www.scmagazine.com Open in urlscan Pro
34.197.250.24 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-m...
Submission: On December 11 via api (December 11th 2019, 5:17:34 pm UTC) from US

Summary HTTP 144 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 45 IPs in 6 countries across 29 domains to perform 144 HTTP transactions. The main IP is 34.197.250.24, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is www.scmagazine.com.
TLS certificate: Issued by RapidSSL RSA CA 2018 on September 5th 2019. Valid for: a year.

This is the only time www.scmagazine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
24	34.197.250.24 34.197.250.24	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
6	204.180.130.159 204.180.130.159	53866 (QTS-AS) (QTS-AS - Omeda Communications)
2	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
7	2a00:1450:400... 2a00:1450:4001:81f::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
6	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:215... 2600:9000:2156:200:a:1779:3180:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	52.216.229.125 52.216.229.125	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 6	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
12	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700:20:... 2606:4700:20::681a:216	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	18.213.112.55 18.213.112.55	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
5	2600:1f14:e96... 2600:1f14:e96:5800:e0d8:bc5:3e87:8b93	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a02:26f0:10c... 2a02:26f0:10c:382::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:205... 2600:9000:2057:5400:18:1fcd:349:ca21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.35.255.55 13.35.255.55	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 9	52.215.103.126 52.215.103.126	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	54.225.66.14 54.225.66.14	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
12	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2a05:f500:10:... 2a05:f500:10:101::b93f:9101	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
2	54.86.129.194 54.86.129.194	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2606:4700:20:... 2606:4700:20::681a:e77	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2 2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE - Google LLC)
2 5	2a00:1450:400... 2a00:1450:4001:825::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	3.220.21.104 3.220.21.104	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
4	52.207.57.113 52.207.57.113	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	13.35.253.80 13.35.253.80	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	23.5.109.152 23.5.109.152	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2 2	35.190.72.21 35.190.72.21	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2 2	34.246.62.42 34.246.62.42	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 3	3.121.27.153 3.121.27.153	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 8	2600:1f14:e96... 2600:1f14:e96:5802:2aa4:86a:63f0:9119	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2	204.180.130.165 204.180.130.165	53866 (QTS-AS) (QTS-AS - Omeda Communications)
1	2a00:1450:400... 2a00:1450:4001:825::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	54.76.88.219 54.76.88.219	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	34.233.152.160 34.233.152.160	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	54.202.25.105 54.202.25.105	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	99.81.228.121 99.81.228.121	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:818::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1 4	2600:1f14:e96... 2600:1f14:e96:5802:64ac:ae38:36cf:1070	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.34.71.117 52.34.71.117	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 4	2600:1f14:e96... 2600:1f14:e96:5800:aa3a:a4e5:2870:6291	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	54.191.156.221 54.191.156.221	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 4	2600:1f14:e96... 2600:1f14:e96:5800:2ca5:1e0e:5cdc:3384	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	34.210.175.135 34.210.175.135	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
144	45

24 34.197.250.24 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-197-250-24.compute-1.amazonaws.com

www.scmagazine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 204.180.130.159 (Chicago, United States)

ASN53866 (QTS-AS - Omeda Communications, US)
PTR: my.omedastaging.com

olytics.omeda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:81f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:200:a:1779:3180:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

content.maropost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.216.229.125 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.217.23.98 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s45-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:216 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

c.lytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.213.112.55 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-213-112-55.compute-1.amazonaws.com

accounts.haymarketmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1f14:e96:5800:e0d8:bc5:3e87:8b93 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

api.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:382::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:5400:18:1fcd:349:ca21 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.255.55 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-255-55.fra6.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 52.215.103.126 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.225.66.14 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-225-66-14.compute-1.amazonaws.com

sample-api-v2.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9101 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.86.129.194 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-86-129-194.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:e77 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.feathr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:825::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.220.21.104 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-220-21-104.compute-1.amazonaws.com

in.ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.207.57.113 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-207-57-113.compute-1.amazonaws.com

polo.feathr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.80 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-80.fra6.r.cloudfront.net

marco.feathr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.5.109.152 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-5-109-152.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.72.21 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 21.72.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.201 (Ascension Island) 2 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.246.62.42 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-246-62-42.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.121.27.153 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-121-27-153.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1f14:e96:5802:2aa4:86a:63f0:9119 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

api-54-202-25-105.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.180.130.165 (Chicago, United States)

ASN53866 (QTS-AS - Omeda Communications, US)

oqs.omeda.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.88.219 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-76-88-219.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.233.152.160 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-233-152-160.compute-1.amazonaws.com

polo-v1.feathr.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.202.25.105 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-202-25-105.us-west-2.compute.amazonaws.com

api-54-202-25-105.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.81.228.121 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-99-81-228-121.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:818::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1f14:e96:5802:64ac:ae38:36cf:1070 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

api-52-34-71-117.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.34.71.117 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-34-71-117.us-west-2.compute.amazonaws.com

api-52-34-71-117.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1f14:e96:5800:aa3a:a4e5:2870:6291 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

api-54-191-156-221.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.191.156.221 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-191-156-221.us-west-2.compute.amazonaws.com

api-54-191-156-221.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1f14:e96:5800:2ca5:1e0e:5cdc:3384 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

api-34-210-175-135.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.210.175.135 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-210-175-135.us-west-2.compute.amazonaws.com

api-34-210-175-135.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	b2c.com 5 redirects api.b2c.com api-54-202-25-105.b2c.com api-52-34-71-117.b2c.com api-54-191-156-221.b2c.com api-34-210-175-135.b2c.com	33 KB
24	scmagazine.com www.scmagazine.com	263 KB
15	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	340 KB
14	doubleclick.net 2 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net	109 KB
10	ml314.com 2 redirects ml314.com in.ml314.com	17 KB
8	omeda.com olytics.omeda.com oqs.omeda.com	260 KB
7	feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co polo-v1.feathr.co	37 KB
7	googletagservices.com www.googletagservices.com	159 KB
6	google.com 2 redirects adservice.google.com www.google.com	531 B
6	google-analytics.com 2 redirects www.google-analytics.com	40 KB
6	googletagmanager.com www.googletagmanager.com	30 KB
4	adsrvr.org 2 redirects js.adsrvr.org match.adsrvr.org insight.adsrvr.org	3 KB
3	eyeota.net 2 redirects ps.eyeota.net	964 B
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	1 KB
3	gstatic.com fonts.gstatic.com	42 KB
3	google.de adservice.google.de www.google.de	389 B
3	amazonaws.com s3.amazonaws.com	2 MB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1 KB
2	mathtag.com 2 redirects pixel.mathtag.com	1 KB
2	rlcdn.com 2 redirects idsync.rlcdn.com	847 B
2	chartbeat.net ping.chartbeat.net	336 B
2	crazyegg.com script.crazyegg.com sample-api-v2.crazyegg.com	36 KB
2	googleapis.com fonts.googleapis.com	976 B
1	bluekai.com 1 redirects tags.bluekai.com	856 B
1	chartbeat.com static.chartbeat.com	14 KB
1	licdn.com snap.licdn.com	2 KB
1	haymarketmedia.com accounts.haymarketmedia.com	445 B
1	lytics.io c.lytics.io	220 B
1	maropost.com content.maropost.com	3 KB
144	29

	Domain	Requested by
24	www.scmagazine.com	www.scmagazine.com
12	tpc.googlesyndication.com	securepubads.g.doubleclick.net
12	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.scmagazine.com
10	api-54-202-25-105.b2c.com	2 redirects www.scmagazine.com
9	ml314.com	2 redirects www.scmagazine.com ml314.com
7	www.googletagservices.com	www.scmagazine.com olytics.omeda.com securepubads.g.doubleclick.net
6	www.google-analytics.com	2 redirects www.googletagmanager.com www.google-analytics.com
6	www.googletagmanager.com	www.scmagazine.com
6	olytics.omeda.com	www.scmagazine.com olytics.omeda.com
5	api-34-210-175-135.b2c.com	1 redirects www.scmagazine.com
5	api-54-191-156-221.b2c.com	1 redirects www.scmagazine.com
5	api-52-34-71-117.b2c.com	1 redirects www.scmagazine.com
5	www.google.com	2 redirects securepubads.g.doubleclick.net
5	api.b2c.com	www.googletagmanager.com securepubads.g.doubleclick.net
4	polo.feathr.co	cdn.feathr.co www.scmagazine.com
3	pagead2.googlesyndication.com	olytics.omeda.com
3	ps.eyeota.net	2 redirects www.scmagazine.com
3	fonts.gstatic.com	www.scmagazine.com
3	s3.amazonaws.com	www.scmagazine.com
2	match.adsrvr.org	2 redirects
2	oqs.omeda.com	olytics.omeda.com www.scmagazine.com
2	sync.crwdcntrl.net	2 redirects
2	pixel.mathtag.com	2 redirects
2	idsync.rlcdn.com	2 redirects
2	www.google.de	www.scmagazine.com
2	stats.g.doubleclick.net	2 redirects
2	ping.chartbeat.net	www.scmagazine.com
2	px.ads.linkedin.com	1 redirects www.scmagazine.com
2	fonts.googleapis.com	www.scmagazine.com
1	insight.adsrvr.org	js.adsrvr.org
1	polo-v1.feathr.co	www.scmagazine.com
1	tags.bluekai.com	1 redirects
1	marco.feathr.co	www.scmagazine.com
1	in.ml314.com	ml314.com
1	cdn.feathr.co	www.scmagazine.com
1	www.linkedin.com	1 redirects
1	sample-api-v2.crazyegg.com	script.crazyegg.com
1	js.adsrvr.org	www.googletagmanager.com
1	static.chartbeat.com	www.scmagazine.com
1	snap.licdn.com	www.scmagazine.com
1	accounts.haymarketmedia.com	www.scmagazine.com
1	c.lytics.io	www.scmagazine.com
1	adservice.google.com	www.googletagservices.com
1	adservice.google.de	www.googletagservices.com
1	script.crazyegg.com	www.googletagmanager.com
1	content.maropost.com	www.scmagazine.com
144	46

This site contains links to these domains. Also see Links.

Domain
scawardsus.com
resourcelibrary.scmagazine.com
www.scmagazineuk.com
twitter.com
www.facebook.com
www.linkedin.com
reddit.com
promon.co
blog.lookout.com
www.usenix.org
www.youtube.com
subscribe.haymarketmedia.com
risksecconference.com
haymarketmediaus.com

Subject Issuer	Validity	Valid
*.scmagazine.com RapidSSL RSA CA 2018	`2019-09-05` - `2020-09-04`	a year	crt.sh
*.omeda.com SSL.com RSA SSL subCA	`2019-10-29` - `2020-08-28`	10 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
*.maropost.com Go Daddy Secure Certificate Authority - G2	`2019-06-10` - `2021-08-09`	2 years	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2019-11-09` - `2020-12-02`	a year	crt.sh
ssl945600.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-08-20` - `2020-02-26`	6 months	crt.sh
*.google.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-10` - `2020-10-09`	a year	crt.sh
accounts.haymarketmedia.com Amazon	`2019-09-28` - `2020-10-28`	a year	crt.sh
*.b2c.com Amazon	`2019-03-24` - `2020-04-24`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.chartbeat.com Gandi Standard SSL CA 2	`2019-04-10` - `2020-04-10`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.ml314.com Amazon	`2019-03-16` - `2020-04-16`	a year	crt.sh
*.crazyegg.com DigiCert SHA2 Secure Server CA	`2018-06-08` - `2020-08-05`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2018-12-20` - `2020-01-01`	a year	crt.sh
www.google.de GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
polo.feathr.co Let's Encrypt Authority X3	`2019-10-16` - `2020-01-14`	3 months	crt.sh
marco.feathr.co Amazon	`2019-09-20` - `2020-10-20`	a year	crt.sh
*.eyeota.net Let's Encrypt Authority X3	`2019-12-02` - `2020-03-01`	3 months	crt.sh
polo-v1.feathr.co Let's Encrypt Authority X3	`2019-10-16` - `2020-01-14`	3 months	crt.sh
www.google.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Frame ID: F8524F65AC7FE0DF0950A6820B62105A
Requests: 99 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=znpsh7f&ref=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&upid=e4qkh98&upv=1.1.0
Frame ID: 020262D45C66760B45E3EFD5B2350FF8
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/error_handler.js
Frame ID: F7EE7E6FAAFA4428CBD72A38DCF6A8F8
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/error_handler.js
Frame ID: 2802FECA9F2B103C3334C49D4D05B9E4
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/error_handler.js
Frame ID: C28421A75781653F957F4B3C587A7E3E
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsunTVxro4BXNExQKGmqKHpLGVPvI7RXx1eOYPh9i-OoK3Q-MqdFEbA5E3YiImtuhWtWazae4_zU0Z8GlHcfk3gedaMT_bjaRsRqBlPh3mOS2qBTFeMp949duTfugKnHM8rn9OA6k1aA-5R3WIZ8YJe88pyMLhX6RwiKlSEyIGp3uZnMzxu73SrKUzlWRkeIe5g5u2Pn_SGTvy3CwZTP-zPkY2XgcS4sq7sDj4lpSd6jGgIKqnP7RDVESFMrgDZuIypRtndHe4_s6hMRNrOYRihrhtiHn7_eOAIly_E&sai=AMfl-YTSrJB-0_6BL1DrlVqrBNDNUU7XiNihKFm5Lt5EO6lqKeW6bWF5c6xEDqzFsiKhv2p1a67qqRVWZ8gDf2jLg5nT2-bzIv9qwJAkCnwN&sig=Cg0ArKJSzOsEEjU7ZvJdEAE&adurl=
Frame ID: 7884C2C328994F4420CEC000C8944A5C
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /chartbeat\.js/i

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /script\.crazyegg\.com\/pages\/scripts\/\d+\/\d+\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
html //i

Page Statistics

144
Requests

100 %
HTTPS

51 %
IPv6

29
Domains

46
Subdomains

45
IPs

6
Countries

2941 kB
Transfer

4498 kB
Size

14
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://scawardsus.com/
Title: SC Awards 2020

Search URL Search Domain Scan URL

URL: https://resourcelibrary.scmagazine.com/
Title: Resource Library

Search URL Search Domain Scan URL

URL: https://www.scmagazineuk.com/
Title: SC UK

Search URL Search Domain Scan URL

URL: https://twitter.com/bbb1216bbb
Title: Follow @bbb1216bbb

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/&text=Exploited%20Android%20flaw%20%E2%80%98StrandHogg%E2%80%99%20enables%20phishing%20overlays,%20malicious%20permissions
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Title: Share on LinkedIn

Search URL Search Domain Scan URL

URL: http://reddit.com/submit?url=https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/&title=Exploited%20Android%20flaw%20%E2%80%98StrandHogg%E2%80%99%20enables%20phishing%20overlays,%20malicious%20permissions
Title: Share on Reddit

Search URL Search Domain Scan URL

URL: https://promon.co/security-news/strandhogg/
Title: blog post

Search URL Search Domain Scan URL

URL: https://blog.lookout.com/strandhogg-vulnerability-allows-attackers-to-circumvent-android-os-safeguards
Title: revealed 36 malicious apps

Search URL Search Domain Scan URL

URL: https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-ren-chuangang.pdf
Title: report

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SCMag/
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/scmagazine
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/scmediaus/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SCMagazineUS
Title:

Search URL Search Domain Scan URL

URL: https://subscribe.haymarketmedia.com/sub/?p=SCM&f=new
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://risksecconference.com/
Title: RiskSec Conference

Search URL Search Domain Scan URL

URL: https://haymarketmediaus.com/haymarket-media-business-privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://haymarketmediaus.com/haymarket-medical-business-terms-conditions/
Title: Terms & Conditions

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&time=1576084628286 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68780%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity-news%252Fvulnerabilities%252Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%252F%26time%3D1576084628286%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&time=1576084628286&liSync=true

Request Chain 59

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=95788104&t=pageview&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&ul=en-us&de=UTF-8&dt=Exploited%20Android%20flaw%20%27StrandHogg%27%20allows%20phishing%2C%20malicious%20permissions&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGDAAAADQ~&jid=430952031&gjid=1164310341&cid=632344882.1576084628&tid=UA-1290429-10&_gid=67760927.1576084628&_r=1&gtm=2wgav9W475TQW&cd1=101158%3A0&cd2=cybercrime%2Cexploit%2Cmalware%2Cmobile%20security%2Cphishing%2Cvulnerabilities&cd3=&cd4=88&cd5=post&cd6=&cd7=home&cd8=security%20news&cd9=vulnerabilities&cd10=exploited%20android%20flaw%20%26%238216%3Bstrandhogg%26%238217%3B%20enables%20phishing%20overlays%2C%20malicious%20permissions&cd11=omn&cd12=76&cd14=false&cd15=&cd16=false&cd17=&cd18=0&cd19=&cd31=&cd32=&cd33=&cd34=Bradley%20Barth&cd35=News&cd36=&cd37=undefined&cd38=undefined&cd39=undefined&cd40=&cd41=&cd42=&cd43=&cd46=&cd48=&cd50=&cd55=&cd56=11&cd57=&cd58=&cd61=false&cd62=2019-12-02&cd63=520&cd67=undef&cd70=false&cd77=GA1.2.632344882.1576084628&z=1700633390 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1290429-10&cid=632344882.1576084628&jid=430952031&_gid=67760927.1576084628&gjid=1164310341&_v=j79&z=1700633390 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=632344882.1576084628&jid=430952031&_v=j79&z=1700633390 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=632344882.1576084628&jid=430952031&_v=j79&z=1700633390&slf_rd=1&random=3798106394

