1 200
OK next.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 729 B
1 KB 101ms
40ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/next.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 55775baf70d2f1d40bac3a60de82e8e42b7e34687802f73671f25f2f60fdc6d4

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:14 GMT
Content-Encoding: gzip
Age: 1089
Connection: keep-alive
Content-Length: 461
x-amz-id-2: qEIpNH/S3HJjJaFuNnL8QhCSDLZVrY9Cek4mmJQXoKP4yqC6qhJciBk9pkvPRYrZDAAcN7+V1kc=
Last-Modified: Thu, 09 Aug 2018 13:37:34 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: F43D35930CFC9F34
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 18:29:05 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: 9oEyfyolAdum9dgyt9Cw6qZIm50OH1cD
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 52c0c445b2e1de48e99fcd5131dccffe
x-amz-meta-s3b-last-modified: 20180704T113415Z

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://www.komando.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 128ms
128ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=9618&val=ad%3Dhttps%253A%252F%252Fvid.springserve.com%252Fvast%252F587900%253Fima%253D1%2526w%253D375%2526h%253D211%2526url%253Dhttps%25253A%25252F%25252Fwww.komando.com%25252Fsecurity-privacy%25252Flokibot-keylogger-spreading%25252F755764%25252F%2526cb%253D313394599%2526widgetid%253D0011r00002HG7NL_1462%2526lob%253D%2526clipid%253Difmfg53jkzewescym5gewvbwkneucskv%2526key_custom1%253D%255Ew%253D0011r00002HG7NL_1462%255Ec%253Difmfg53jkzewescym5gewvbwkneucskv%255Ei%253D1%255Eab%253D%255Ev%253D1%255Ep%253Dkomandocom%2526key_custom2%253D%255Ed%253Dwww.komando.com%255Eu%253D%255Edv%253D1%255Eco%253DCZ%255Epl%253Da%2526gdpr%253D%2526consent%253D%2526viewability%253D1%2526schain%253D1.0%252C1%2521anyclip.com%252C0011r00002HG7NLAA1%252C1%252C%252C%252C%252C%2526us_privacy%253D%26rqcm%3D1%26m%3D1%26ast%3D-1%26smb%3D1%26sid%3D6EMKdIvAucdw76XumuVtXwKCNtFmz1hq%26imaw%3D0%26amd%3D1&wnx=1&abc=&ty=arq&v=1&ext=1&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a&anx=1&arx=1&crt=0&s=0&aty=vid&tty=ac&rol=mid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H3-Q050 200 loader.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 6DE1 51 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/loader.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff372adc4cf4262bb789e8cd8c4d390bd6f2ff1e99ec9ebb9e3de24cd679ea5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:44:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 23 Sep 2020 23:32:11 GMT
server: sffe
age: 169
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18664
x-xss-protection: 0
expires: Fri, 25 Sep 2020 14:59:26 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 138ms
138ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=10356&val=&wnx=1&abc=&ty=alo&v=1&ext=1&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a&anx=1&arx=1&crt=529&s=0&aty=vid&tty=ac&rol=mid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:15 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK lreprx.js Show response
player.anyclip.com/lreprx/js/v1/src/ Frame 6DE1 37 KB
11 KB 42ms
42ms Script
application/javascript 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://player.anyclip.com/lreprx/js/v1/src/lreprx.js?ad_tag=https%3A%2F%2Fvid.springserve.com%2Fvast%2F587900%3Fima%3D1%26w%3D375%26h%3D211%26url%3Dhttps%253A%252F%252Fwww.komando.com%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26cb%3D313394599%26widgetid%3D0011r00002HG7NL_1462%26lob%3D%26clipid%3Difmfg53jkzewescym5gewvbwkneucskv%26key_custom1%3D%5Ew%3D0011r00002HG7NL_1462%5Ec%3Difmfg53jkzewescym5gewvbwkneucskv%5Ei%3D1%5Eab%3D%5Ev%3D1%5Ep%3Dkomandocom%26key_custom2%3D%5Ed%3Dwww.komando.com%5Eu%3D%5Edv%3D1%5Eco%3DCZ%5Epl%3Da%26gdpr%3D%26consent%3D%26viewability%3D1%26schain%3D1.0%2C1!anyclip.com%2C0011r00002HG7NLAA1%2C1%2C%2C%2C%2C%26us_privacy%3D&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&imaw=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/loader.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 786d190bd0c55665bcf263abf1513e0d3325bffaaa2668910f9ce9dcb7d7d074