Request Chain 64

https://tags.bluekai.com/site/20486?limit=0&id=3606676836315562029&redir=https://ml314.com/csync.ashx%3Ffp=$_BK_UUID%26person_id=3606676836315562029%26eid=50056 HTTP 302
https://ml314.com/csync.ashx?fp=AvwyJx9999Yu5wa5&person_id=3606676836315562029&eid=50056

Request Chain 65

https://idsync.rlcdn.com/395886.gif?partner_uid=3606676836315562029 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYwNjY3NjgzNjMxNTU2MjAyORAAGg0IlMnE7wUSBQjoBxAAQgBKAA HTTP 307
https://ml314.com/csync.ashx?fp=02c6ffe1ff77154c82fa3b92d929a38e0ed1f94795562fc2e98fc2a9a2601898f4cb09cee1a4f8eb&person_id=3606676836315562029&eid=50082

Request Chain 66

https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3606676836315562029%26eid=50220 HTTP 302
https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3606676836315562029%26eid=50220&mm_bnc&mm_bct&UUID=0e545df1-22ff-4500-b8c5-b891eb70fa24 HTTP 302
https://ml314.com/csync.ashx?fp=0e545df1-22ff-4500-b8c5-b891eb70fa24&person_id=3606676836315562029&eid=50220

Request Chain 67

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3606676836315562029 HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3606676836315562029 HTTP 302
https://ml314.com/csync.ashx?fp=98516aa02a7bf6c9914442f7d6e274ba&eid=50146&person_id=3606676836315562029

Request Chain 68

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2wyDD4MI78udDD6C_oVb89IdwGRZKliHsxP_CIFEofbg&gdpr=1&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil HTTP 302
https://ml314.com/csync.ashx?fp=2wyDD4MI78udDD6C_oVb89IdwGRZKliHsxP_CIFEofbg&person_id=3606676836315562029&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil HTTP 302
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil

Request Chain 75

https://api-54-202-25-105.b2c.com/api/x?ZfNjjnZtIqVsQUsF$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3Z1bG5lcmFiaWxpdGllcy9leHBsb2l0ZWQtYW5kcm9pZC1mbGF3LXN0cmFuZGhvZ2ctZW5hYmxlcy1waGlzaGluZy1vdmVybGF5cy1tYWxpY2lvdXMtcGVybWlzc2lvbnMvIiwicmVmZXJyZXIkMCQiLCJhbmNlc3Rvck9yaWdpbnMkMCQiLCJ2aWRlbyQwJDE2MDB4MTIwMHgyNCIsImZyYW1lJDAkMCIsImhpZGRlbiQwJDAiLCJ2aXNpYmlsaXR5U3RhdGUkMCR2aXNpYmxlIiwiaGFzRm9jdXMkMCQxIiwid2luZG93JDAkMTU4NXgxMjAwIiwiaW5uZXIkMCQxNjAweDEyMDAiLCJvdXRlciQwJDE2MDB4MTIwMCIsImxvY2FsU3RvcmFnZSQwJEVycm9yOiBUeXBlRXJyb3I6IENhbm5vdCByZWFkIHByb3BlcnR5ICdzZXRJdGVtJyBvZiBudWxsIiwic2Vzc2lvblN0b3JhZ2UkMCQxIiwiYXBwQ29kZU5hbWUkMCRNb3ppbGxhIiwiYXBwTmFtZSQwJE5ldHNjYXBlIiwiYXBwVmVyc2lvbiQwJDUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xNF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzQuMC4zNzI5LjE2OSBTYWZhcmkvNTM3LjM2IiwiY29va2llRW5hYmxlZCQwJHRydWUiLCJkb05vdFRyYWNrJDAkIiwiaGFyZHdhcmVDb25jdXJyZW5jeSQwJDE2IiwibGFuZ3VhZ2UkMCRlbi1VUyIsInBsYXRmb3JtJDAkTGludXggeDg2XzY0IiwicHJvZHVjdCQwJEdlY2tvIiwicHJvZHVjdFN1YiQwJDIwMDMwMTA3Iiwic2VuZEJlYWNvbiQwJDEiLCJ1c2VyQWdlbnQkMCRNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xNF81KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzQuMC4zNzI5LjE2OSBTYWZhcmkvNTM3LjM2IiwidmVuZG9yJDAkR29vZ2xlIEluYy4iLCJ2ZW5kb3JTdWIkMCQiLCJmb250cmVuZGVyJDQkMSIsIndlYmdsJDYkbi9hIiwid2ViZ2wyJDYkMCIsInRpbWUkNiQxNTc2MDg0NjI4NzU2IiwidGltZXpvbmUkNiQtNjAiLCJwbHVnaW5zJDYkTm9uZSIsIm1lbS10b3RhbEpTSGVhcFNpemUkNiQxOC4yNTc3ODgiLCJtZW0tdXNlZEpTSGVhcFNpemUkNiQxMy45NzYyNiIsIm1lbS1qc0hlYXBTaXplTGltaXQkNiQ0MzQ1LjI5ODk0NCIsInRpbWUtZG9tYWluTG9va3VwU3RhcnQkNiQyNTEiLCJ0aW1lLWRvbWFpbkxvb2t1cEVuZCQ2JDI1MSIsInRpbWUtY29ubmVjdFN0YXJ0JDYkMjUxIiwidGltZS1jb25uZWN0RW5kJDYkNDk5IiwidGltZS1zZWN1cmVDb25uZWN0aW9uU3RhcnQkNiQyNjciLCJ0aW1lLXJlcXVlc3RTdGFydCQ2JDQ5OSIsInRpbWUtcmVzcG9uc2VTdGFydCQ2JDcyOCIsInRpbWUtcmVzcG9uc2VFbmQkNiQ3MzMiLCJ0aW1lLWRvbUxvYWRpbmckNiQ3MzEiLCJ0aW1lLWRvbUludGVyYWN0aXZlJDYkMTQ5MiIsIm5hdmlnYXRpb24tcmVkaXJlY3RDb3VudCQ2JDAiLCJuYXZpZ2F0aW9uLXR5cGUkNiRuYXZpZ2F0ZSIsImdsb2JhbHMtdGltZSQxMCQwLjQ1IiwiZ2xvYmFscyQxMCQxYmY5YTlmYiIsImRvY3VtZW50LXRpbWUkMTQkMC42NzUiLCJkb2N1bWVudCQxNCQ4YmI3MWFkMiIsImNvbm5lY3Rpb24kMTQkIiwiZG93bmxpbmtNYXgkMTQkIiwiZ2V0VXNlck1lZGlhJDE0JDIiLCJjbG9jayQxOCQ0NjgxIiwiYmF0dGVyeSQyMyQxIDEgMCBJbmZpbml0eSIsImF1ZGlvY29udGV4dCQyNSRkYzY2YTYyOCIsImludGVyc2VjdGlvbi1zaXplJDI1JDE1ODV4MTIwMCIsImludGVyc2VjdGlvbiQyNSQ0NSIsInNvcnQkMTExJDcwLjU2IiwiZnJhbWVyYXRlJDE0NSQ1MA HTTP 302
https://api-54-202-25-105.b2c.com:444/api/4?ZfNjjnZtIqVsQUsF

Request Chain 76

https://match.adsrvr.org/track/cmf/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5df124941d7afe000149e46a&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5df124941d7afe000149e46a&gdpr=0 HTTP 302
https://polo-v1.feathr.co/v1/analytics/match?f_id=5df124941d7afe000149e46a&ttd_id=411e33b2-4307-4108-a6e2-f2122880c645

Request Chain 101

https://api-54-202-25-105.b2c.com/api/x?THAhgBkVw7XoGzHg$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3Z1bG5lcmFiaWxpdGllcy9leHBsb2l0ZWQtYW5kcm9pZC1mbGF3LXN0cmFuZGhvZ2ctZW5hYmxlcy1waGlzaGluZy1vdmVybGF5cy1tYWxpY2lvdXMtcGVybWlzc2lvbnMvIiwicmVmZXJyZXIkMCQiLCJhbmNlc3Rvck9yaWdpbnMkMCRodHRwczovL3d3dy5zY21hZ2F6aW5lLmNvbSIsInZpZGVvJDAkMTYwMHgxMjAweDI0IiwiZnJhbWUkMCQxIiwiaGlkZGVuJDAkMCIsInZpc2liaWxpdHlTdGF0ZSQwJHZpc2libGUiLCJoYXNGb2N1cyQwJDAiLCJ3aW5kb3ckMCQ3Mjh4OTAiLCJpbm5lciQwJDcyOHg5MCIsIm91dGVyJDAkMTYwMHgxMjAwIiwibG9jYWxTdG9yYWdlJDAkRXJyb3I6IFR5cGVFcnJvcjogQ2Fubm90IHJlYWQgcHJvcGVydHkgJ3NldEl0ZW0nIG9mIG51bGwiLCJzZXNzaW9uU3RvcmFnZSQwJDEiLCJhcHBDb2RlTmFtZSQwJE1vemlsbGEiLCJhcHBOYW1lJDAkTmV0c2NhcGUiLCJhcHBWZXJzaW9uJDAkNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzE0XzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS83NC4wLjM3MjkuMTY5IFNhZmFyaS81MzcuMzYiLCJjb29raWVFbmFibGVkJDAkdHJ1ZSIsImRvTm90VHJhY2skMSQiLCJoYXJkd2FyZUNvbmN1cnJlbmN5JDEkMTYiLCJsYW5ndWFnZSQxJGVuLVVTIiwicGxhdGZvcm0kMSRMaW51eCB4ODZfNjQiLCJwcm9kdWN0JDEkR2Vja28iLCJwcm9kdWN0U3ViJDEkMjAwMzAxMDciLCJzZW5kQmVhY29uJDEkMSIsInVzZXJBZ2VudCQxJE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzE0XzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS83NC4wLjM3MjkuMTY5IFNhZmFyaS81MzcuMzYiLCJ2ZW5kb3IkMSRHb29nbGUgSW5jLiIsInZlbmRvclN1YiQxJCIsImZvbnRyZW5kZXIkMSQxIiwid2ViZ2wkMiRuL2EiLCJ3ZWJnbDIkMiQwIiwidGltZSQyJDE1NzYwODQ2MzA3OTkiLCJ0aW1lem9uZSQyJC02MCIsInBsdWdpbnMkMiROb25lIiwibWVtLXRvdGFsSlNIZWFwU2l6ZSQyJDI4LjQ1Njg1MyIsIm1lbS11c2VkSlNIZWFwU2l6ZSQyJDIyLjk3NTQ2MSIsIm1lbS1qc0hlYXBTaXplTGltaXQkMiQ0MzQ1LjI5ODk0NCIsIm5hdmlnYXRpb24tcmVkaXJlY3RDb3VudCQyJDAiLCJuYXZpZ2F0aW9uLXR5cGUkMiRuYXZpZ2F0ZSIsImdsb2JhbHMtdGltZSQ2JDAuNDYiLCJnbG9iYWxzJDYkMWJmOWE5ZmIiLCJkb2N1bWVudC10aW1lJDEwJDAuNzI1IiwiZG9jdW1lbnQkMTEkOGJiNzFhZDIiLCJjb25uZWN0aW9uJDExJCIsImRvd25saW5rTWF4JDExJCIsImdldFVzZXJNZWRpYSQxMSQyIiwiY2xvY2skMTYkNDI0MCIsImJhdHRlcnkkMTgkMSAxIDAgSW5maW5pdHkiLCJpbnRlcnNlY3Rpb24tc2l6ZSQyMSQxNTg1eDEyMDAiLCJpbnRlcnNlY3Rpb24tZW50ZXIkMjEkMC41eDAgNzI4eDAiLCJpbnRlcnNlY3Rpb24kMjEkMTAwIiwiYXVkaW9jb250ZXh0JDIxJGRjNjZhNjI4Iiwic29ydCQ1MiQxNC40NyIsImZyYW1lcmF0ZSQxMjQkOTA HTTP 302
https://api-54-202-25-105.b2c.com:444/api/4?THAhgBkVw7XoGzHg

Request Chain 115

https://api-52-34-71-117.b2c.com/api/x?XTSrsP5vvy7bnKGo$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3Z1bG5lcmFiaWxpdGllcy9leHBsb2l0ZWQtYW5kcm9pZC1mbGF3LXN0cmFuZGhvZ2ctZW5hYmxlcy1waGlzaGluZy1vdmVybGF5cy1tYWxpY2lvdXMtcGVybWlzc2lvbnMvIiwicmVmZXJyZXIkMCQiLCJhbmNlc3Rvck9yaWdpbnMkMCRodHRwczovL3d3dy5zY21hZ2F6aW5lLmNvbSIsInZpZGVvJDAkMTYwMHgxMjAweDI0IiwiZnJhbWUkMCQxIiwiaGlkZGVuJDAkMCIsInZpc2liaWxpdHlTdGF0ZSQwJHZpc2libGUiLCJoYXNGb2N1cyQwJDAiLCJ3aW5kb3ckMCQ3Mjh4OTAiLCJpbm5lciQwJDcyOHg5MCIsIm91dGVyJDAkMTYwMHgxMjAwIiwibG9jYWxTdG9yYWdlJDAkRXJyb3I6IFR5cGVFcnJvcjogQ2Fubm90IHJlYWQgcHJvcGVydHkgJ3NldEl0ZW0nIG9mIG51bGwiLCJzZXNzaW9uU3RvcmFnZSQwJDEiLCJhcHBDb2RlTmFtZSQxJE1vemlsbGEiLCJhcHBOYW1lJDEkTmV0c2NhcGUiLCJhcHBWZXJzaW9uJDEkNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzE0XzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS83NC4wLjM3MjkuMTY5IFNhZmFyaS81MzcuMzYiLCJjb29raWVFbmFibGVkJDEkdHJ1ZSIsImRvTm90VHJhY2skMSQiLCJoYXJkd2FyZUNvbmN1cnJlbmN5JDEkMTYiLCJsYW5ndWFnZSQxJGVuLVVTIiwicGxhdGZvcm0kMSRMaW51eCB4ODZfNjQiLCJwcm9kdWN0JDEkR2Vja28iLCJwcm9kdWN0U3ViJDEkMjAwMzAxMDciLCJzZW5kQmVhY29uJDEkMSIsInVzZXJBZ2VudCQxJE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzE0XzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS83NC4wLjM3MjkuMTY5IFNhZmFyaS81MzcuMzYiLCJ2ZW5kb3IkMSRHb29nbGUgSW5jLiIsInZlbmRvclN1YiQxJCIsImZvbnRyZW5kZXIkMSQxIiwid2ViZ2wkMiRuL2EiLCJ3ZWJnbDIkMiQwIiwidGltZSQyJDE1NzYwODQ2MzE5NzYiLCJ0aW1lem9uZSQyJC02MCIsInBsdWdpbnMkMiROb25lIiwibWVtLXRvdGFsSlNIZWFwU2l6ZSQzJDM3Ljc2MTk5MiIsIm1lbS11c2VkSlNIZWFwU2l6ZSQzJDI2LjQ2Nzk2IiwibWVtLWpzSGVhcFNpemVMaW1pdCQzJDQzNDUuMjk4OTQ0IiwibmF2aWdhdGlvbi1yZWRpcmVjdENvdW50JDMkMCIsIm5hdmlnYXRpb24tdHlwZSQzJG5hdmlnYXRlIiwiZ2xvYmFscy10aW1lJDckMC40NyIsImdsb2JhbHMkOCQxYmY5YTlmYiIsImRvY3VtZW50LXRpbWUkMTEkMC42NjUiLCJkb2N1bWVudCQxMSQ4YmI3MWFkMiIsImNvbm5lY3Rpb24kMTEkIiwiZG93bmxpbmtNYXgkMTEkIiwiZ2V0VXNlck1lZGlhJDExJDIiLCJjbG9jayQxNSQzMjEyIiwiYmF0dGVyeSQxNyQxIDEgMCBJbmZpbml0eSIsImludGVyc2VjdGlvbi1zaXplJDE4JDE1ODV4MTIwMCIsImF1ZGlvY29udGV4dCQxOSRkYzY2YTYyOCIsInNvcnQkNTEkMTMuOTY1IiwiZnJhbWVyYXRlJDExNCQ4MA HTTP 302
https://api-52-34-71-117.b2c.com:444/api/4?XTSrsP5vvy7bnKGo