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:15 GMT
Content-Encoding: gzip
Age: 105541
Connection: keep-alive
Content-Length: 10788
x-amz-id-2: QeMVAHEVpoqKNmukG8+UqL59ogyjOwa0/aMdeX+mjUBSW44X/bz6uq/YxWfKXfkUi65IIFLMY6Y=
Last-Modified: Sun, 14 Jun 2020 07:48:29 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 7E5CF10AE081986E
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-version-id: uZ98hYWXQewWJy5EjjmUBgYIi4NzLtdR
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: d3d1b0bdcc379a9c3f0c4909dd1f087d
Expires: Thu, 24 Sep 2020 09:29:14 GMT

GET
H/1.1 200
OK 587900 Show response
vid.springserve.com/vast/ Frame 6DE1 3 KB
2 KB 245ms
61ms Fetch
application/xml 34.249.58.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/587900?ima=1&w=375&h=211&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&cb=313394599&widgetid=0011r00002HG7NL_1462&lob=&clipid=ifmfg53jkzewescym5gewvbwkneucskv&key_custom1=^w=0011r00002HG7NL_1462^c=ifmfg53jkzewescym5gewvbwkneucskv^i=1^ab=^v=1^p=komandocom&key_custom2=^d=www.komando.com^u=^dv=1^co=CZ^pl=a&gdpr=&consent=&viewability=1&schain=1.0,1!anyclip.com,0011r00002HG7NLAA1,1,,,,&us_privacy=
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/lreprx/js/v1/src/lreprx.js?ad_tag=https%3A%2F%2Fvid.springserve.com%2Fvast%2F587900%3Fima%3D1%26w%3D375%26h%3D211%26url%3Dhttps%253A%252F%252Fwww.komando.com%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26cb%3D313394599%26widgetid%3D0011r00002HG7NL_1462%26lob%3D%26clipid%3Difmfg53jkzewescym5gewvbwkneucskv%26key_custom1%3D%5Ew%3D0011r00002HG7NL_1462%5Ec%3Difmfg53jkzewescym5gewvbwkneucskv%5Ei%3D1%5Eab%3D%5Ev%3D1%5Ep%3Dkomandocom%26key_custom2%3D%5Ed%3Dwww.komando.com%5Eu%3D%5Edv%3D1%5Eco%3DCZ%5Epl%3Da%26gdpr%3D%26consent%3D%26viewability%3D1%26schain%3D1.0%2C1!anyclip.com%2C0011r00002HG7NLAA1%2C1%2C%2C%2C%2C%26us_privacy%3D&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&imaw=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.58.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-58-234.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 73663ec7cc40e40e979e756d80848a5065bb96c515d20a2cf41e172c14f96029

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/client
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 14:47:15 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1347

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 129ms
129ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=10421&val=1.1.5_147_prod&wnx=1&abc=&ty=xlo&v=1&ext=1&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:15 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET vpaid_429b1d85.js
vpaid.springserve.com/production/ Frame 6DE1 0
0

GET
DATA 200
OK truncated
/ 704 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9444735efef35f26725c4e3cc87b7c77970103af8999e71d427d0dbe0fe85a95

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 204 perf Show response
trc-events.taboola.com/komando/log/3/ 0
424 B 56ms
55ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/komando/log/3/perf?tvi2=2984&route=AM%3AAM%3AV&lti=cta2_var
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200917-13_b19-PR-29690-DEV-71864-write-cta-dynamic-module-as-lazy-module-48e2c536cc3-SNAPSHOT.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 14:47:15 GMT
server: nginx
x-fastly-to-nlb-rtt: 38345
status: 204
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
tbl-x-upstream: 10.40.20.11:10213

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 129ms
128ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=14861&val=1&wnx=0&abc=&ty=crf&v=1&ext=1&ta=1&lnx=0&sid=6EMKdIvAucdw76XumuVtXwKCNtFmz1hq&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 14:47:19 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_429b1d85.js

Verdicts & Comments Add Verdict or Comment

308 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lijit.com/	1970-01-19 21:29:41	Name: ljt_reader Value: 14ce00fe12ed5896372cdfd1
.lijit.com/	1970-01-19 21:29:41	Name: _ljtrtb_49 Value: UCNVwA8fMO73
.adnxs.com/	1970-01-19 14:53:41	Name: uuid2 Value: 7823814188528686151
.lijit.com/	1970-01-19 21:29:41	Name: _ljtrtb_85 Value: AAK3XU6-3AYAAA9mJdyiKw
.media.net/	1970-01-19 21:29:41	Name: visitor-id Value: 2440468261765106000V10
.lijit.com/	1970-01-19 21:29:41	Name: _ljtrtb_87 Value: a8563797-2904-4f54-b938-011b7056c592
.media.net/	1970-01-19 17:10:29	Name: gdpr_status Value: 1
.amazon-adsystem.com/	1970-01-19 17:14:48	Name: ad-id Value: A4BXUYhzUEvhnPsxQC7znaA
.google.com/	1970-01-19 17:07:36	Name: NID Value: 204=UFDjS2ZiYqNvbe0--fdaEuJblXNcbrR9tVJSVOb7xJbjCoRGKoZ_TQ8_K8mCM_40lzz4a6kaA9TE1V_5O3kEfvJrtUNmZG04E5YTLmyhFwTBR9kRfOGmaISi5_YYH7mLcFcjX_6Mdr9P_2jgZELpavPnxHRC4r3-CvLEg_1KALk
.lijit.com/	1970-01-19 21:29:41	Name: ljtrtbexp Value: eJyrVjI0U7IyNDMwMjI1sTAy01EysUTlW5ii8c1R%2BYZGyPxaAJfOEEY%3D
.www.komando.com/	1970-01-19 13:27:17	Name: __cfduid Value: d01824133e2f64e62c73e19ecade7780d1601045224
.youtube.com/	1970-01-19 17:03:17	Name: VISITOR_INFO1_LIVE Value: IcYoAIGDKZQ
www.komando.com/	1970-01-23 06:43:12	Name: k3FormInserters Value: %7B%2215940519701%22%3A%222020-10-02%2014%3A40%3A29%22%2C%22generalExpiration%22%3A%222020-09-28%2014%3A40%3A29%22%7D
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: Zg2t_Ga2p7s
.facebook.com/	1970-01-19 14:53:41	Name: fr Value: 0UMB07A0ja78UonMg..BfbgLp...1.0.BfbgLp.
.adnxs.com/	1970-01-19 14:53:41	Name: icu Value: ChgIodc0EAoYASABKAEw6YW4-wU4AUABSAEQ6YW4-wUYAA..
.komando.com/	1970-01-19 22:08:34	Name: __qca Value: P0-1129707095-1601045226330
.komando.com/	1970-01-19 21:29:41	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Fri+Sep+25+2020+16%3A47%3A05+GMT%2B0200+(Central+European+Summer+Time)&version=6.6.0&hosts=&landingPath=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.amazon-adsystem.com/	1970-01-21 08:42:10	Name: ad-privacy Value: 0
.komando.com/	1970-01-19 14:53:41	Name: _fbp Value: fb.1.1601045225378.55958500
.komando.com/	1970-01-20 06:15:17	Name: __gads Value: ID=6f01b79a3b59e163-227ad607e6b80019:T=1601045226:S=ALNI_Mb08hkriU-AYBNur_3o2jpwBC6QIg
www.komando.com/security-privacy/lokibot-keylogger-spreading/755764	1969-12-31 23:59:59	Name: fsbotchecked Value: true
.komando.com/	1970-01-19 12:44:05	Name: _gat_UA-230639-2 Value: 1
.komando.com/	1970-01-20 06:15:17	Name: _scp Value: 1601045225147.1867366143
.komando.com/	1970-01-20 06:15:17	Name: _ga Value: GA1.2.1333880291.1601045225
.komando.com/	1970-01-19 12:45:31	Name: _gid Value: GA1.2.1376617982.1601045225
www.komando.com/	1970-01-19 12:44:07	Name: fssts Value: false
www.komando.com/	1970-01-26 19:56:05	Name: _fsuid Value: 53b34e62-977b-4e22-8d1d-e3a01ef71001
www.komando.com/	1970-01-23 06:43:12	Name: k3ModalInserters Value: %7B%2215940546631%22%3A%222020-10-02%2014%3A40%3A29%22%2C%22generalExpiration%22%3A%222020-09-28%2014%3A40%3A29%22%7D
.lijit.com/	1970-01-19 21:29:41	Name: ljtrtb Value: eJyrVjKxVLJSCnX2Cyt3tEjz9Tc3VtJRsjAHiiVamJoZm1ua6xpZGpjomqSZmugmWRpb6BoYGiaZG5iaJZtaGinVAgAAFg9Q
www.komando.com/	1970-01-19 12:44:07	Name: _fssid Value: ecf52e1e-4794-4187-9a7d-c00b790b6b2d
www.komando.com/	1970-01-19 21:29:41	Name: trc_cookie_storage Value: taboola%2520global%253Auser-id%3Db512559c-0bae-4153-a7fa-88da3084a7db-tuct667886a
www.komando.com/	1970-01-19 12:44:07	Name: _tb_sess_r Value: https%3A//t.co/qRabxaM6G5
www.komando.com/	1970-01-19 13:27:17	Name: _fsloc Value: ?i=CZ&c=Prague
www.komando.com/	1970-01-19 12:44:07	Name: _tb_t_ppg Value: https%3A//www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
.lijit.com/	1970-01-19 21:29:41	Name: _ljtrtb_16 Value: no-consent
.komando.com/	1970-01-19 12:45:31	Name: _scs Value: 1601045225147.1425628917