Request Chain 128

https://api-54-191-156-221.b2c.com/api/x?cEmjBfkUobIgzwGf$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3Z1bG5lcmFiaWxpdGllcy9leHBsb2l0ZWQtYW5kcm9pZC1mbGF3LXN0cmFuZGhvZ2ctZW5hYmxlcy1waGlzaGluZy1vdmVybGF5cy1tYWxpY2lvdXMtcGVybWlzc2lvbnMvIiwicmVmZXJyZXIkMCQiLCJhbmNlc3Rvck9yaWdpbnMkMCRodHRwczovL3d3dy5zY21hZ2F6aW5lLmNvbSIsInZpZGVvJDAkMTYwMHgxMjAweDI0IiwiZnJhbWUkMCQxIiwiaGlkZGVuJDAkMCIsInZpc2liaWxpdHlTdGF0ZSQwJHZpc2libGUiLCJoYXNGb2N1cyQwJDAiLCJ3aW5kb3ckMCQzMDB4NjAwIiwiaW5uZXIkMCQzMDB4NjAwIiwib3V0ZXIkMCQxNjAweDEyMDAiLCJsb2NhbFN0b3JhZ2UkMCRFcnJvcjogVHlwZUVycm9yOiBDYW5ub3QgcmVhZCBwcm9wZXJ0eSAnc2V0SXRlbScgb2YgbnVsbCIsInNlc3Npb25TdG9yYWdlJDAkMSIsImFwcENvZGVOYW1lJDAkTW96aWxsYSIsImFwcE5hbWUkMCROZXRzY2FwZSIsImFwcFZlcnNpb24kMCQ1LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzc0LjAuMzcyOS4xNjkgU2FmYXJpLzUzNy4zNiIsImNvb2tpZUVuYWJsZWQkMCR0cnVlIiwiZG9Ob3RUcmFjayQwJCIsImhhcmR3YXJlQ29uY3VycmVuY3kkMCQxNiIsImxhbmd1YWdlJDAkZW4tVVMiLCJwbGF0Zm9ybSQwJExpbnV4IHg4Nl82NCIsInByb2R1Y3QkMCRHZWNrbyIsInByb2R1Y3RTdWIkMCQyMDAzMDEwNyIsInNlbmRCZWFjb24kMCQxIiwidXNlckFnZW50JDAkTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzc0LjAuMzcyOS4xNjkgU2FmYXJpLzUzNy4zNiIsInZlbmRvciQwJEdvb2dsZSBJbmMuIiwidmVuZG9yU3ViJDAkIiwiZm9udHJlbmRlciQxJDEiLCJ3ZWJnbCQxJG4vYSIsIndlYmdsMiQxJDAiLCJ0aW1lJDIkMTU3NjA4NDYzMzE1OCIsInRpbWV6b25lJDIkLTYwIiwicGx1Z2lucyQyJE5vbmUiLCJtZW0tdG90YWxKU0hlYXBTaXplJDIkMzkuODM1NzE0IiwibWVtLXVzZWRKU0hlYXBTaXplJDIkMzAuMTE1MTIyIiwibWVtLWpzSGVhcFNpemVMaW1pdCQyJDQzNDUuMjk4OTQ0IiwibmF2aWdhdGlvbi1yZWRpcmVjdENvdW50JDIkMCIsIm5hdmlnYXRpb24tdHlwZSQyJG5hdmlnYXRlIiwiZ2xvYmFscy10aW1lJDYkMC40MyIsImdsb2JhbHMkNiQxYmY5YTlmYiIsImRvY3VtZW50LXRpbWUkOSQwLjU4IiwiZG9jdW1lbnQkOSQ4YmI3MWFkMiIsImNvbm5lY3Rpb24kOSQiLCJkb3dubGlua01heCQ5JCIsImdldFVzZXJNZWRpYSQxMCQyIiwiY2xvY2skMTMkNTE0NyIsImJhdHRlcnkkMTUkMSAxIDAgSW5maW5pdHkiLCJpbnRlcnNlY3Rpb24tc2l6ZSQxOSQxNTg1eDEyMDAiLCJpbnRlcnNlY3Rpb24tZW50ZXIkMTkkMC41eDAgMzAweDAiLCJpbnRlcnNlY3Rpb24kMTkkMTAwIiwiYXVkaW9jb250ZXh0JDIwJGRjNjZhNjI4Iiwic29ydCQ0OCQxMy4xNCIsImZyYW1lcmF0ZSQxMTYkNzA HTTP 302
https://api-54-191-156-221.b2c.com:444/api/4?cEmjBfkUobIgzwGf

Request Chain 140

https://api-34-210-175-135.b2c.com/api/x?0dqO11VFuEudvhjT$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3Z1bG5lcmFiaWxpdGllcy9leHBsb2l0ZWQtYW5kcm9pZC1mbGF3LXN0cmFuZGhvZ2ctZW5hYmxlcy1waGlzaGluZy1vdmVybGF5cy1tYWxpY2lvdXMtcGVybWlzc2lvbnMvIiwicmVmZXJyZXIkMCQiLCJhbmNlc3Rvck9yaWdpbnMkMCRodHRwczovL3d3dy5zY21hZ2F6aW5lLmNvbSIsInZpZGVvJDAkMTYwMHgxMjAweDI0IiwiZnJhbWUkMCQxIiwiaGlkZGVuJDAkMCIsInZpc2liaWxpdHlTdGF0ZSQwJHZpc2libGUiLCJoYXNGb2N1cyQwJDAiLCJ3aW5kb3ckMCQzMDB4MjUwIiwiaW5uZXIkMCQzMDB4MjUwIiwib3V0ZXIkMCQxNjAweDEyMDAiLCJsb2NhbFN0b3JhZ2UkMCRFcnJvcjogVHlwZUVycm9yOiBDYW5ub3QgcmVhZCBwcm9wZXJ0eSAnc2V0SXRlbScgb2YgbnVsbCIsInNlc3Npb25TdG9yYWdlJDAkMSIsImFwcENvZGVOYW1lJDAkTW96aWxsYSIsImFwcE5hbWUkMSROZXRzY2FwZSIsImFwcFZlcnNpb24kMSQ1LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzc0LjAuMzcyOS4xNjkgU2FmYXJpLzUzNy4zNiIsImNvb2tpZUVuYWJsZWQkMTY4JHRydWUiLCJkb05vdFRyYWNrJDE2OCQiLCJoYXJkd2FyZUNvbmN1cnJlbmN5JDE2OCQxNiIsImxhbmd1YWdlJDE2OCRlbi1VUyIsInBsYXRmb3JtJDE2OCRMaW51eCB4ODZfNjQiLCJwcm9kdWN0JDE2OCRHZWNrbyIsInByb2R1Y3RTdWIkMTY4JDIwMDMwMTA3Iiwic2VuZEJlYWNvbiQxNjgkMSIsInVzZXJBZ2VudCQxNjgkTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzc0LjAuMzcyOS4xNjkgU2FmYXJpLzUzNy4zNiIsInZlbmRvciQxNjgkR29vZ2xlIEluYy4iLCJ2ZW5kb3JTdWIkMTY4JCIsImZvbnRyZW5kZXIkMTY4JDEiLCJ3ZWJnbCQxNjkkbi9hIiwid2ViZ2wyJDE2OSQwIiwidGltZSQxNjkkMTU3NjA4NDYzNDUwMCIsInRpbWV6b25lJDE2OSQtNjAiLCJwbHVnaW5zJDE2OSROb25lIiwibWVtLXRvdGFsSlNIZWFwU2l6ZSQxNjkkNDAuNjAwMjgyIiwibWVtLXVzZWRKU0hlYXBTaXplJDE2OSQyNS44MDUwMSIsIm1lbS1qc0hlYXBTaXplTGltaXQkMTY5JDQzNDUuMjk4OTQ0IiwidGltZS1yZXNwb25zZUVuZCQxNjkkMSIsInRpbWUtZG9tTG9hZGluZyQxNjkkMSIsInRpbWUtZG9tSW50ZXJhY3RpdmUkMTY5JDEiLCJ0aW1lLWRvbUNvbnRlbnRMb2FkZWRFdmVudFN0YXJ0JDE2OSQxIiwidGltZS1kb21Db250ZW50TG9hZGVkRXZlbnRFbmQkMTY5JDEiLCJ0aW1lLWRvbUNvbXBsZXRlJDE2OSQxIiwibmF2aWdhdGlvbi1yZWRpcmVjdENvdW50JDE2OSQwIiwibmF2aWdhdGlvbi10eXBlJDE2OSRuYXZpZ2F0ZSIsImdsb2JhbHMtdGltZSQxNzMkMC40OCIsImdsb2JhbHMkMTc0JDFiZjlhOWZiIiwiZG9jdW1lbnQtdGltZSQxNzckMC41ODUiLCJkb2N1bWVudCQxNzckOGJiNzFhZDIiLCJjb25uZWN0aW9uJDE3NyQiLCJkb3dubGlua01heCQxNzckIiwiZ2V0VXNlck1lZGlhJDE3NyQyIiwiY2xvY2skMTgwJDUzMzQiLCJiYXR0ZXJ5JDE4MiQxIDEgMCBJbmZpbml0eSIsImludGVyc2VjdGlvbi1zaXplJDE4NSQxNTg1eDEyMDAiLCJhdWRpb2NvbnRleHQkMTg2JGRjNjZhNjI4Iiwic29ydCQyMTUkMTIuMjciLCJmcmFtZXJhdGUkMjkxJDkw HTTP 302
https://api-34-210-175-135.b2c.com:444/api/4?0dqO11VFuEudvhjT

Request Chain 143

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=95788104&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&ul=en-us&de=UTF-8&dt=Exploited%20Android%20flaw%20%27StrandHogg%27%20allows%20phishing%2C%20malicious%20permissions&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=User%20Engagement&ea=Beacon&_u=aGjAAAADQ~&jid=499022258&gjid=688723477&cid=632344882.1576084628&tid=UA-1290429-10&_gid=809682982.1576084643&_r=1&gtm=2wgav9W475TQW&cd13=No&z=1409778149 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1290429-10&cid=632344882.1576084628&jid=499022258&_gid=809682982.1576084643&gjid=688723477&_v=j79&z=1409778149 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=632344882.1576084628&jid=499022258&_v=j79&z=1409778149 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=632344882.1576084628&jid=499022258&_v=j79&z=1409778149&slf_rd=1&random=3847355332

144 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/ 83 KB
20 KB 728ms
229ms Document
text/html 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 6273cf2c968632a85a5081e8f0a484185e2febdb25c0a575e50f9ecef59a1943

Request headers

:method: GET
:authority: www.scmagazine.com
:scheme: https
:path: /home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User: ?1

Response headers

status: 200
server: nginx
date: Wed, 11 Dec 2019 17:17:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie,X-WPENGINE-SEGMENT
link: <https://www.scmagazine.com/wp-json/>; rel="https://api.w.org/" <https://www.scmagazine.com/?p=101158>; rel=shortlink
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate s-maxage=2592000
x-cache: HIT: 1
x-pass-why
x-cache-group: normal
content-encoding: gzip

GET
H2 200 style.min.css
www.scmagazine.com/wp-includes/css/dist/block-library/ 29 KB
5 KB 141ms
137ms Stylesheet
text/css 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-includes/css/dist/block-library/style.min.css?ver=5.2.4
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 01:46:20 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9b2ec-726f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 shared-style.min.css
www.scmagazine.com/wp-content/themes/haymarket/dist/css/ 48 KB
7 KB 156ms
152ms Stylesheet
text/css 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/css/shared-style.min.css?ver=1575598990
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 33fe4fe8214760f15a5fdd753b5c396ee5b916e5d6f66f79d4765ed260706723

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:23:10 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bb8e-c05a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H/1.1 200 olytics.css
olytics.omeda.com/olytics/css/v3/p/ 17 KB
2 KB 541ms
116ms Stylesheet
text/css 204.180.130.159
Omeda Communications

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/css/v3/p/olytics.css?ver=1.0

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS - Omeda Communications, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

4e3bbb8f68c4f8f1f06510e5272fdd319a0bb4e75d619629dc481266dc2b6e61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:07 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 31 Aug 2019 22:54:46 GMT
Server: Apache
ETag: W/"17382-1567292086000"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200
Transfer-Encoding: chunked
Accept-Ranges: bytes
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Expires: Wed, 11 Dec 2019 19:17:07 GMT

GET
H2 200 style.min.css
www.scmagazine.com/wp-content/themes/haymarket/dist/css/ 239 KB
32 KB 163ms
159ms Stylesheet
text/css 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/css/style.min.css?ver=1575598991
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7c98b3e37bc9c2a726c320f5db6e1e5a23c2c44d1a5aa35c6fb5e9ae78e64c86

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:23:11 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bb8f-3bcc2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 css
fonts.googleapis.com/ 3 KB
521 B 21ms
16ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

90bedfa7bbd2bb58b7f47611a77feaf852c117ed7e344885cdb34f7df940658f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 11 Dec 2019 17:17:07 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 11 Dec 2019 17:17:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:07 GMT

GET
H2 200 lytics.min.css
www.scmagazine.com/wp-content/themes/haymarket/dist/css/ 37 KB
3 KB 145ms
140ms Stylesheet
text/css 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/css/lytics.min.css?ver=1575598990
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ece5f25bbc643556099a200aa2df5c428d74048e55db71c1880afd1adcb425a9

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:23:10 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bb8e-95f6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 css
fonts.googleapis.com/ 825 B
455 B 20ms
16ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Bree+Serif&ver=0.1.1

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

19aa6c614f72f6bb67cb17a6169ca551686c2bab5475293c95880f5f32cd830e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 11 Dec 2019 17:17:07 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 11 Dec 2019 17:17:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:07 GMT

GET
H2 200 jquery.js Show response
www.scmagazine.com/wp-includes/js/jquery/ 95 KB
34 KB 162ms
158ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 01:46:19 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9b2eb-17a69"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 jquery-migrate.min.js Show response
www.scmagazine.com/wp-includes/js/jquery/ 10 KB
4 KB 251ms
247ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 01:46:19 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9b2eb-2748"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 cookie.min.js Show response
www.scmagazine.com/wp-content/mu-plugins/cookie-controller/js/ 2 KB
1 KB 260ms
256ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/mu-plugins/cookie-controller/js/cookie.min.js?ver=1.2
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e828282e92509efc0f7bc57888382c5816bd403e0abbb685eda5c4372cc7daa5

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:24:25 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bbd9-834"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 hm-olytics-beacon.js Show response
www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/ 1 KB
805 B 260ms
256ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/hm-olytics-beacon.js?ver=1.0
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 90a260084cfdf97ada7a8e0650eb310a4206d79f1b3a53225d2b9053cc9e4c13

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:24:03 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bbc3-421"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 UtilityMove-custom.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/assets/vendor/ 2 KB
1 KB 261ms
257ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1575598990
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cffef365e4b53f1a6e9d33a7d42c0d1542b573360f774069589240f75f0e84f1

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:23:10 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bb8e-751"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 polyfill.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/assets/js/frontend/ 102 KB
35 KB 263ms
259ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/assets/js/frontend/polyfill.min.js?ver=1575598991
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:23:11 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bb8f-19873"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 51 KB
16 KB 42ms
38ms Script
text/javascript 2a00:1450:4001:81f::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

801f94e439e56ff65c1f08e9f76fafe23788cf2a442c45842f9aa60b613aa338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "363 / 460 of 1000 / last-modified: 1576004261"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15802
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:07 GMT

GET
H2 200 head.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/dist/js/ 43 KB
13 KB 351ms
348ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/head.min.js?ver=1575598990
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 0891c01a43615c445e85a7d17eab463dfc3de87d3d1e6f023a996cc1680fe586

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:23:10 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bb8e-ac53"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 SC-MAGAZINE30ANNYnotag.jpg
www.scmagazine.com/wp-content/uploads/sites/2/2019/02/ 43 KB
44 KB 353ms
350ms Image
image/jpeg 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/2/2019/02/SC-MAGAZINE30ANNYnotag.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 8cad642d5009d9f538c20ce327532bea1a130c019fae995d6d37da325626347d

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
last-modified: Fri, 06 Dec 2019 01:50:07 GMT
server: nginx
access-control-allow-origin: *
etag: "5de9b3cf-ad48"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=30, s-maxage=2592000
accept-ranges: bytes
content-length: 44360

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 107 KB
30 KB 18ms
18ms Script
application/javascript 2a00:1450:4001:806::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W475TQW

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6d2caed89f9fce0657004831556940668c1068fc27d2ad00bbfefaf17e87094c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: br
last-modified: Wed, 11 Dec 2019 15:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 30652
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:07 GMT

GET
H2 200 spinner.svg
www.scmagazine.com/wp-content/themes/haymarket/assets/svg/src/ 694 B
639 B 126ms
125ms Image
image/svg+xml 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/assets/svg/src/spinner.svg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: abb1dd7905b3797711e15609800d43cabead4c0358dc0030a1932a20e82a37d7

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:23:12 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bb90-2b6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 47434056310_565647-150x150.jpg
www.scmagazine.com/wp-content/uploads/sites/2/2018/07/ 7 KB
8 KB 125ms
125ms Image
image/jpeg 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/uploads/sites/2/2018/07/47434056310_565647-150x150.jpg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 9e557673ba8a4c81144cc20c40891d872fda49bcdd9b4f3fec1a4ff8b06263f2

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
last-modified: Fri, 06 Dec 2019 01:58:29 GMT
server: nginx
access-control-allow-origin: *
etag: "5de9b5c5-1dbe"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=30, s-maxage=2592000
accept-ranges: bytes
content-length: 7614

GET
H2 200 2b6d39d680de90da3cea5ebacea7f74c744475a9-v3.js Show response
content.maropost.com/uploads/1325/websites/1/ 3 KB
3 KB 64ms
28ms Script
text/plain 2600:9000:2156:200:a:1779:3180:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://content.maropost.com/uploads/1325/websites/1/2b6d39d680de90da3cea5ebacea7f74c744475a9-v3.js?ver=1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:200:a:1779:3180:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0c7e4012cb73f8c0836fa8aee34bb0da2250b5af84d0c4a1959d60764597f05a

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 04:33:56 GMT
via: 1.1 f7b7cf90592cf6a380fd34cc45e9c4b5.cloudfront.net (CloudFront)
last-modified: Thu, 13 Dec 2018 20:46:06 GMT
server: AmazonS3
age: 29913
etag: "33bca5680760348835deea8e5dcbdb62"
x-cache: Hit from cloudfront
status: 200
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2565
x-amz-cf-id: Pb7OBdSeiTsKzlHyj15GYuxXSMVaM2FX0iThV6jKpzWAdYRNZ8AJPw==

GET
H2 200 blocks.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/dist/js/ 7 KB
3 KB 321ms
321ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/blocks.min.js?ver=1575598990
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2b2f53c9542f12eef99cceef17c6dad6692fe6d3630b9a22d0f6c4bba7b55002

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:23:10 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bb8e-1b42"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 feather-tool.js Show response
www.scmagazine.com/wp-content/plugins/hm-feathr-tool/js/ 550 B
627 B 128ms
126ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/plugins/hm-feathr-tool/js/feather-tool.js?ver=1.0
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 94308b25a82c6c94b07808115e379e4f4151bde0c44100015cda9cb1c5cdb0e7

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:24:03 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bbc3-226"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 hm-olytics-page-tag.js Show response
www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/ 103 B
321 B 127ms
126ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/hm-olytics-page-tag.js?ver=1.0
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1b79426177f0c17d98c2ffe3aee5403f1f2a50b85d7177080cd06cfc37e2a300

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
last-modified: Fri, 06 Dec 2019 02:24:03 GMT
server: nginx
access-control-allow-origin: *
etag: "5de9bbc3-67"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000
accept-ranges: bytes
content-length: 103

GET
H/1.1 200
OK hmi-registration-ui.manifest.js Show response
s3.amazonaws.com/haymarket-reg-js/develop/production/ 799 B
1 KB 521ms
136ms Script
application/javascript 52.216.229.125
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.manifest.js?ver=0.1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.229.125 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4d3e9dbf75d761b4fc344b3be601971eb517ce533c7ce46e093539e03349616e

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:09 GMT
Last-Modified: Thu, 29 Aug 2019 20:10:10 GMT
Server: AmazonS3
x-amz-request-id: 8340D5733403F1F5
ETag: "6878a8fbe72bde4a3f8ecf5b16523972"
Content-Type: application/javascript
Content-Length: 799
Accept-Ranges: bytes
x-amz-version-id: csLBKnYjTffo31CifRF6x383B2E_amuJ
x-amz-id-2: DVddgqJJjlYculHdmRpwEEsRnkqIp4MztF6Y5fqc8jcQd369XmenqrxdQd9p4hU2txah+/Grjr0=

GET
H/1.1 200
OK hmi-registration-ui.vendor.js Show response
s3.amazonaws.com/haymarket-reg-js/develop/production/ 357 KB
357 KB 531ms
146ms Script
application/javascript 52.216.229.125
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.vendor.js?ver=0.1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.229.125 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 2673f6b0416b9a9f7488ee96f384f5badfa04acb14499c92ae52e394b7572f1f

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:09 GMT
Last-Modified: Thu, 29 Aug 2019 20:10:10 GMT
Server: AmazonS3
x-amz-request-id: CEBA4530FD7EA94B
ETag: "dfdfd93abc9eec4ff346a12a61df7c41"
Content-Type: application/javascript
Content-Length: 365119
Accept-Ranges: bytes
x-amz-version-id: 6ACuZZ4Fakkhaw3IL9mD952B0XZGZK4Q
x-amz-id-2: B7v8juibQ1pkNuPl+ENuPeMuk+0Uy7PhTP22iXacpV7jcFUZw3JrqY03M9jWB4ixQTj3Ka5zKX0=

GET
H/1.1 200
OK hmi-registration-ui.bundle.js Show response
s3.amazonaws.com/haymarket-reg-js/develop/production/ 1 MB
1 MB 540ms
148ms Script
application/javascript 52.216.229.125
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/haymarket-reg-js/develop/production/hmi-registration-ui.bundle.js?ver=0.1.1
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.229.125 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4eef9cbbcb01ac2538e54c45514c0560e686abf17070adfba489fd1b3b86455a

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:09 GMT
Last-Modified: Thu, 29 Aug 2019 20:10:10 GMT
Server: AmazonS3
x-amz-request-id: 3E8246F4D01BBEEF
ETag: "8f47379688c3f5980d42b891fcaea0eb"
Content-Type: application/javascript
Content-Length: 1225121
Accept-Ranges: bytes
x-amz-version-id: 1g9qbXhjK6v_p1EyiVTzg_c7stFBXUFD
x-amz-id-2: 1c0mF84Tp6SMMHVKpH/hbx1WvygBv32QmUxuMnpq+IC7JUyfulZ5m6VwMM4wKJ2PNL27l3Z3p8M=

GET
H2 200 frontend.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/dist/js/ 145 KB
39 KB 132ms
131ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1575598990
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 64a0cd363010895321d3015d8c7973aa9ee24623e6ba363e76d1be39b09f4bd5

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:23:10 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bb8e-245d3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 iab.min.js Show response
www.scmagazine.com/wp-content/themes/haymarket/dist/js/ 8 KB
2 KB 133ms
133ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1575598991
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae1eff31eff9623af795e27413312563c498759622b7c17ede94ed31b5594e89

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:23:11 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bb8f-1ecd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 wp-embed.min.js Show response
www.scmagazine.com/wp-includes/js/ 1 KB
1000 B 124ms
124ms Script
application/javascript 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-includes/js/wp-embed.min.js?ver=5.2.4
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:07 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 01:46:20 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9b2ec-57b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W475TQW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 2611
date: Wed, 11 Dec 2019 16:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 11 Dec 2019 18:33:37 GMT

GET
H2 200 7341.js Show response
script.crazyegg.com/pages/scripts/0034/ 128 KB
36 KB 21ms
20ms Script
application/x-javascript 2606:4700::6813:9308
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0034/7341.js?437801
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W475TQW
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d15ecc4721250b43e7de026edd063e045859a4ec6ecf59cf705a2388557098e

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
via: 1.1 03f23a59e296041c07602d699fc87484.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 10086
cf-polished: origSize=130668
x-cache: Miss from cloudfront
status: 200
content-encoding: gzip
last-modified: Mon, 09 Dec 2019 15:02:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
x-amz-cf-pop: VIE50-C1
cf-ray: 54391c3dce2c5970-VIE
x-amz-cf-id: gCNIkEtumGA4YHhCuM_KGTzUSyynlRMShTrGQj6IpL6kZ-tu2JpmDA==
cf-bgj: minify

GET
H/1.1 200 olytics.min.js Show response
olytics.omeda.com/olytics/js/v3/p/ 254 KB
255 KB 117ms
116ms Script
application/javascript 204.180.130.159
Omeda Communications

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/plugins/hm-olytics-beacon/js/hm-olytics-beacon.js?ver=1.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS - Omeda Communications, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

27c9b381b4e3c376bd53452c3febbce47c342f97f93dd9613cca483da5071648

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:07 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 13 Nov 2019 23:54:24 GMT
Server: Apache
ETag: W/"260404-1573689264000"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=600
Transfer-Encoding: chunked
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block
Expires: Wed, 11 Dec 2019 17:27:08 GMT

GET
H2 200 src.svg
www.scmagazine.com/wp-content/themes/haymarket/assets/svg/ 33 KB
10 KB 129ms
128ms Other
image/svg+xml 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/assets/svg/src.svg?ver=1575598990
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 866e74600600f8647c979414828f3538d646101dc8504de84c2ed00e30460811

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
last-modified: Fri, 06 Dec 2019 02:23:10 GMT
server: nginx
access-control-allow-origin: *
etag: W/"5de9bb8e-8317"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: public, max-age=30, s-maxage=2592000

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 16ms
15ms Script
application/javascript 2a00:1450:4001:81f::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.scmagazine.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 17ms
16ms Script
application/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.scmagazine.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2019120201.js Show response
securepubads.g.doubleclick.net/gpt/ 166 KB
61 KB 58ms
57ms Script
text/javascript 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

sffe /

Resource Hash

f93d1d7d700f850328abfcc87e394dfb26fe1183249925434f8870fba994bc96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 02 Dec 2019 14:08:04 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 62423
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:08 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
Origin: https://www.scmagazine.com

Response headers

date: Thu, 21 Nov 2019 15:18:11 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:55 GMT
server: sffe
age: 1735137
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14044
x-xss-protection: 0
expires: Fri, 20 Nov 2020 15:18:11 GMT

GET
H2 200 chevron-right-white.svg
www.scmagazine.com/wp-content/themes/haymarket/assets/svg/src/ 190 B
403 B 124ms
124ms Image
image/svg+xml 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scmagazine.com/wp-content/themes/haymarket/assets/svg/src/chevron-right-white.svg
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1575598990
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-197-250-24.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 8e0da2e2d764c1a202d33dd39287784df8ac6bc20c7401ea14f2d62001292856

Request headers

Referer: https://www.scmagazine.com/wp-content/themes/haymarket/dist/css/style.min.css?ver=1575598991
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
last-modified: Fri, 06 Dec 2019 02:23:11 GMT
server: nginx
access-control-allow-origin: *
etag: "5de9bb8f-be"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: public, max-age=30, s-maxage=2592000
accept-ranges: bytes
content-length: 190

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1575598990

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
Origin: https://www.scmagazine.com

Response headers

date: Tue, 10 Dec 2019 06:24:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:54 GMT
server: sffe
age: 125575
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14176
x-xss-protection: 0
expires: Wed, 09 Dec 2020 06:24:13 GMT

GET
H2 200 S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
fonts.gstatic.com/s/lato/v16/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/themes/haymarket/assets/vendor/UtilityMove-custom.min.js?ver=1575598990

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i
Origin: https://www.scmagazine.com

Response headers

date: Tue, 19 Nov 2019 00:57:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:51 GMT
server: sffe
age: 1959586
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14864
x-xss-protection: 0
expires: Wed, 18 Nov 2020 00:57:22 GMT

GET
H2 200 lio.js Show response
c.lytics.io/api/tag// 40 B
220 B 25ms
24ms Script
application/javascript 2606:4700:20::681a:216
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/api/tag//lio.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1575598990
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:216 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6557812bb342a14c23635e24733f11e5752f9807a85053be80b6fbd955a34ed9

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
via: 1.1 google
cf-cache-status: HIT
server: cloudflare
age: 5061
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
content-encoding: br
cache-control: max-age=7200
cf-ray: 54391c3e2eabcbc0-VIE
access-control-allow-origin: *

GET
H2 200 most-widget Show response
www.scmagazine.com/wp-json/haymarket/v1/ 5 KB
2 KB 125ms
125ms XHR
application/json 34.197.250.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.scmagazine.com/wp-json/haymarket/v1/most-widget?id=most-5

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1575598990

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.197.250.24 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-34-197-250-24.compute-1.amazonaws.com

Software

nginx /

Resource Hash

360402ecd9d127908d1a284c5c27ec815fd27961c8e7f3843958e8201289dee7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: SHORT
x-cache: HIT: 14
status: 200
x-cache-group: normal
access-control-allow-headers: Authorization, Content-Type
allow: GET
server: nginx
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages
cache-control: max-age=600, must-revalidate, s-maxage=2592000
x-robots-tag: noindex
link: <https://www.scmagazine.com/wp-json/>; rel="https://api.w.org/"
x-pass-why

GET
H2 200 / Show response
accounts.haymarketmedia.com/sso/check/ 45 B
445 B 413ms
128ms XHR
application/json 18.213.112.55
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.haymarketmedia.com/sso/check/?gn=106
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/frontend.min.js?ver=1575598990
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.213.112.55 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-18-213-112-55.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 916b46685de3064525220ba828d946e60ab332f5e65c62d7df5fe9877f9c54b2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
x-aspnetmvc-version: 4.0
server: Microsoft-IIS/8.5
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: private
access-control-allow-credentials: true
content-length: 45

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 58 KB
22 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-TCMLVLP&t=gtm1&cid=632344882.1576084628

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a44fb5ed53eb7914939e0831706f036690e02c6b7872440bf2838ec4dd355e5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: br
last-modified: Wed, 11 Dec 2019 15:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 21994
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:08 GMT

GET
H2 200 init-131xlxqjsfx7lh82dpc.js Show response
api.b2c.com/api/ 12 KB
5 KB 545ms
170ms Script
text/javascript 2600:1f14:e96:5800:e0d8:bc5:3e87:8b93
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.b2c.com/api/init-131xlxqjsfx7lh82dpc.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W475TQW
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5800:e0d8:bc5:3e87:8b93 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: 747680e5c58389f1e9b013a24bd0b7638a9977c15ee0aae05930aadfae87d0a9

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
server: openresty
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, must-revalidate
expires: -1

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:10c:382::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:08 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=47496
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 35 KB
14 KB 6ms
6ms Script
application/x-javascript 2600:9000:2057:5400:18:1fcd:349:ca21
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:5400:18:1fcd:349:ca21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: ffe2ef5ce19169f51b69f0dfdac122f402043b13afd7c65b2dab551ebf3b7629

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 16:25:31 GMT
content-encoding: gzip
last-modified: Tue, 29 Oct 2019 02:24:02 GMT
server: nginx
age: 3096
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=7200
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: 7X1Tjsp5gZrTAZdDoA77ussx25WIr5zT3H09GpKly4Nj_y2GTVn8QA==
via: 1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront)
expires: Wed, 11 Dec 2019 18:25:31 GMT

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 29ms
29ms Script
application/x-javascript 13.35.255.55
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W475TQW
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.255.55 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-255-55.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3facb0fb4999f0b5d8116ce812c1d68d07b17782afb8cc480ae472ea6c5094fe

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 10 Dec 2019 20:39:26 GMT
Content-Encoding: gzip
Last-Modified: Tue, 19 Nov 2019 21:15:10 GMT
Server: AmazonS3
Age: 152839
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 e7e7960d7731a7583cedd8f1ff1aca38.cloudfront.net (CloudFront)
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA6-C1
Connection: keep-alive
X-Amz-Cf-Id: 5iOnD_MUqzP2ap4sBlD21E9HET5yea2vkqfoWFHp0POfoHW0plgdSQ==

GET
H/1.1 200
OK tag.aspx Show response
ml314.com/ 26 KB
12 KB 148ms
39ms Script
application/javascript 52.215.103.126
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?11112019
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.103.126 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c293a28e23c66b27bd04bc1742f3aab0ebf6c382961c1e83140f035a08ea5e5d

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:08 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Dec 2019 06:30:29 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=47600
Connection: keep-alive
Content-Length: 11932
Expires: Thu, 12 Dec 2019 06:30:29 GMT

GET
H2 204 a
www.googletagmanager.com/ 0
133 B 15ms
14ms Image
image/gif 2a00:1450:4001:806::2008
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=GTM-W475TQW&cv=47&v=3&t=t&pid=295226150&rv=av9&es=1&e=gtm.js&eid=0&tc=25&tr=1opt.1cegg.1sdl.1sdl.1lcl.1tl.1cl.1lcl.1html.1html.1html.1html.1html.5lcl.5tl.5cl.5lcl.5html.5html.5html.5cegg&z=0

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:08 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
status: 204
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK all Show response
sample-api-v2.crazyegg.com/n/347341/ 65 B
592 B 558ms
132ms XHR
text/html 54.225.66.14
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://sample-api-v2.crazyegg.com/n/347341/all?v=7&user_script_version=1575903739

Requested by

Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0034/7341.js?437801

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.225.66.14 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-54-225-66-14.compute-1.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

e639d13392578bad221c136d36c5573bc7d2e04ee36f93d969ad5688df6170d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com

Response headers

Date: Wed, 11 Dec 2019 17:17:08 GMT
X-Content-Type-Options: nosniff
Server: nginx/1.12.1
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: GET
Content-Type: text/html;charset=utf-8
Access-Control-Allow-Origin: *
Cache-control: no-cache="set-cookie"
Connection: keep-alive
Content-Length: 65
X-XSS-Protection: 1; mode=block

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 405 B
400 B 58ms
57ms XHR
text/plain 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1002386287147753&correlator=1065714448421611&output=ldjh&impl=fif&adsid=NT&eid=21062452%2C21062818%2C21065211&vrg=2019120201&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A536903688%2C8%3A134250504&sc=1&sfv=1-0-37&ecs=20191211&iu=%2F5745%2Fsc_us%2Fhome%2Fsecurity-news%2Fcybercrime%2FOOP_skin&sz=1x1&ists=1&scp=pos%3DOOP_skin&eri=1&cust_params=pagetype%3Dpost%26sponsor%3D%26comp%3D%26author%3DBradley%2520Barth%26postID%3D101158%26env%3Dlive%26sid%3DCybercrime%252CMalware%252CMobile_Security%252CPhishing%252CSecurity_News%252CVulnerabilities%26styleid%3D%26cat%3DCybercrime%252CExploit%252CMalware%252CMobile_Security%252CPhishing%252CVulnerabilities%26atype%3DNews%26block%3D%26isnht%3Dfalse%26browser%3DChrome%252074&cookie_enabled=1&bc=31&abxe=1&lmt=1576084628&dt=1576084628271&dlt=1576084627428&idt=821&frm=20&biw=1585&bih=1200&oid=3&adx=0&ady=2655&adk=2204485474&uci=1&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&dssz=61&icsg=70364084241393&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x2655&msz=1585x1&ga_vid=632344882.1576084628&ga_sid=1576084628&ga_hid=95788104&fws=4&ohw=1585

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

d956ac845cab2e97e3eefa94be65fd0b0ac3ffef818a02a727830a683f239225

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 211
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2019120201.js Show response
securepubads.g.doubleclick.net/gpt/ 64 KB
24 KB 58ms
58ms Script
text/javascript 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

sffe /

Resource Hash

1008ae8c93c140845bf5bfa6d0c6e0a048ff8906a4fa0081196fd99f1613f65a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 02 Dec 2019 14:08:04 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 24817
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:08 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 6ms
6ms Other
text/html 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 411 B
378 B 70ms
70ms XHR
text/plain 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1002386287147753&correlator=1065714448421611&output=ldjh&impl=fif&adsid=NT&eid=21062452%2C21062818%2C21065211&vrg=2019120201&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A536903688%2C8%3A134250504&sc=1&sfv=1-0-37&ecs=20191211&iu=%2F5745%2Fsc_us%2Fhome%2Fsecurity-news%2Fcybercrime%2FOOP_prestitial&sz=1x1&ists=1&scp=pos%3DOOP_prestitial&eri=1&cust_params=pagetype%3Dpost%26sponsor%3D%26comp%3D%26author%3DBradley%2520Barth%26postID%3D101158%26env%3Dlive%26sid%3DCybercrime%252CMalware%252CMobile_Security%252CPhishing%252CSecurity_News%252CVulnerabilities%26styleid%3D%26cat%3DCybercrime%252CExploit%252CMalware%252CMobile_Security%252CPhishing%252CVulnerabilities%26atype%3DNews%26block%3D%26isnht%3Dfalse%26browser%3DChrome%252074&cookie_enabled=1&bc=31&abxe=1&lmt=1576084628&dt=1576084628281&dlt=1576084627428&idt=821&frm=20&biw=1585&bih=1200&oid=3&adx=0&ady=2656&adk=1322729939&uci=2&ifi=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&dssz=62&icsg=70364084241393&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x2656&msz=1585x1&ga_vid=632344882.1576084628&ga_sid=1576084628&ga_hid=95788104&fws=4&ohw=1585

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

38c50f7b73172880597859495d1bebfbb2aff638bdee2f719bfab56a239dcbf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 217
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68780%26url%3Dhttps%253A%252F%252Fwww.scmagazine.com%252Fhome%252Fsecurity-news%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-...