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 1) Message: Video gallery initializing
console-api	log	URL: https://sdk.jeeng.com/v3.js(Line 2) Message: %c2020-09-25T14:47:05.110Z %c[INFO] %cJeeng: %cupdateServiceWorker: Force Popup. Stopping. color:DimGrey color:LimeGreen color:Black; font-weight: bold :
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020091601.js(Line 6) Message: Invalid GPT fixed size specification: []
console-api	info	URL: https://a.pub.network/komando-com/pubfig.min.js(Line 1) Message: %cPubfig background: #00C389; color: #fff; border-radius: 3px; padding: 3px pubfig.messaging.js - Init ========== LOADING MESSAGING ==========
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
console-api	log	URL: https://sdk.jeeng.com/v3.js(Line 2) Message: %c2020-09-25T14:47:08.791Z %c[INFO] %cJeeng: %cProfiler: No user visits data to send... Stopping. color:DimGrey color:LimeGreen color:Black; font-weight: bold :
console-api	log	URL: https://sdk.jeeng.com/v3.js(Line 2) Message: %c2020-09-25T14:47:08.791Z %c[INFO] %cJeeng: %cProfiler: No Channels subscriptions yet. Stopping. color:DimGrey color:LimeGreen color:Black; font-weight: bold :
console-api	log	URL: https://sdk.jeeng.com/v3.js(Line 2) Message: %c2020-09-25T14:47:08.792Z %c[INFO] %cJeeng: %cWidgets.browserNotificationModal: No push support. color:DimGrey color:LimeGreen color:Black; font-weight: bold :

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6deaf63485e83e86dc13f33f3b176636.safeframe.googlesyndication.com
a.pub.network
aax-eu.amazon-adsystem.com
accounts.google.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.yieldmo.com
adservice.google.com
adservice.google.de
am-sync.taboola.com
anyclip-player.s3.amazonaws.com
api.pinterest.com
api.stack-sonar.com
apis.google.com
assets.anyclip.com
b1sync.zemanta.com
backend.upapi.net
bh.contextweb.com
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c.pub.network
c1.adform.net
cdn.ampproject.org
cdn.districtm.io
cdn.taboola.com
cdn5.anyclip.com
cds.taboola.com
ce.lijit.com
cm.g.doubleclick.net
config.anyclip.com
connect.facebook.net
cookie-cdn.cookiepro.com
d.pub.network
dmx.districtm.io
dsp.adkernel.com
e1.emxdgt.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-io.videoplayerhub.com
googleads.g.doubleclick.net
graph.facebook.com
hbx.media.net
ib.adnxs.com
imasdk.googleapis.com
lreprx-server.anyclip.com
match.adsrvr.org
match.taboola.com
mrb.upapi.net
pagead2.googlesyndication.com
pixel.anyclip.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.wp.com
platform.twitter.com
player.anyclip.com
px.powerlinks.com
rtb-csync.smartadserver.com
rtb.mfadsrvr.com
rules.quantcount.com
s0.2mdn.net
sb.scorecardresearch.com
script.crazyegg.com
sdk.jeeng.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
ssl.gstatic.com
stags.bluekai.com
static.doubleclick.net
stats.g.doubleclick.net
stats.wp.com
sync-t1.taboola.com
sync.mathtag.com
sync.taboola.com
syndication.twitter.com
t.co
tlx.3lift.com
tpc.googlesyndication.com
trafficmanager.anyclip.com
trc-events.taboola.com
trc.taboola.com
users.api.jeeng.com
vid.springserve.com
vpaid.springserve.com
web.hb.ad.cpe.dotomi.com
widget-modal-popup-v2-prod.firebaseapp.com
widget.perfectmarket.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.komando.com
www.stack-sonar.com
www.storygize.net
www.youtube.com
x.bidswitch.net
vpaid.springserve.com
104.111.230.142
104.16.68.69
104.244.42.69
104.244.42.72
130.211.23.194
141.226.224.32
141.226.228.48
151.101.1.195
151.101.113.108
151.101.113.181
151.101.113.44
151.101.13.44
172.217.16.162
174.137.133.49
178.79.227.9
178.79.242.139
18.195.155.181
18.197.167.179
184.30.210.81
185.29.133.199
185.64.190.80
185.86.137.110
192.0.76.3
192.132.33.46
198.148.27.139
2.18.68.31
2.19.34.195
216.52.2.19
216.58.206.2
216.58.208.38
23.210.248.189
2600:9000:206e:d400:6:44e3:f8c0:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::681a:246
2606:4700:20::ac43:443c
2606:4700:20::ac43:464d
2606:4700:20::ac43:4acf
2606:4700::6812:678
2606:4700::6812:a860
2606:4700::6813:9308
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:800::2003
2a00:1450:4001:800::200e
2a00:1450:4001:802::2001
2a00:1450:4001:802::200e
2a00:1450:4001:80b::200a
2a00:1450:4001:816::2006
2a00:1450:4001:817::2001
2a00:1450:4001:818::2002
2a00:1450:4001:818::2003
2a00:1450:4001:818::200a
2a00:1450:4001:819::2004
2a00:1450:4001:81a::2008
2a00:1450:4001:81b::2003
2a00:1450:4001:81c::2006
2a00:1450:4001:81e::2001
2a00:1450:4001:820::200e
2a00:1450:4001:821::200d
2a00:1450:4001:824::2002
2a00:1450:4001:824::2004
2a00:1450:4001:825::2002
2a00:1450:4001:825::2003
2a00:1450:400c:c0c::9c
2a02:26f0:6c00::210:bb43
2a02:fa8:8806:13::1460
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f02d:e:face:b00c:0:2
2a03:2880:f12d:83:face:b00c:0:25de
3.120.51.72
34.195.35.40
34.204.157.1
34.228.106.195
34.249.135.160
34.249.58.234
35.158.9.168
35.188.71.214
35.226.36.58