0
70 B

164ms
164ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&time=1576084628286&liSync=true
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 20
x-li-uuid: Fmr3iZ5g3xXAK2S5yyoAAA==

Redirect headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
x-li-pop: prod-efr5
content-length: 20
x-li-uuid: FPwFf55g3xUwKrPMdSsAAA==
pragma: no-cache
server: Play
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary: Accept-Encoding
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68780&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&time=1576084628286&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
168 B 373ms
123ms Image
image/gif 54.86.129.194
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=scmagazine.com&p=%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&u=LnVDSCbY-f8Dc5pui&d=scmagazine.com&g=56851&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=2657&o=1585&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=1600&t=DSJ2V3YHxsbBWoMWXfC1FTDMMokf&V=118&i=Exploited%20Android%20flaw%20%27StrandHogg%27%20allows%20phishing%2C%20malicious%20permissions&tz=-60&sn=1&sv=BFvaLKJi-P0CrlSXhDJ3fpwMG_kt&sd=1&im=067b2fff&_
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.86.129.194 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-86-129-194.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Wed, 11 Dec 2019 17:17:08 GMT
cache-control: no-cache, no-store, must-revalidate
expires: 0
content-length: 43
content-type: image/gif

GET
H2 200 boomerang.min.js Show response
cdn.feathr.co/js/ 113 KB
34 KB 69ms
31ms Script
application/javascript 2606:4700:20::681a:e77
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.feathr.co/js/boomerang.min.js
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/wp-content/plugins/hm-feathr-tool/js/feather-tool.js?ver=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e77 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 420716b9b6173c7187b6af8211c6f44ab80da47728d2d4b234ccb061c4b3a6a2

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 31 Jul 2019 20:04:48 GMT
server: cloudflare
age: 5459
etag: W/"b8655d0ded4aca80589aff477a37e060"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 54391c3f3cb55994-VIE
x-amz-request-id: 5631AD9D54883AD3
x-amz-id-2: 9bjO+MaDxoplHPZE/KpKFblxrsGM2YdJ88JZQ/5SwhcCU1QN/glHXlLMhyJfPTllkR5eV3jYVsA=

GET
H2 204 a
www.googletagmanager.com/ 0
59 B 15ms
15ms Image
image/gif 2a00:1450:4001:806::2008
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=GTM-W475TQW&cv=47&v=3&t=t&pid=295226150&rv=av9&es=1&e=gtm.dom&eid=3&tc=25&tr=1ua.1html.5html&z=0

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:08 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
status: 204
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=95788104&t=pageview&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-ena...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1290429-10&cid=632344882.1576084628&jid=430952031&_gid=67760927.1576084628&gjid=1164310341&_v=j79&z=1700633390
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=632344882.1576084628&jid=430952031&_v=j79&z=1700633390
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=632344882.1576084628&jid=430952031&_v=j79&z=1700633390&slf_rd=1&random=3798106394

42 B
109 B

31ms
31ms

Image
image/gif

2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=632344882.1576084628&jid=430952031&_v=j79&z=1700633390&slf_rd=1&random=3798106394

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:08 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=632344882.1576084628&jid=430952031&_v=j79&z=1700633390&slf_rd=1&random=3798106394
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK utsync.ashx Show response
ml314.com/ 793 B
1 KB 37ms
37ms Script
application/javascript 52.215.103.126
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=53884&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&pv=1576084628363_wbrriw6ie&bl=en-us&cb=73104&return=&ht=&d=&dc=&si=1576084628363_wbrriw6ie&cid=&s=1600x1200&rp=
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?11112019
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.103.126 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad5f674afbdd840b0c688c46ac9ec4edd3620e288698f2cd2d46652531b701a9

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 17:17:07 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control: private
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 488
Expires: 0

GET
H/1.1 200
OK ud.ashx Show response
in.ml314.com/ 20 B
698 B 592ms
222ms Script
application/javascript 3.220.21.104
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://in.ml314.com/ud.ashx?topiclimit=&cb=11112019
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?11112019
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.220.21.104 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-220-21-104.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:08 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, no-cache="set-cookie"
Connection: keep-alive
Content-Length: 138
Expires: Thu, 12 Dec 2019 17:17:08 GMT

GET
H2 200 integrations Show response
polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/ 54 B
387 B 450ms
165ms XHR
application/json 52.207.57.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/integrations

Requested by

Host: cdn.feathr.co
URL: https://cdn.feathr.co/js/boomerang.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.207.57.113 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-207-57-113.compute-1.amazonaws.com

Software

nginx/1.15.10 /

Resource Hash

68795cb80606f19d4ec0d92744af85048164f53500ad9535229c470fe24fe28a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
server: nginx/1.15.10
status: 200
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 54

GET
H2 200 refresh
marco.feathr.co/v1/ 43 B
567 B 205ms
133ms Image
image/gif 13.35.253.80
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marco.feathr.co/v1/refresh
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.80 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-80.fra6.r.cloudfront.net
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-apigw-id: EjKnOH2qIAMFdpA=
x-amzn-requestid: 240b3029-af58-4629-92ad-a0f9cb47a2f6
access-control-allow-methods: *
content-type: image/gif
status: 200
x-amzn-trace-id: Root=1-5df12494-3eff43042c62ba1561bcfb2f;Sampled=0
x-cache: Miss from cloudfront
access-control-allow-origin: *
content-length: 43
x-amz-cf-id: hH-EDCkp0awGQRo7uVpHfq_LyKkpdCxnjKx0wbvI5bl7IF1vxHsrcw==
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://tags.bluekai.com/site/20486?limit=0&id=3606676836315562029&redir=https://ml314.com/csync.ashx%3Ffp=$_BK_UUID%26person_id=3606676836315562029%26eid=50056
https://ml314.com/csync.ashx?fp=AvwyJx9999Yu5wa5&person_id=3606676836315562029&eid=50056

43 B
312 B

36ms
36ms

Image
image/gif

52.215.103.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=AvwyJx9999Yu5wa5&person_id=3606676836315562029&eid=50056
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.103.126 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:08 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Thu, 12 Dec 2019 12:17:08 GMT

Redirect headers

Location: https://ml314.com/csync.ashx?fp=AvwyJx9999Yu5wa5&person_id=3606676836315562029&eid=50056
Date: Wed, 11 Dec 2019 17:17:08 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 44dc
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://idsync.rlcdn.com/395886.gif?partner_uid=3606676836315562029
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYwNjY3NjgzNjMxNTU2MjAyORAAGg0IlMnE7wUSBQjoBxAAQgBKAA
https://ml314.com/csync.ashx?fp=02c6ffe1ff77154c82fa3b92d929a38e0ed1f94795562fc2e98fc2a9a2601898f4cb09cee1a4f8eb&person_id=3606676836315562029&eid=50082

43 B
312 B

105ms
35ms

Image
image/gif

52.215.103.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=02c6ffe1ff77154c82fa3b92d929a38e0ed1f94795562fc2e98fc2a9a2601898f4cb09cee1a4f8eb&person_id=3606676836315562029&eid=50082
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.103.126 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:08 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Thu, 12 Dec 2019 12:17:08 GMT

Redirect headers

date: Wed, 11 Dec 2019 17:17:08 GMT
via: 1.1 google
location: https://ml314.com/csync.ashx?fp=02c6ffe1ff77154c82fa3b92d929a38e0ed1f94795562fc2e98fc2a9a2601898f4cb09cee1a4f8eb&person_id=3606676836315562029&eid=50082
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status: 307
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3606676836315562029%26eid=50220
https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3606676836315562029%26eid=50220&mm_bnc&mm_bct&UUID=0e545df1-22ff-4500-b8c5-b891eb70fa24
https://ml314.com/csync.ashx?fp=0e545df1-22ff-4500-b8c5-b891eb70fa24&person_id=3606676836315562029&eid=50220

43 B
312 B

36ms
36ms

Image
image/gif

52.215.103.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=0e545df1-22ff-4500-b8c5-b891eb70fa24&person_id=3606676836315562029&eid=50220
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.103.126 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:08 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Thu, 12 Dec 2019 12:17:09 GMT

Redirect headers

Date: Wed, 11 Dec 2019 17:17:09 GMT
Server: MT3 1913 979072d master cdg-pixel-x20
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://ml314.com/csync.ashx?fp=0e545df1-22ff-4500-b8c5-b891eb70fa24&person_id=3606676836315562029&eid=50220
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Wed, 11 Dec 2019 17:17:08 GMT

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3606676836315562029
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3606676836315562029
https://ml314.com/csync.ashx?fp=98516aa02a7bf6c9914442f7d6e274ba&eid=50146&person_id=3606676836315562029

43 B
312 B

130ms
38ms

Image
image/gif

52.215.103.126
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=98516aa02a7bf6c9914442f7d6e274ba&eid=50146&person_id=3606676836315562029
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.103.126 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:08 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Thu, 12 Dec 2019 12:17:09 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 17:17:08 GMT
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Location: https://ml314.com/csync.ashx?fp=98516aa02a7bf6c9914442f7d6e274ba&eid=50146&person_id=3606676836315562029
Cache-Control: no-cache
X-Server: 10.45.21.215
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2wyDD4MI78udDD6C_oVb89IdwGRZKliHsxP_CIFEofbg&gdpr=1&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil
https://ml314.com/csync.ashx?fp=2wyDD4MI78udDD6C_oVb89IdwGRZKliHsxP_CIFEofbg&person_id=3606676836315562029&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil

70 B
237 B

32ms
31ms

Image
image/gif

3.121.27.153
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.121.27.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-121-27-153.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:09 GMT
Cache-control: private
Content-Length: 70
Content-Type: image/gif

Redirect headers

Date: Wed, 11 Dec 2019 17:17:08 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: text/html; charset=utf-8
Location: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
Cache-Control: private
Connection: keep-alive
Content-Length: 168
Expires: Thu, 12 Dec 2019 12:17:09 GMT

GET
H/1.1 200
OK ad.gif
api-54-202-25-105.b2c.com/api/ 43 B
233 B 524ms
174ms Image
image/gif 2600:1f14:e96:5802:2aa4:86a:63f0:9119
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-54-202-25-105.b2c.com/api/ad.gif
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:2aa4:86a:63f0:9119 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:09 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 32ms
20ms Fetch
text/javascript 2a00:1450:4001:800::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 2693738113432697870
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: private, max-age=3600
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:08 GMT

OPTIONS
H/1.1 200 olytics Show response
oqs.omeda.com/oqs/rest/ 0
470 B 598ms
116ms XHR
text/plain 204.180.130.165
Omeda Communications

General

Check archive.org

Show headers Download Go to

Full URL

https://oqs.omeda.com/oqs/rest/olytics

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.165 Chicago, United States, ASN53866 (QTS-AS - Omeda Communications, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Access-Control-Request-Method: POST
Origin: https://www.scmagazine.com
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Date: Wed, 11 Dec 2019 17:17:08 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: Access-Control-Request-Headers, Content-Type, Origin, Accept, Accept-Encoding, Accept-Language, HOST, User-Agent, Access-Control-Request-Method, Access-Control-Max-Age
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H2 200 script.js Show response
polo.feathr.co/v1/analytics/match/ 290 B
676 B 381ms
129ms Script
text/javascript 52.207.57.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://polo.feathr.co/v1/analytics/match/script.js?pk=feathr

Requested by

Host: cdn.feathr.co
URL: https://cdn.feathr.co/js/boomerang.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.207.57.113 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-207-57-113.compute-1.amazonaws.com

Software

nginx/1.15.10 /

Resource Hash

f34fe84cc3e5be261c489009b5719c58e27fba294569fc0d82764035953f3fe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:09 GMT
server: nginx/1.15.10
access-control-allow-origin: *
etag: "5df124941d7afe000149e46a"
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: text/javascript
status: 200
cache-control: no-cache, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 290

GET
H2 200 pixel.js Show response
polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/ 32 B
398 B 410ms
158ms Script
text/javascript 52.207.57.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://polo.feathr.co/v1/accounts/5c2d2a2366bba411c7d26e37/pixel.js?pk=feathr

Requested by

Host: cdn.feathr.co
URL: https://cdn.feathr.co/js/boomerang.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.207.57.113 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-207-57-113.compute-1.amazonaws.com

Software

nginx/1.15.10 /

Resource Hash

eacfa4f711eaca1336ff82619c8a2d310dec11266d594fbc7e5a91259cebf848

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:09 GMT
server: nginx/1.15.10
access-control-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: text/javascript
status: 200
cache-control: must-revalidate, max-age=14400
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 32

HEAD
H2 200 gpt.js
www.googletagservices.com/tag/js/ 0
0 27ms
15ms Fetch
text/javascript 2a00:1450:4001:825::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "363 / 954 of 1000 / last-modified: 1576004261"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:08 GMT

GET
H/1.1

302
Moved Temporarily

4 Show response
api-54-202-25-105.b2c.com/api/
Redirect Chain

https://api-54-202-25-105.b2c.com/api/x?ZfNjjnZtIqVsQUsF$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3Z1bG5lcmFiaWxpdGllcy9leHBsb2l0ZWQtYW5kcm9pZC1mbGF3LXN0cmFuZGhvZ2ctZW5h...
https://api-54-202-25-105.b2c.com:444/api/4?ZfNjjnZtIqVsQUsF

0
-1 B

508ms
171ms

XHR
text/html

2600:1f14:e96:5802:2aa4:86a:63f0:9119
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-202-25-105.b2c.com:444/api/4?ZfNjjnZtIqVsQUsF
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:2aa4:86a:63f0:9119 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:09 GMT
Server: openresty
Access-Control-Allow-Origin: https://www.scmagazine.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Location: https://api-54-202-25-105.b2c.com:444/api/4?ZfNjjnZtIqVsQUsF
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 142

Redirect headers

Date: Wed, 11 Dec 2019 17:17:09 GMT
Server: openresty
Location: https://api-54-202-25-105.b2c.com:444/api/4?ZfNjjnZtIqVsQUsF
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: https://www.scmagazine.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 142

GET
H2

200

match
polo-v1.feathr.co/v1/analytics/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5df124941d7afe000149e46a&gdpr=0
https://match.adsrvr.org/track/cmb/generic?ttd_pid=6fgi4r1&ttd_tpi=1&ttd_puid=5df124941d7afe000149e46a&gdpr=0
https://polo-v1.feathr.co/v1/analytics/match?f_id=5df124941d7afe000149e46a&ttd_id=411e33b2-4307-4108-a6e2-f2122880c645

43 B
404 B

378ms
129ms

Image
image/gif

34.233.152.160
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://polo-v1.feathr.co/v1/analytics/match?f_id=5df124941d7afe000149e46a&ttd_id=411e33b2-4307-4108-a6e2-f2122880c645

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.233.152.160 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-34-233-152-160.compute-1.amazonaws.com

Software

nginx/1.15.10 /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:09 GMT
server: nginx/1.15.10
access-control-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: image/gif
status: 200
cache-control: max-age=0,no-cache,no-store
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 43

Redirect headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:09 GMT
x-aspnet-version: 4.0.30319
location: https://polo-v1.feathr.co/v1/analytics/match?f_id=5df124941d7afe000149e46a&ttd_id=411e33b2-4307-4108-a6e2-f2122880c645
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status: 302
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 267

GET
H2 200 crumb
polo.feathr.co/v1/analytics/ 43 B
403 B 212ms
212ms Image
image/gif 52.207.57.113
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://polo.feathr.co/v1/analytics/crumb?cb=1576084629281&a_id=5c2d2a2366bba411c7d26e37&f_id=5df124941d7afe000149e46a&ses_id=5df1249491ace50ed36a3092&flvr=page_view&loc_url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&s_w=1600&s_h=1200&b_w=1600&b_h=1200&cust_params=e30=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.207.57.113 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-207-57-113.compute-1.amazonaws.com

Software

nginx/1.15.10 /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:09 GMT
server: nginx/1.15.10
access-control-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-methods: GET, POST, PUT, OPTIONS
content-type: image/gif
status: 200
cache-control: max-age=0,no-cache,no-store
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 43

POST
H/1.1 200
OK x
api-54-202-25-105.b2c.com/api/ 0
388 B 174ms
174ms Other
text/plain 2600:1f14:e96:5802:2aa4:86a:63f0:9119
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-202-25-105.b2c.com/api/x?ZfNjjnZtIqVsQUsF$YWRibG9jayQ1NDQkMA
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:2aa4:86a:63f0:9119 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 17:17:09 GMT
Server: openresty
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.scmagazine.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: -1

POST
H/1.1 200 olytics Show response
oqs.omeda.com/oqs/rest/ 15 B
307 B 367ms
366ms XHR
application/json 204.180.130.165
Omeda Communications

General

Check archive.org

Show headers Download Go to

Full URL

https://oqs.omeda.com/oqs/rest/olytics

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.165 Chicago, United States, ASN53866 (QTS-AS - Omeda Communications, US),

Reverse DNS

Software

Apache /

Resource Hash

754c94388315799ee1eb0338fa7163a26d71dcb96c7767c14bcb7cd7d1901fc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

Date: Wed, 11 Dec 2019 17:17:09 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 4 Show response
api-54-202-25-105.b2c.com/api/ 43 B
441 B 727ms
188ms XHR
image/gif 54.202.25.105
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-202-25-105.b2c.com:444/api/4?ZfNjjnZtIqVsQUsF
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.202.25.105 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-202-25-105.us-west-2.compute.amazonaws.com
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: null

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 17:17:10 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: null
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
Expires: -1

GET
H2 200 up
insight.adsrvr.org/track/ Frame 0202 0
0 110ms
35ms Document
text/html 99.81.228.121
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=znpsh7f&ref=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&upid=e4qkh98&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.228.121 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-99-81-228-121.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=znpsh7f&ref=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&upid=e4qkh98&upv=1.1.0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
accept-encoding: gzip, deflate, br
cookie: TDID=411e33b2-4307-4108-a6e2-f2122880c645; TDCPM=CAEYBSABKAIyCwi8s773lZr_NxAFOAE.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Response headers

status: 200
date: Wed, 11 Dec 2019 17:17:09 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 collect
www.google-analytics.com/ 35 B
109 B 6ms
6ms Image
image/gif 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=95788104&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&ul=en-us&de=UTF-8&dt=Exploited%20Android%20flaw%20%27StrandHogg%27%20allows%20phishing%2C%20malicious%20permissions&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=lytics_refresh&ea=undefined&_u=aGDAAAADQ~&jid=&gjid=&cid=632344882.1576084628&tid=UA-1290429-10&_gid=67760927.1576084628&gtm=2wgav9W475TQW&cd20=&cd21=&cd22=&cd23=&cd24=&cd25=&cd26=&cd27=&cd28=&cd29=&cd30=Normal%20(0%20segments%20found)&z=191683928

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 00:09:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1703244
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 a
www.googletagmanager.com/ 0
59 B 15ms
15ms Image
image/gif 2a00:1450:4001:806::2008
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=GTM-W475TQW&cv=47&v=3&t=t&pid=295226150&rv=av9&es=1&e=gtm.load&eid=13&u=C&tc=25&tr=1html.5html.1ua&z=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:09 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
status: 204
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
103 B 6ms
6ms Image
image/gif 2a00:1450:4001:81b::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=95788104&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&ul=en-us&de=UTF-8&dt=Exploited%20Android%20flaw%20%27StrandHogg%27%20allows%20phishing%2C%20malicious%20permissions&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Scroll%20Depth&ea=%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&el=25%25&ev=25&_u=aGDAAAADQ~&jid=&gjid=&cid=632344882.1576084628&tid=UA-1290429-10&_gid=67760927.1576084628&gtm=2wgav9W475TQW&z=1637582510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 00:09:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1703244
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 a
www.googletagmanager.com/ 0
59 B 15ms
14ms Image
image/gif 2a00:1450:4001:806::2008
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=GTM-W475TQW&cv=47&v=3&t=t&pid=295226150&rv=av9&es=1&e=gtm.scrollDepth&eid=55&u=C&tc=25&tr=1ua&z=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:09 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
status: 204
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H/1.1 200 p Show response
olytics.omeda.com/olytics/segments/ 0
521 B 454ms
116ms XHR
text/plain 204.180.130.159
Omeda Communications

General

Check archive.org

Show headers Download Go to

Full URL: https://olytics.omeda.com/olytics/segments/p
Requested by: Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.180.130.159 Chicago, United States, ASN53866 (QTS-AS - Omeda Communications, US),
Reverse DNS: my.omedastaging.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://www.scmagazine.com
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Date: Wed, 11 Dec 2019 17:17:09 GMT
Server: Apache
vary: Access-Control-Request-Headers,Access-Control-Request-Headers,access-control-request-method
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1800
Access-Control-Allow-Headers: access-control-max-age,accept-language,origin,x-requested-with,access-control-request-headers,host,content-type,access-control-request-method,accept-encoding,accept,user-agent
Content-Length: 0

OPTIONS
H/1.1 200 / Show response
olytics.omeda.com/olytics/segments/form/check/ 0
521 B 456ms
115ms XHR
text/plain 204.180.130.159
Omeda Communications

General

Check archive.org

Show headers Download Go to

Full URL: https://olytics.omeda.com/olytics/segments/form/check/
Requested by: Host: olytics.omeda.com
URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.180.130.159 Chicago, United States, ASN53866 (QTS-AS - Omeda Communications, US),
Reverse DNS: my.omedastaging.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://www.scmagazine.com
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Date: Wed, 11 Dec 2019 17:17:10 GMT
Server: Apache
vary: Access-Control-Request-Headers,Access-Control-Request-Headers,access-control-request-method
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1800
Access-Control-Allow-Headers: access-control-max-age,accept-language,origin,x-requested-with,access-control-request-headers,host,content-type,access-control-request-method,accept-encoding,accept,user-agent
Content-Length: 0

POST
H/1.1 200 p Show response
olytics.omeda.com/olytics/segments/ 20 B
313 B 122ms
121ms XHR
application/json 204.180.130.159
Omeda Communications

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/segments/p

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS - Omeda Communications, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

dd0103b71a9f800bf8509fb3f34f29a1af4b26a10ceef71cea5bb29ae4ea106d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

Date: Wed, 11 Dec 2019 17:17:10 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block

POST
H/1.1 200 / Show response
olytics.omeda.com/olytics/segments/form/check/ 20 B
313 B 115ms
115ms XHR
application/json 204.180.130.159
Omeda Communications

General

Check archive.org

Show headers Download Go to

Full URL

https://olytics.omeda.com/olytics/segments/form/check/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

204.180.130.159 Chicago, United States, ASN53866 (QTS-AS - Omeda Communications, US),

Reverse DNS

my.omedastaging.com

Software

Apache /

Resource Hash

a8e427db11a8744bebbcdfd050f7b9d0a84b5a1754d086f1787c40db21955264

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

Date: Wed, 11 Dec 2019 17:17:10 GMT
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
6 KB 165ms
165ms XHR
text/plain 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1002386287147753&correlator=1065714448421611&output=ldjh&impl=fif&adsid=NT&eid=21062452%2C21062818%2C21065211&vrg=2019120201&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A536903688%2C8%3A134250504&sc=1&sfv=1-0-37&ecs=20191211&iu=%2F5745%2Fsc_us%2Fhome%2Fsecurity-news%2Fcybercrime%2Fleaderboard_top&sz=728x90%7C970x250&scp=pos%3Dleaderboard_top&eri=1&cust_params=pagetype%3Dpost%26sponsor%3D%26comp%3D%26author%3DBradley%2520Barth%26postID%3D101158%26env%3Dlive%26sid%3DCybercrime%252CMalware%252CMobile_Security%252CPhishing%252CSecurity_News%252CVulnerabilities%26styleid%3D%26cat%3DCybercrime%252CExploit%252CMalware%252CMobile_Security%252CPhishing%252CVulnerabilities%26atype%3DNews%26block%3D%26isnht%3Dfalse%26browser%3DChrome%252074&cookie=ID%3D8407cf167ae47693%3AT%3D1576084628%3AS%3DALNI_MbvHoPNhUqlBaoDBSrXthQDvTQbsg&cookie_enabled=1&bc=31&abxe=1&lmt=1576084630&dt=1576084630445&dlt=1576084627428&idt=821&frm=20&biw=1585&bih=1200&oid=3&adx=193&ady=194&adk=3023180299&uci=3&ifi=3&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&dssz=67&icsg=4503301131273201&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1200x106&msz=1200x90&ga_vid=632344882.1576084628&ga_sid=1576084628&ga_hid=95788104&fws=4&ohw=1585

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

c86a000c320a53462ea53aa66ff8b72c7edd34a1250c9358938ca8480b0b3e73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com

Response headers

date: Wed, 11 Dec 2019 17:17:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5546
x-xss-protection: 0
google-lineitem-id: 133590745
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138294874565
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 error_handler.js Show response
tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/ Frame F7EE 8 KB
4 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/error_handler.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

430742dc86adaf021f658da38ac9d5cffe5c0cb5da2e17459567604a812cc95d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 17:07:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 518995
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3874
x-xss-protection: 0
server: cafe
etag: 16000249251421057738
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Dec 2019 17:07:15 GMT

GET
H2 200 5505792843825734712
tpc.googlesyndication.com/simgad/ Frame F7EE 105 KB
105 KB 8ms
7ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5505792843825734712

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

3072374f2853840a3ad13aba345b65785fc6061efd97776d2a235f19867cde66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 15:14:00 GMT
x-content-type-options: nosniff
age: 180190
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 107396
x-xss-protection: 0
last-modified: Wed, 20 Nov 2019 13:51:10 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 08 Dec 2020 15:14:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/ Frame F7EE 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

135354ee6f0d0be8fddaa71ca1433f952165583e6df9548dc860900406d2f2fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 22:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 501127
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1211
x-xss-protection: 0
server: cafe
etag: 6809287428930443097
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Dec 2019 22:05:03 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame F7EE 77 KB
29 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:81f::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1575654529893506"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29272
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:10 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame F7EE 0
0 14ms
14ms Image
text/html 2a00:1450:4001:825::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSX-0PM1WfINLmY2UZzvOXtnxhnozLXEVSF4WHvz26NqOQIVGa9pdy9NK3i7aef6XIEMuw5vMJWuVddZnY_6WtnJY0z0w
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 init-140r6opg3f7b3b5fypx.js Show response
api.b2c.com/api/ Frame F7EE 12 KB
5 KB 171ms
170ms Script
text/javascript 2600:1f14:e96:5800:e0d8:bc5:3e87:8b93
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.b2c.com/api/init-140r6opg3f7b3b5fypx.js?AdUnitID_TopLevel=71217025&AdUnitID=21800043123&AdvertiserID=29195785&OrderID=415620985&LineItemID=133590745&CreativeID=138294874565&sid=Cybercrime,Malware,Mobile_Security,Phishing,Security_News,Vulnerabilities
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5800:e0d8:bc5:3e87:8b93 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: bb865c0afa3a249dc8a0df2fe67c7c7321ff040c8afa59c6b5f053190df85810

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:10 GMT
content-encoding: gzip
server: openresty
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, must-revalidate
expires: -1

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 78 KB
29 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:81f::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

63890326f558587b0840eb0a6e6377f1bf39264e015e568f4c2a03aefce3f929

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1575654529893506"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29463
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:10 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame F7EE 0
0 37ms
36ms Fetch
image/gif 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuOJkRaNeQNmS_9nLK9zgTWNQzTUNflaqTRQmfxKJN1dMLXnCeD9g9Ss5pETiHWRQxSBfmZzG6nHKaLRpYHfWwBkywCIEgqVJU8X_FE2dDDymrRgdYQ7E6nArJd_uiLb4CtZqZ81bv6e_W4u3UY1OjyVSxC5LvUBNkDkVI5Fo75EpU2xYPaRANQZ-dSQifQ58KzcRSapVortC3eYYveEcbyGKPfXY1F0cC1f7HMUW2FKtLml2qDfKhnzYMO7fb1mH14Q7jtwzoq2xNfPK3B-lPZYMJdGC7htf3T2tUC1K5UcIs7LykY&sig=Cg0ArKJSzMqO0HYRyg8tEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Dec 2019 17:17:10 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F7EE 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9028c67360db112d1594c1e50ac4dcd1178b4e6a99ce6270cba41a57fab9235e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK ad.gif
api-54-202-25-105.b2c.com/api/ Frame F7EE 43 B
233 B 506ms
168ms Image
image/gif 2600:1f14:e96:5802:2aa4:86a:63f0:9119
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-54-202-25-105.b2c.com/api/ad.gif
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:2aa4:86a:63f0:9119 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:11 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

302
Moved Temporarily

4 Show response
api-54-202-25-105.b2c.com/api/ Frame F7EE
Redirect Chain

https://api-54-202-25-105.b2c.com/api/x?THAhgBkVw7XoGzHg$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3Z1bG5lcmFiaWxpdGllcy9leHBsb2l0ZWQtYW5kcm9pZC1mbGF3LXN0cmFuZGhvZ2ctZW5h...
https://api-54-202-25-105.b2c.com:444/api/4?THAhgBkVw7XoGzHg

0
-1 B

525ms
178ms

XHR
text/html

2600:1f14:e96:5802:2aa4:86a:63f0:9119
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-202-25-105.b2c.com:444/api/4?THAhgBkVw7XoGzHg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:2aa4:86a:63f0:9119 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:11 GMT
Server: openresty
Access-Control-Allow-Origin: https://www.scmagazine.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Location: https://api-54-202-25-105.b2c.com:444/api/4?THAhgBkVw7XoGzHg
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 142

Redirect headers

Date: Wed, 11 Dec 2019 17:17:11 GMT
Server: openresty
Location: https://api-54-202-25-105.b2c.com:444/api/4?THAhgBkVw7XoGzHg
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: https://www.scmagazine.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 142

POST
H/1.1 200
OK x
api-54-202-25-105.b2c.com/api/ Frame F7EE 0
388 B 169ms
168ms Other
text/plain 2600:1f14:e96:5802:2aa4:86a:63f0:9119
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-202-25-105.b2c.com/api/x?THAhgBkVw7XoGzHg$YWRibG9jayQ1MTgkMA
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:2aa4:86a:63f0:9119 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 17:17:11 GMT
Server: openresty
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.scmagazine.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: -1

GET
H/1.1 200
OK 4 Show response
api-54-202-25-105.b2c.com/api/ Frame F7EE 43 B
441 B 181ms
181ms XHR
image/gif 54.202.25.105
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-202-25-105.b2c.com:444/api/4?THAhgBkVw7XoGzHg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.202.25.105 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-202-25-105.us-west-2.compute.amazonaws.com
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: null

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 17:17:11 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: null
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
Expires: -1

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
5 KB 124ms
123ms XHR
text/plain 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1002386287147753&correlator=1065714448421611&output=ldjh&impl=fif&adsid=NT&eid=21062452%2C21062818%2C21065211&vrg=2019120201&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A536903688%2C8%3A134250504&sc=1&sfv=1-0-37&ecs=20191211&iu=%2F5745%2Fsc_us%2Fhome%2Fsecurity-news%2Fcybercrime%2Fleaderboard_bottom&sz=728x90%7C970x250&scp=pos%3Dleaderboard_bottom%26lid%3D133590745&eri=1&cust_params=pagetype%3Dpost%26sponsor%3D%26comp%3D%26author%3DBradley%2520Barth%26postID%3D101158%26env%3Dlive%26sid%3DCybercrime%252CMalware%252CMobile_Security%252CPhishing%252CSecurity_News%252CVulnerabilities%26styleid%3D%26cat%3DCybercrime%252CExploit%252CMalware%252CMobile_Security%252CPhishing%252CVulnerabilities%26atype%3DNews%26block%3D%26isnht%3Dfalse%26browser%3DChrome%252074&cookie=ID%3D8407cf167ae47693%3AT%3D1576084628%3AS%3DALNI_MbvHoPNhUqlBaoDBSrXthQDvTQbsg&cookie_enabled=1&bc=31&abxe=1&lmt=1576084631&dt=1576084631664&dlt=1576084627428&idt=821&frm=20&biw=1585&bih=1200&oid=3&adx=429&ady=2221&adk=3264981569&uci=4&ifi=4&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&dssz=67&icsg=4503301131273201&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x2010&msz=1585x90&psts=CjUI2d3ZP-gBxaORmIMEggIbsbmAD4Hf-iH53_oh2sXaj1G-xoObUfOEiZtR0QKjfRulaEjWHw&ga_vid=632344882.1576084628&ga_sid=1576084628&ga_hid=95788104&fws=4&ohw=1585

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

fdd01417dbb06d44a4ddb70a5e858285e2f46e9dc4a7b0e05a4afabc29453bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com