37.157.4.23
37.252.173.27
40.113.136.100
52.216.80.208
52.28.154.93
52.58.4.208
52.72.80.38
52.95.124.170
54.190.100.128
54.76.222.161
69.173.144.139
69.173.144.141
70.42.32.63
99.86.240.180
99.86.243.62
02a2079808b1d062ff16a7d19627e9ee4a94f989aa879d9f81333364fa5a8ea0
02dff311505ad8415a644560e02c12306cffdb991f6f9475a384959f9b031d37
02fec5849f8ab7bceb4450d167f382e9079bd3a5d0f33a00942869641811ab3a
0358fdd4584557323d22352335dda6824cbb326920c16d5036067dbfed267292
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
092f3201317b7ef608f6a899d395d36cffcca4d6824f00bc50120e84341c76f2
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
0b7b74a139779fba8e1d17d597aa7cbffa27bd33d2b5c43d8039264c2a627412
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fbdde14de3aa39d2b3ef4a34deef57b0a4905a2464f7b257b600bd696e6b6c4
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
126b0db475dac8550795ad28030ebfacde3d381588872e38c9828dc9458e3292
12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e
1301a4fd823a6b23ec99783585c7d947d18c86a10cd7257b21e1c13ed4a4642a
13553abbe7402dd8026d333399456a89b427c236c31d3aa84d455215e74257dc
1632e13bb4b75973ab4e1ae7b45ebbcf3aae9dc050a24048d6875d6e3a466088
167eefa83e1aa1374767855f64054dde21c967fc23cd0dfe4217aaa4cb02a7db
1b6863771c330f7b6a857dbfee3959d8e8c61c0e34f1e9ba5f6f38268d05573d
1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47
209c5a3d5663e93da5f73f50923b757791f11078e28ec10f6138d65d9b00b1a9
21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41
232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45
2391cc30306861b59fcdb16b83a8f427ee342e5f5d6e8299a91d586687e8bef2
29468b66389df59555ae33050768a903311d689837e6aa6e8e33511869282b93
2ada70caed6a7e67d4c10a6de4c07c7863d48d6819c700c39d6b24234d9b4f0b
2bd278e98ed3d2e4bf4e7afc91e6f519860d3eeaf9ba4d918d11637bda22eaf6
2bf4b5202559dbe01d8188a3adb26d68755a69064f233ef63f284b08efaed6ad
2cecc971cba1f2e7b8891f65ae30fa0fb7dd9972a8342ff3bed23e4ba38cb978
2f97f0b5a1d96121848e4281cb62c032c59da56b68b873167e03b2c44c2b7a81
2fb500f34c1e92bea56bab8e0e5ccd68f794b9a514e5302a2f7e07723938d91b
34f437e51b58eab1c30921d462306b968e6212c6efe5f6df9bbd2f719449bc6b
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
381ac7658bb5b6e6190b63502a0260462bcd9e6ecaa0e1e732bc6099b40bbf39
394ee880685b17bc2c3e8a5a628c4ddce428531b165836c0b5717c71d76faeb7
396197a350c5f917f454cb764fa31f624d64f8fbac73445c4d2862bad7ca22bf
39cb24159c965e9896b3b1d3ecf5e29e88bdd771bc50a0d3c417d8ce2875236b
3a42f56cf05504bef889040572a6ac7c53ae944e6d95eeab0323ffd69ef8f8e3
3be81ab15cc2905d3ef54418cd0fa664e85d19c4a5550e28b071a39bd1316070
3c79dc3a4d62f6fcbbd2bbae85ab5956c3088eec4d06a6317ae5c0346807d51e
3cc9389c9cfdbc0fb7c282c3026c3cd9c11894913f4cf60cf9d1140a1415ad0a
3d5535fc993e2a02b5523add7738f08a15fabac527da55db4834d64603e97e83
3dacca5a57f24880dc26f2b9538d55d7688417e82d30cf21253c7c75f780afbd
3dd816afb0837912182ae4135c970615b91ce0af138a385d69ee8115690798bb
403bfa21e733c139da9d7d87c48fa0ebbed91514fbbadf34cbc455294a004389
453e9cc6fc295196d8914da9858a388ce58a1dcb9b033aab9037aa2badbbc0d9
45fbc6c05dc98ede6c39981e157a346b0a120d7705cf6bc9b1dd971a6e4faf02
460cfd89e017dfe6bb1e17a20833c0f144e3896a2923ea88da68862ab8a68fd9
46fe925aebeb82c977cf241c08c4708f57641674f6f4065796cc4b454649b6ae
49a3bdbf69279eee7040e5bb90d869df196f5ea2fb9a4ef6a9fe80c72dff8a59
49ddcc778de9283a8d54134e28b366b39c95e754cab856a5473f591222bb24de
4b8e8b6c26d7b34cc48b04df5633f14745f22c06826c70ac7e5f3a226bfcb869
4da0cfe7279f36691206db9bab178c333419282ddf72aff956b8408e4319471f