Response headers

date: Wed, 11 Dec 2019 17:17:11 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5512
x-xss-protection: 0
google-lineitem-id: 133590745
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138296343036
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 error_handler.js Show response
tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/ Frame 2802 8 KB
4 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/error_handler.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

430742dc86adaf021f658da38ac9d5cffe5c0cb5da2e17459567604a812cc95d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 17:07:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 518996
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3874
x-xss-protection: 0
server: cafe
etag: 16000249251421057738
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Dec 2019 17:07:15 GMT

GET
H2 200 15441998456576313894
tpc.googlesyndication.com/simgad/ Frame 2802 71 KB
71 KB 8ms
7ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15441998456576313894

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

06805b6af9f509695d13d2cfaeaf5e812cafac499fbd7a3d216bbd0348894f5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 02 Dec 2019 16:22:55 GMT
x-content-type-options: nosniff
age: 780856
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 72562
x-xss-protection: 0
last-modified: Mon, 02 Dec 2019 15:40:47 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 01 Dec 2020 16:22:55 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/ Frame 2802 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

135354ee6f0d0be8fddaa71ca1433f952165583e6df9548dc860900406d2f2fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 22:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 501128
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1211
x-xss-protection: 0
server: cafe
etag: 6809287428930443097
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Dec 2019 22:05:03 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2802 77 KB
29 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:81f::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1575654529893506"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29272
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:11 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2802 0
0 14ms
14ms Image
text/html 2a00:1450:4001:825::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSPyV4p2u3fhA8CYlOZwleCLQdtVIgAsH2R1kVWW7ad9HUhLBSqeQvjvdmYGoso80bAtnxc8ZCt7v6crDoNjip-KXNUQA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 init-140r6opg3f7b3b5fypx.js Show response
api.b2c.com/api/ Frame 2802 12 KB
5 KB 171ms
170ms Script
text/javascript 2600:1f14:e96:5800:e0d8:bc5:3e87:8b93
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.b2c.com/api/init-140r6opg3f7b3b5fypx.js?AdUnitID_TopLevel=71217025&AdUnitID=21800042973&AdvertiserID=29195785&OrderID=415620985&LineItemID=133590745&CreativeID=138296343036&sid=Cybercrime,Malware,Mobile_Security,Phishing,Security_News,Vulnerabilities
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5800:e0d8:bc5:3e87:8b93 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: 6f345fe5c5ed30c1abdc516c3dc3afff45a0f069be4bab60cd381105c6eed40c

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:11 GMT
content-encoding: gzip
server: openresty
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, must-revalidate
expires: -1

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2802 0
0 37ms
36ms Fetch
image/gif 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvxfkYc1rl86cSDKCa9Uxoxcv4uUTlduMSsgVG7BAHbzGa221OkDFlrgY2UX_bT4y9DCTiYcXh_klR8I1wSQHlNqtk_FeNFZQNMM--b4C1pgL9OreMQ3H0bdjGH0fKp63k7s4bXb-RipA8k3Wac9A8MwalevJQ3tzfKUEO7mNuEJ9Ha0i8htfrmstX0nOZz0PSZ1p_r6BAPBn0DvirJ0V8tF-bdUErwllx719f-CjLgp0afK6RAXyxObJkKflfaAd9tjg4Yzan_gSD0vN_SABCEflZ_rHCRjaVz-PWZ1zYSrqkB6MfoQ8CT&sig=Cg0ArKJSzCZynqKjoGEUEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Dec 2019 17:17:11 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2802 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9545285391aee885c3aab55f116d9aa04e83f23749b30e704dd4b7386a2e5033

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame F7EE 42 B
122 B 15ms
14ms Image
image/gif 2a00:1450:4001:818::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv-iIgpBI2r0b2VEKr5sZrnPEsXv52jlXEc9dbCivmQWa-hEp6OLglR_Ji3zDm-lygc4TNPSbgX1YpYHWD4teee4kFtwcFTdKmQ1kpv06Q&sig=Cg0ArKJSzBfM0yJBVNJiEAE&adk=3023180299&tt=-1&bs=1585%2C1200&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&p=194,429,284,1157&mcvt=1007&rs=0&ht=0&tfs=213&tls=1220&mc=1&lte=1&bas=0&bac=0&met=mue&avms=nio&exg=1&md=2&lm=2&rst=1576084630620&dlt&rpt=149&isd=0&msd=0&ext&imams=1&xdi=0&ps=1585%2C2867&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-7-13-6-12-12-0-0-0&tvt=1217&is=728%2C90&iframe_loc=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&r=v&id=osdim&vs=4&uc=13&upc=1&tgt=DIV&cl=1&cec=1&clc=1&wf=0&cac=1&cd=728x90&itpl=3&v=20191206

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:11 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ad.gif
api-52-34-71-117.b2c.com/api/ Frame 2802 43 B
233 B 520ms
173ms Image
image/gif 2600:1f14:e96:5802:64ac:ae38:36cf:1070
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-52-34-71-117.b2c.com/api/ad.gif
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:64ac:ae38:36cf:1070 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:12 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

302
Moved Temporarily

4 Show response
api-52-34-71-117.b2c.com/api/ Frame 2802
Redirect Chain

https://api-52-34-71-117.b2c.com/api/x?XTSrsP5vvy7bnKGo$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3Z1bG5lcmFiaWxpdGllcy9leHBsb2l0ZWQtYW5kcm9pZC1mbGF3LXN0cmFuZGhvZ2ctZW5hY...
https://api-52-34-71-117.b2c.com:444/api/4?XTSrsP5vvy7bnKGo

0
-1 B

523ms
176ms

XHR
text/html

2600:1f14:e96:5802:64ac:ae38:36cf:1070
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-52-34-71-117.b2c.com:444/api/4?XTSrsP5vvy7bnKGo
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:64ac:ae38:36cf:1070 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:12 GMT
Server: openresty
Access-Control-Allow-Origin: https://www.scmagazine.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Location: https://api-52-34-71-117.b2c.com:444/api/4?XTSrsP5vvy7bnKGo
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 142

Redirect headers

Date: Wed, 11 Dec 2019 17:17:12 GMT
Server: openresty
Location: https://api-52-34-71-117.b2c.com:444/api/4?XTSrsP5vvy7bnKGo
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: https://www.scmagazine.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 142

POST
H/1.1 200
OK x
api-52-34-71-117.b2c.com/api/ Frame 2802 0
388 B 173ms
173ms Other
text/plain 2600:1f14:e96:5802:64ac:ae38:36cf:1070
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-52-34-71-117.b2c.com/api/x?XTSrsP5vvy7bnKGo$YWRibG9jayQ1MzgkMA
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5802:64ac:ae38:36cf:1070 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 17:17:12 GMT
Server: openresty
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.scmagazine.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: -1

GET
H/1.1 200
OK 4 Show response
api-52-34-71-117.b2c.com/api/ Frame 2802 43 B
441 B 728ms
184ms XHR
image/gif 52.34.71.117
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-52-34-71-117.b2c.com:444/api/4?XTSrsP5vvy7bnKGo
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.34.71.117 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-34-71-117.us-west-2.compute.amazonaws.com
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: null

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 17:17:13 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: null
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
Expires: -1

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
5 KB 150ms
150ms XHR
text/plain 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1002386287147753&correlator=1065714448421611&output=ldjh&impl=fif&adsid=NT&eid=21062452%2C21062818%2C21065211&vrg=2019120201&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A536903688%2C8%3A134250504&sc=1&sfv=1-0-37&ecs=20191211&iu=%2F5745%2Fsc_us%2Fhome%2Fsecurity-news%2Fcybercrime%2Fbox_1&sz=300x250%7C300x600%7C300x1050&scp=pos%3Dbox_1%26lid%3D133590745&eri=1&cust_params=pagetype%3Dpost%26sponsor%3D%26comp%3D%26author%3DBradley%2520Barth%26postID%3D101158%26env%3Dlive%26sid%3DCybercrime%252CMalware%252CMobile_Security%252CPhishing%252CSecurity_News%252CVulnerabilities%26styleid%3D%26cat%3DCybercrime%252CExploit%252CMalware%252CMobile_Security%252CPhishing%252CVulnerabilities%26atype%3DNews%26block%3D%26isnht%3Dfalse%26browser%3DChrome%252074&cookie=ID%3D8407cf167ae47693%3AT%3D1576084628%3AS%3DALNI_MbvHoPNhUqlBaoDBSrXthQDvTQbsg&cookie_enabled=1&bc=31&abxe=1&lmt=1576084632&dt=1576084632814&dlt=1576084627428&idt=821&frm=20&biw=1585&bih=1200&oid=3&adx=1053&ady=359&adk=2215451973&uci=5&ifi=5&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&dssz=66&icsg=4503301131273201&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x250&msz=300x250&psts=CjUI2d3ZP-gBxaORmIMEggIbsbmAD4Hf-iH53_oh2sXaj1G-xoObUfOEiZtR0QKjfRulaEjWHw%2CCjUI2d3ZP-gB_PPqmIMEggIbsbmAD4Hf-iH53_oh2sXaj1G-xoObUd2DiZtR0QLOUkdaboawJw&ga_vid=632344882.1576084628&ga_sid=1576084628&ga_hid=95788104&fws=4&ohw=1585

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

c03e9de091521f552d8de07d05252d59781b1e1dd690ded0faceacfa138f3b16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com

Response headers

date: Wed, 11 Dec 2019 17:17:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5534
x-xss-protection: 0
google-lineitem-id: 133590745
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138294873983
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 error_handler.js Show response
tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/ Frame C284 8 KB
4 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/error_handler.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

430742dc86adaf021f658da38ac9d5cffe5c0cb5da2e17459567604a812cc95d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 17:07:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 518997
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3874
x-xss-protection: 0
server: cafe
etag: 16000249251421057738
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Dec 2019 17:07:15 GMT

GET
H2 200 6275176455982874240
tpc.googlesyndication.com/simgad/ Frame C284 42 KB
42 KB 8ms
6ms Image
image/jpeg 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6275176455982874240

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7e61d580e2835389da5920c4a2cdaa12fdbd346cc62ce3ffc1c916bf765dd810

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 09 Dec 2019 15:02:48 GMT
x-content-type-options: nosniff
age: 180864
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 43363
x-xss-protection: 0
last-modified: Wed, 20 Nov 2019 13:51:13 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 08 Dec 2020 15:02:48 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/ Frame C284 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

135354ee6f0d0be8fddaa71ca1433f952165583e6df9548dc860900406d2f2fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 22:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 501129
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1211
x-xss-protection: 0
server: cafe
etag: 6809287428930443097
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Dec 2019 22:05:03 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame C284 77 KB
29 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:81f::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1575654529893506"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29272
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:12 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame C284 0
0 15ms
14ms Image
text/html 2a00:1450:4001:825::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRELinPn7Ub09o9z0J2cYzUjKFhZ91J6MKQ_yqlmy3yxwb291xuIfyHnTXfQQgElXcXWjzn5HDoKCexfIkyY2d3EqV9Mw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 init-140r6opg3f7b3b5fypx.js Show response
api.b2c.com/api/ Frame C284 12 KB
5 KB 175ms
174ms Script
text/javascript 2600:1f14:e96:5800:e0d8:bc5:3e87:8b93
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.b2c.com/api/init-140r6opg3f7b3b5fypx.js?AdUnitID_TopLevel=71217025&AdUnitID=21799953226&AdvertiserID=29195785&OrderID=415620985&LineItemID=133590745&CreativeID=138294873983&sid=Cybercrime,Malware,Mobile_Security,Phishing,Security_News,Vulnerabilities
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5800:e0d8:bc5:3e87:8b93 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: 85555161f697194bd43c35313b86d68c73ff730613b9270c9866e7e39df15680

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:13 GMT
content-encoding: gzip
server: openresty
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, must-revalidate
expires: -1

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame C284 0
0 37ms
37ms Fetch
image/gif 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstGhifmxulsHSIT5pgxydnKLH9RBLOXwXl3adw2YAywNaxpdcgVenkSo9EJlQglgmNM2DoMmUwu3QWn-aVvy0vI6SGFUu6cjUahCb97oET4-JgU7DBjgbkOx-la1i2_W56XnUXocc9Qa_jJ-4yCI8PrtTqLNFTOlcKCMvBBCcWhi9d4JmomORdqi_hXKuwknoQDymz486Tz1nPI6xZG-tXsOi8fjVwLpCyjQT69IIkAxPeOLZAY0bJau7f7PZROjswdfnDT1f5TdxnREztWcB_i_27mZ_ETyY3HX1Q&sig=Cg0ArKJSzI42DpBLbPIWEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Dec 2019 17:17:13 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C284 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ef48eb370be5c07d38093d5e77dc0fa9f28077c15cd3a164abfc4db9dc8427

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK ad.gif
api-54-191-156-221.b2c.com/api/ Frame C284 43 B
233 B 524ms
174ms Image
image/gif 2600:1f14:e96:5800:aa3a:a4e5:2870:6291
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-54-191-156-221.b2c.com/api/ad.gif
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5800:aa3a:a4e5:2870:6291 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:13 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

302
Moved Temporarily

4 Show response
api-54-191-156-221.b2c.com/api/ Frame C284
Redirect Chain

https://api-54-191-156-221.b2c.com/api/x?cEmjBfkUobIgzwGf$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3Z1bG5lcmFiaWxpdGllcy9leHBsb2l0ZWQtYW5kcm9pZC1mbGF3LXN0cmFuZGhvZ2ctZW5...
https://api-54-191-156-221.b2c.com:444/api/4?cEmjBfkUobIgzwGf

0
-1 B

520ms
174ms

XHR
text/html

2600:1f14:e96:5800:aa3a:a4e5:2870:6291
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-191-156-221.b2c.com:444/api/4?cEmjBfkUobIgzwGf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5800:aa3a:a4e5:2870:6291 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:13 GMT
Server: openresty
Access-Control-Allow-Origin: https://www.scmagazine.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Location: https://api-54-191-156-221.b2c.com:444/api/4?cEmjBfkUobIgzwGf
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 142

Redirect headers

Date: Wed, 11 Dec 2019 17:17:13 GMT
Server: openresty
Location: https://api-54-191-156-221.b2c.com:444/api/4?cEmjBfkUobIgzwGf
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: https://www.scmagazine.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 142

POST
H/1.1 200
OK x
api-54-191-156-221.b2c.com/api/ Frame C284 0
388 B 174ms
174ms Other
text/plain 2600:1f14:e96:5800:aa3a:a4e5:2870:6291
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-191-156-221.b2c.com/api/x?cEmjBfkUobIgzwGf$YWRibG9jayQ1MzkkMA
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5800:aa3a:a4e5:2870:6291 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 17:17:13 GMT
Server: openresty
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.scmagazine.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: -1

GET
H/1.1 200
OK 4 Show response
api-54-191-156-221.b2c.com/api/ Frame C284 43 B
441 B 727ms
184ms XHR
image/gif 54.191.156.221
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-54-191-156-221.b2c.com:444/api/4?cEmjBfkUobIgzwGf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.191.156.221 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-191-156-221.us-west-2.compute.amazonaws.com
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: null

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 17:17:14 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: null
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
Expires: -1

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
6 KB 135ms
135ms XHR
text/plain 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1002386287147753&correlator=1065714448421611&output=ldjh&impl=fif&adsid=NT&eid=21062452%2C21062818%2C21065211&vrg=2019120201&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A536903688%2C8%3A134250504&sc=1&sfv=1-0-37&ecs=20191211&iu=%2F5745%2Fsc_us%2Fhome%2Fsecurity-news%2Fcybercrime%2Fbox_2&sz=300x250%7C300x600&scp=pos%3Dbox_2%26lid%3D133590745&eri=1&cust_params=pagetype%3Dpost%26sponsor%3D%26comp%3D%26author%3DBradley%2520Barth%26postID%3D101158%26env%3Dlive%26sid%3DCybercrime%252CMalware%252CMobile_Security%252CPhishing%252CSecurity_News%252CVulnerabilities%26styleid%3D%26cat%3DCybercrime%252CExploit%252CMalware%252CMobile_Security%252CPhishing%252CVulnerabilities%26atype%3DNews%26block%3D%26isnht%3Dfalse%26browser%3DChrome%252074&cookie_enabled=1&bc=31&abxe=1&lmt=1576084634&dt=1576084634002&dlt=1576084627428&idt=821&frm=20&biw=1585&bih=1200&oid=3&adx=1053&ady=1552&adk=3910437336&uci=6&ifi=6&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&dssz=66&icsg=4503301131273201&mso=67108864&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x283&msz=300x250&psts=CjUI2d3ZP-gB_56RmIMEggIbsbmAD4Hf-iH53_oh2sXaj1G-xoObUcrGg5tR0QLz3vdtM7OI7g%2CCjUI2d3ZP-gBxaORmIMEggIbsbmAD4Hf-iH53_oh2sXaj1G-xoObUfOEiZtR0QKjfRulaEjWHw%2CCjUI2d3ZP-gB_PPqmIMEggIbsbmAD4Hf-iH53_oh2sXaj1G-xoObUd2DiZtR0QLOUkdaboawJw&ga_vid=632344882.1576084628&ga_sid=1576084628&ga_hid=95788104&fws=4&ohw=1585

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

f257cdd33770e507c5c648058707e2cd851855e4fe100954ebe33fed31021f81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com