51885f3f46c7317c00dc6b36ae543d48f1b3d1c3768381c9f7c8fb47e38214f1
5216fcdc6d278ba8cce42f910754b33365608bcba89401423816cc2b7b28f161
521ceb171869c1862404b31bd4768200aa4c5a1cb53ab27bb8e9d4e08a424a32
52d1fa8a9ebff6670209bdaf47bafa374eb128a7c83a73d372f5538fbaa2e6e1
5416bb3c019c4a5687c50ecb53535f402e8baaa3d24812d662e8d9cbd2a9d69b
55775baf70d2f1d40bac3a60de82e8e42b7e34687802f73671f25f2f60fdc6d4
55e35a1415438685f71fe809dfb0e94ff9d3b994dd8d8ae8f7206bb878d59a84
56b862dba246ca1a60fc4fa53e23580c28e9af62734f30451f9f138805eb8c8f
59287deead23ff71ce08f07896e2fb703503b6b218992254ef7529cfa67c70d6
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5e7bc8baff05453b58bdd1f86b27cf11f303992876b1269b3e8cddab2b8948e9
5fefa6bc00a2fca4d3ca705862d42dfdbb8f69124b2f0cc0896d3c7c2c05890a
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
61fbc34f91d8af09b7d8434e27d4f7f12fdfae8311d2d26d0eea187ad16c4dd6
62c1de725ef9c7f25dde6c3a6a0d6f63a08fa178a301cc6ae49535f410af1c4f
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
633aeda2d57927567b195da28166cf7d5a619539c2a3dc4793a88d62ea9bbe25
67386f7f6c11079518c59fdca44b5a6c5b17f4b8cda8ead4e993f3b2dfda0e5d
68665f0f6c246a75047c559aacb273bc8ad154cf7f448fdb051e7b5a5999c302
6883ce59605b04b6c6782ba17cb02dae671c9228e429ced6c1ab1171a38e12a1
6a85bdd389762c5c321e6f3e5b6ce160e1a0c529e15e078827101c826dad81b6
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c73cf3d94d29e498f66facb6891a9be80ef4f5caee6c9b09e6128b167b3c966
6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1
6f613a44dbe81266c39e923fbf649e2a37670c6329d52d12f6a3b1c0addf4232
6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002
71eefc84aabccebf4efe3dc19237f38d8645202d927b68f33dbdc16e6c06e0a1
726b12550533b454dbb967e74cf90cc6c76862cf3a82818b4caf084f5454e361
73663ec7cc40e40e979e756d80848a5065bb96c515d20a2cf41e172c14f96029
75f09c10bc7e746f5dd81f4b7c6c0a41c61977e622d0c92c946362e4cc279d72
76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897
76acf8c85fbf30f66baaf8a77b45a8c55239360611284cbd426bafeaf12806ba
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
772f30f80abc4903d2b32118044a9c210abb95bdf422f8e22c9923fe18a1611f
776bc870aebdc54c7bfac7b59b26cd7fd79f7119ba5c14094ef8da5545ce237b
777a900b48ed2b99b8a4ba93c8a314ee3caeba5ab77e866c8e5ef494f188c1f9
786d190bd0c55665bcf263abf1513e0d3325bffaaa2668910f9ce9dcb7d7d074
792611074295953bb82efd698f368e63f292c39eabc04493978d3da793fd6a5c
7f3f58c2fd4529fffc91067658a9689ffc59257d6e329de3f156539fdc9d44c3
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8265c3ffbaeaa2e41134a2e567043ed5850e05247a8130a4650c20cb24402de9
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8545e4ac13ffdd710cf8d0922c6a80ae3cc7ece72eb330133f46757814c4c5be
89ae0e0b8cb01acdf0f3a97193fd457b39860813f90680fa148971baa0bd91ef
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b88ddfa92e4cb2646d5c7e19274939caa3495dcb33c307f1bbaec31b1d9691a
8bdab1eac9d2b05029f47b7436dfacc93b2cc5f89f4b8dff900c98c9a0774ebd
8ca3326327fd5217cf2b21abc357a69adbf59d0ae7590860d35d5be7c5b2b58d
90dd355c112d81a2acb4e3647df6d4a7cf473b52e46cc8ddb81e950b81330075
91627b8a03a108068da8e957a08af995912335ac17f1b4530870b310ad8caf68
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9444735efef35f26725c4e3cc87b7c77970103af8999e71d427d0dbe0fe85a95
96ed609b415be6ee67eadb8d2de7ce64d13de9c928bce8e1373bec97e233e74c
984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4
993dd9c705fd43f0ae68f0f6bd7dd6e40e1120a16327b21339f5da90bc238c28
9af6550ca2c42a37009bae2158dca11ca60287039f406a7cc4b6b1df1185ecfd
a05b6b902fc0110a35204d05a8360b0fcff6bf23859f7fca952444bf6184b248
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
a981bef86d746674a68718b4ea57eb04f1095f62ce2d1f4bda736a73d456e6fe
a9face165b5af8cc8cd1aef61858dc946c4296ee34ef63790747394d4f25c38b
ac4f45c63e7192b1c9fb64be19be7a03084e16dc33b4dcfedabb44cb390c25a2
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae407e415a45b6c720d8d61fef8c28756883d0f546a64e7a2969d6174c669951
aeb08680a67ab108b80d0d5eca97457046c90c4d885d817aac059ed5b47b5fbc
aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b467fa0e89f2d2a1d13af1205994f32f9ece948559b32f966e719edcf8c90c44
b58c11dac0fae1d40040bda04c6d4d8d5ba9f2cde7a53568f0741c973b301abb
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b7db90d988f2d569ee665c1666e383f3ccb226e4532320946bb42d09702c6ed8
b94c0c588c960ee9b1b4fdc774c776f770059745e5219ecc28c1cbe5f633ba84
baccc36f4643b5739459f6075bbe88ef37d443e9c6a87e7b9f5c617774732094
bb77911d951f4a4727a07cb7cfb8236218a17581c729c52686c5c21b2d7edd60
bcdf7b6ec5fe23c3049d66b4a6f1881cb1a6dfbbbd52088c60b4f0b6c538f36d
bdc6f35981582b0bb0423b70243eac10776c99215aaa26dede1b002555215e99
bf8a3d71354828a837da5f234fdeab608b2e535b11b4851e89d75b1686686635
c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374
cb4bfa8d3dd2fcd7fb508d8991e6ecde201b8f8fca49f130584b9cfc11445083
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d247ec7bcf9f52fcd857500ab9ee7dabbb36784e92d8f3cd1feb567b914cdb86
d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31
d3838febe02ee1538a1336ac01f452a6fe7682106cd21b46cda9c40092c8e3aa
d544eae637d61ee786c0a45bb0a7f250f9280bcd2ea1576655a761f1d397b8df
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d9417079952dbe5d1b1bc0bf209d04bcf97459ce3c271837b4d9c45a48e3ecfa
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
da3e524928bcca821af2551eb6f9e9ae2449ceb48642cce4f2dae23383098537
db03313b117d5687f500d3a57cf5a279c0e9c92cf8b2182b5ec74257257537c3
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd98b5d85e778d1de4a79ed200de88f6af81234db54d4671213bb3106e221cd7
dd9bcbab811ce6e61d6bf392bf33663b945108ce5536b983ea8b5aa2cf875171
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dec2e854df79e4357c644c86cadc33cffe2deb609ae07c5e35352ec56034f614
e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a66d01f6e756434873901b4c7c7fd74d0a2c08710e8e2bec2113f97dcff2d6
e4cf21977fe9d77ad54283c5762abe817fe7ee152cb5ce4aa967d6627d899143
e9e40f737e08ad5b6c7ec3d3ee2232ce91f00b1f4f753c79f5e8e4f74c1c4a60
eb744b621e8b353c5c4b5cc39f2a7b06855a02634992cbcc0ec6ac30cee45b77
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f00dd1db7de0e8916241284a33f65ff7a044c45ed2a7c1ee969f084cf6b0d63b
f0b5290ffd7ebefe5bb9d7cde55f244efb5076db25b9b2a85b9d1b14f7972d25
f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
ff372adc4cf4262bb789e8cd8c4d390bd6f2ff1e99ec9ebb9e3de24cd679ea5d

www.komando.com Open in urlscan Pro 2606:4700::6812:a860 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

313 Requests

99 %HTTPS

40 %IPv6

61 Domains

103 Subdomains

83 IPs

11 Countries

3803 kBTransfer

14405 kBSize

37 Cookies

36 Outgoing links

Page URL History

Redirected requests

313 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 19 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.komando.com Open in urlscan Pro
2606:4700::6812:a860 Public Scan

Screenshot
Live screenshot

Full Image

313
Requests

99 %
HTTPS

40 %
IPv6

61
Domains

103
Subdomains

83
IPs

11
Countries

3803 kB
Transfer

14405 kB
Size

37
Cookies

313 HTTP transactions
19 data transactions