Response headers

date: Wed, 11 Dec 2019 17:17:14 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5577
x-xss-protection: 0
google-lineitem-id: 133590745
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138272954792
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.scmagazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame C284 42 B
122 B 15ms
14ms Image
image/gif 2a00:1450:4001:818::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssJhSZvuWhqdn3DF-uwkzTpy7KG-FsHlEOtrpD4sdeVzMhMCD794WCfg6ZPDC7ZbVCIu6M9ScmycezkiYIqJrICnnxqONbPDtWd12OKhgE&sig=Cg0ArKJSzCsr0HV_BT4yEAE&adk=2215451973&tt=-1&bs=1585%2C1200&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&p=359,1053,959,1353&mcvt=1007&rs=0&ht=0&tfs=103&tls=1110&mc=1&lte=1&bas=0&bac=0&met=mue&avms=nio&exg=1&md=2&lm=2&rst=1576084632975&dlt&rpt=52&isd=0&msd=0&ext&imams=1&xdi=0&ps=1585%2C2867&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-4-12-2-11-11-0-0-0&tvt=1109&is=300%2C600&iframe_loc=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&r=v&id=osdim&vs=4&uc=12&upc=1&tgt=DIV&cl=1&cec=1&clc=1&wf=0&cac=1&cd=300x600&itpl=3&v=20191206

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:14 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7884 0
0 36ms
35ms Fetch
image/gif 172.217.23.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsunTVxro4BXNExQKGmqKHpLGVPvI7RXx1eOYPh9i-OoK3Q-MqdFEbA5E3YiImtuhWtWazae4_zU0Z8GlHcfk3gedaMT_bjaRsRqBlPh3mOS2qBTFeMp949duTfugKnHM8rn9OA6k1aA-5R3WIZ8YJe88pyMLhX6RwiKlSEyIGp3uZnMzxu73SrKUzlWRkeIe5g5u2Pn_SGTvy3CwZTP-zPkY2XgcS4sq7sDj4lpSd6jGgIKqnP7RDVESFMrgDZuIypRtndHe4_s6hMRNrOYRihrhtiHn7_eOAIly_E&sai=AMfl-YTSrJB-0_6BL1DrlVqrBNDNUU7XiNihKFm5Lt5EO6lqKeW6bWF5c6xEDqzFsiKhv2p1a67qqRVWZ8gDf2jLg5nT2-bzIv9qwJAkCnwN&sig=Cg0ArKJSzOsEEjU7ZvJdEAE&adurl=

Requested by

Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Dec 2019 17:17:14 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:14 GMT

GET
H2 200 window_focus.js Show response
tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/ Frame 7884 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20191205/r20110914/client/window_focus.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0b1ace9b39cfa2f3de9ebd25c2b2e2b44816502e53809093d2c53dc2898f4d83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 05 Dec 2019 17:07:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 518987
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1126
x-xss-protection: 0
server: cafe
etag: 5070557177101173266
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Dec 2019 17:07:27 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7884 77 KB
29 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:81f::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 17:17:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1575654529893506"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29272
x-xss-protection: 0
expires: Wed, 11 Dec 2019 17:17:14 GMT

GET
H2 200 init-140r6opg3f7b3b5fypx.js Show response
api.b2c.com/api/ Frame 7884 12 KB
5 KB 174ms
173ms Script
text/javascript 2600:1f14:e96:5800:e0d8:bc5:3e87:8b93
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.b2c.com/api/init-140r6opg3f7b3b5fypx.js?AdUnitID_TopLevel=71217025&AdUnitID=21800042979&AdvertiserID=29195785&OrderID=415620985&LineItemID=133590745&CreativeID=138272954792&sid=Cybercrime,Malware,Mobile_Security,Phishing,Security_News,Vulnerabilities
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5800:e0d8:bc5:3e87:8b93 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: 94216b1a0d6612ffc946d76683dcbd71d02c805002fbc4c93dfa5a1d838faaf1

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:14 GMT
content-encoding: gzip
server: openresty
content-type: text/javascript
status: 200
cache-control: no-cache, no-store, must-revalidate
expires: -1

GET
H2 200 2881181982193619765
tpc.googlesyndication.com/simgad/ Frame 7884 104 KB
104 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2881181982193619765

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

bde6c8f2d12960ffe22f3f0179ccefd3e565641c5bdcd54ad9d8f512c79c6d89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 Nov 2019 11:52:23 GMT
x-content-type-options: nosniff
age: 1747491
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 106534
x-xss-protection: 0
last-modified: Thu, 13 Jun 2019 15:43:41 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Nov 2020 11:52:23 GMT

GET
DATA 200
OK truncated
/ Frame 7884 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae91e9cf8dbfcfc752190d553c1c618fc7e3e4d3d41ad0de7b9310822793d802

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK ad.gif
api-34-210-175-135.b2c.com/api/ Frame 7884 43 B
233 B 517ms
171ms Image
image/gif 2600:1f14:e96:5800:2ca5:1e0e:5cdc:3384
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api-34-210-175-135.b2c.com/api/ad.gif
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5800:2ca5:1e0e:5cdc:3384 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:14 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

302
Moved Temporarily

4 Show response
api-34-210-175-135.b2c.com/api/ Frame 7884
Redirect Chain

https://api-34-210-175-135.b2c.com/api/x?0dqO11VFuEudvhjT$dXJsJDAkaHR0cHM6Ly93d3cuc2NtYWdhemluZS5jb20vaG9tZS9zZWN1cml0eS1uZXdzL3Z1bG5lcmFiaWxpdGllcy9leHBsb2l0ZWQtYW5kcm9pZC1mbGF3LXN0cmFuZGhvZ2ctZW5...
https://api-34-210-175-135.b2c.com:444/api/4?0dqO11VFuEudvhjT

0
-1 B

531ms
179ms

XHR
text/html

2600:1f14:e96:5800:2ca5:1e0e:5cdc:3384
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-34-210-175-135.b2c.com:444/api/4?0dqO11VFuEudvhjT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5800:2ca5:1e0e:5cdc:3384 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:15 GMT
Server: openresty
Access-Control-Allow-Origin: https://www.scmagazine.com
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Location: https://api-34-210-175-135.b2c.com:444/api/4?0dqO11VFuEudvhjT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 142

Redirect headers

Date: Wed, 11 Dec 2019 17:17:15 GMT
Server: openresty
Location: https://api-34-210-175-135.b2c.com:444/api/4?0dqO11VFuEudvhjT
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: https://www.scmagazine.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 142

POST
H/1.1 200
OK x
api-34-210-175-135.b2c.com/api/ Frame 7884 0
388 B 174ms
174ms Other
text/plain 2600:1f14:e96:5800:2ca5:1e0e:5cdc:3384
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-34-210-175-135.b2c.com/api/x?0dqO11VFuEudvhjT$YWRibG9jayQ3MDAkMA
Requested by: Host: www.scmagazine.com
URL: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:e96:5800:2ca5:1e0e:5cdc:3384 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: https://www.scmagazine.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 17:17:15 GMT
Server: openresty
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.scmagazine.com
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: -1

GET
H/1.1 200
OK 4 Show response
api-34-210-175-135.b2c.com/api/ Frame 7884 43 B
441 B 728ms
186ms XHR
image/gif 34.210.175.135
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api-34-210-175-135.b2c.com:444/api/4?0dqO11VFuEudvhjT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.210.175.135 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-210-175-135.us-west-2.compute.amazonaws.com
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
Origin: null

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 17:17:15 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: openresty
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: null
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
Expires: -1

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=95788104&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.scmagazine.com%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-e...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1290429-10&cid=632344882.1576084628&jid=499022258&_gid=809682982.1576084643&gjid=688723477&_v=j79&z=1409778149
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=632344882.1576084628&jid=499022258&_v=j79&z=1409778149
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=632344882.1576084628&jid=499022258&_v=j79&z=1409778149&slf_rd=1&random=3847355332

42 B
109 B

30ms
29ms

Image
image/gif

2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=632344882.1576084628&jid=499022258&_v=j79&z=1409778149&slf_rd=1&random=3847355332

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:23 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1290429-10&cid=632344882.1576084628&jid=499022258&_v=j79&z=1409778149&slf_rd=1&random=3847355332
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
168 B 124ms
123ms Image
image/gif 54.86.129.194
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=scmagazine.com&p=%2Fhome%2Fsecurity-news%2Fvulnerabilities%2Fexploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions%2F&u=LnVDSCbY-f8Dc5pui&d=scmagazine.com&g=56851&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0.25&x=0&m=0&y=2867&o=1585&w=1200&j=30&R=1&W=0&I=0&E=5&e=5&r=&b=1600&t=DSJ2V3YHxsbBWoMWXfC1FTDMMokf&V=118&tz=-60&sn=2&sv=BFvaLKJi-P0CrlSXhDJ3fpwMG_kt&sd=1&im=067b2fff&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.86.129.194 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-86-129-194.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Wed, 11 Dec 2019 17:17:23 GMT
cache-control: no-cache, no-store, must-revalidate
expires: 0
content-length: 43
content-type: image/gif

GET
H/1.1 200
OK imsync.ashx Show response
ml314.com/ 17 B
427 B 37ms
37ms Script
text/html 52.215.103.126
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/imsync.ashx?pi=3606676836315562029&data=eyJwaCI6MjY1NSwid2giOjEyMDAsInRicyI6MCwiZHQiOjE1LCJwaWQiOiIxNTc2MDg0NjI4MzYzX3dicnJpdzZpZSIsInNkIjoxMjAwfQ%3D%3D
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?11112019
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.103.126 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 62ce950ad0d7f664b316b4253bbc993bf0bf8310970f64b150fda6f1fa59dfea

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 17:17:22 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Connection: keep-alive
Content-Length: 135

GET
H2 204 a
www.googletagmanager.com/ 0
59 B 16ms
14ms Image
image/gif 2a00:1450:4001:806::2008
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=GTM-W475TQW&cv=47&v=3&t=t&pid=295226150&rv=av9&es=1&e=gtm.timer&eid=57&u=C&tc=25&tr=1ua.5ua&z=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.scmagazine.com/home/security-news/vulnerabilities/exploited-android-flaw-strandhogg-enables-phishing-overlays-malicious-permissions/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 17:17:23 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
status: 204
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

134 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.scmagazine.com/	1970-01-19 23:19:16	Name: __gads Value: ID=8407cf167ae47693:T=1576084628:S=ALNI_MbvHoPNhUqlBaoDBSrXthQDvTQbsg
.www.scmagazine.com/	1970-01-19 05:48:08	Name: feathr_session_id Value: 5df1249491ace50ed36a3092
www.scmagazine.com/	1970-01-22 21:24:04	Name: _ccmsi Value: 1576084628363_wbrriw6ie\|1576084628363
www.scmagazine.com/	1970-01-22 21:24:04	Name: _ccmaid Value: 3606676836315562029
www.scmagazine.com/	1970-01-19 15:16:52	Name: _cb Value: LnVDSCbY-f8Dc5pui
www.scmagazine.com/	1970-01-19 15:16:52	Name: _chartbeat2 Value: .1576084628290.1576084628290.1.BFvaLKJi-P0CrlSXhDJ3fpwMG_kt.1
.scmagazine.com/	1970-01-19 14:33:40	Name: oly_anon_id Value: %22F-cfc5fbb9-ff92-4018-85f3-06a35d7b1fc1%22
www.scmagazine.com/	1970-01-19 15:16:52	Name: _cb_ls Value: 1
.scmagazine.com/	1970-01-19 05:48:04	Name: _gat_UA-1290429-10 Value: 1
www.scmagazine.com/	1970-01-19 05:48:08	Name: hmSsoCheck Value: true
.scmagazine.com/	1970-01-19 05:49:31	Name: _gid Value: GA1.2.67760927.1576084628
.scmagazine.com/	1970-01-19 14:33:40	Name: oly_enc_id Value: null
.scmagazine.com/	1970-01-19 23:19:16	Name: _ga Value: GA1.2.632344882.1576084628
www.scmagazine.com/	1970-01-19 05:48:06	Name: _cb_svref Value: null

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.scmagazine.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://c.lytics.io/api/tag//lio.js(Line 1) Message: Missing required params.
console-api	log	URL: https://olytics.omeda.com/olytics/js/v3/p/olytics.min.js(Line 46) Message: olytics fire called
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1575598991(Line 1) Message: [ABD] start beginTest
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1575598991(Line 1) Message: [ABD] adding bait node to DOM
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1575598991(Line 1) Message: [ABD] start beginTest
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1575598991(Line 1) Message: [ABD] adding bait node to DOM
console-api	log	(Line 5) Message: OK
console-api	log	URL: https://www.scmagazine.com/wp-content/themes/haymarket/dist/js/iab.min.js?ver=1575598991(Line 1) Message: [ABD] exiting test loop - value: false

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.haymarketmedia.com
adservice.google.com
adservice.google.de
api-34-210-175-135.b2c.com
api-52-34-71-117.b2c.com
api-54-191-156-221.b2c.com
api-54-202-25-105.b2c.com
api.b2c.com
c.lytics.io
cdn.feathr.co
content.maropost.com
fonts.googleapis.com
fonts.gstatic.com
idsync.rlcdn.com
in.ml314.com
insight.adsrvr.org
js.adsrvr.org
marco.feathr.co
match.adsrvr.org
ml314.com
olytics.omeda.com
oqs.omeda.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel.mathtag.com
polo-v1.feathr.co
polo.feathr.co
ps.eyeota.net
px.ads.linkedin.com
s3.amazonaws.com
sample-api-v2.crazyegg.com
script.crazyegg.com
securepubads.g.doubleclick.net
snap.licdn.com
static.chartbeat.com
stats.g.doubleclick.net
sync.crwdcntrl.net
tags.bluekai.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
www.scmagazine.com
13.35.253.80
13.35.255.55
172.217.23.98
18.213.112.55
2.18.233.201
204.180.130.159
204.180.130.165
23.5.109.152
2600:1f14:e96:5800:2ca5:1e0e:5cdc:3384
2600:1f14:e96:5800:aa3a:a4e5:2870:6291
2600:1f14:e96:5800:e0d8:bc5:3e87:8b93
2600:1f14:e96:5802:2aa4:86a:63f0:9119
2600:1f14:e96:5802:64ac:ae38:36cf:1070
2600:9000:2057:5400:18:1fcd:349:ca21
2600:9000:2156:200:a:1779:3180:93a1
2606:4700:20::681a:216
2606:4700:20::681a:e77
2606:4700::6813:9308
2a00:1450:4001:800::2002
2a00:1450:4001:806::2008
2a00:1450:4001:808::2001
2a00:1450:4001:818::2002
2a00:1450:4001:818::2003
2a00:1450:4001:81b::200e
2a00:1450:4001:81f::2002
2a00:1450:4001:820::2002
2a00:1450:4001:820::200a
2a00:1450:4001:825::2002
2a00:1450:4001:825::2003
2a00:1450:4001:825::2004
2a00:1450:400c:c00::9c
2a02:26f0:10c:382::25ea
2a05:f500:10:101::b93f:9101
2a05:f500:11:101::b93f:9005
3.121.27.153
3.220.21.104
34.197.250.24
34.210.175.135
34.233.152.160
34.246.62.42
35.190.72.21
52.207.57.113
52.215.103.126
52.216.229.125
52.34.71.117
54.191.156.221
54.202.25.105
54.225.66.14
54.76.88.219
54.86.129.194
99.81.228.121
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06805b6af9f509695d13d2cfaeaf5e812cafac499fbd7a3d216bbd0348894f5a
0891c01a43615c445e85a7d17eab463dfc3de87d3d1e6f023a996cc1680fe586
0b1ace9b39cfa2f3de9ebd25c2b2e2b44816502e53809093d2c53dc2898f4d83
0c7e4012cb73f8c0836fa8aee34bb0da2250b5af84d0c4a1959d60764597f05a
1008ae8c93c140845bf5bfa6d0c6e0a048ff8906a4fa0081196fd99f1613f65a
135354ee6f0d0be8fddaa71ca1433f952165583e6df9548dc860900406d2f2fe
19aa6c614f72f6bb67cb17a6169ca551686c2bab5475293c95880f5f32cd830e
1b79426177f0c17d98c2ffe3aee5403f1f2a50b85d7177080cd06cfc37e2a300
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
2673f6b0416b9a9f7488ee96f384f5badfa04acb14499c92ae52e394b7572f1f
27c9b381b4e3c376bd53452c3febbce47c342f97f93dd9613cca483da5071648
2b2f53c9542f12eef99cceef17c6dad6692fe6d3630b9a22d0f6c4bba7b55002
3072374f2853840a3ad13aba345b65785fc6061efd97776d2a235f19867cde66
33fe4fe8214760f15a5fdd753b5c396ee5b916e5d6f66f79d4765ed260706723
360402ecd9d127908d1a284c5c27ec815fd27961c8e7f3843958e8201289dee7
38c50f7b73172880597859495d1bebfbb2aff638bdee2f719bfab56a239dcbf9
3d15ecc4721250b43e7de026edd063e045859a4ec6ecf59cf705a2388557098e
3facb0fb4999f0b5d8116ce812c1d68d07b17782afb8cc480ae472ea6c5094fe
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
420716b9b6173c7187b6af8211c6f44ab80da47728d2d4b234ccb061c4b3a6a2
430742dc86adaf021f658da38ac9d5cffe5c0cb5da2e17459567604a812cc95d
44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d
4d3e9dbf75d761b4fc344b3be601971eb517ce533c7ce46e093539e03349616e
4e3bbb8f68c4f8f1f06510e5272fdd319a0bb4e75d619629dc481266dc2b6e61
4eef9cbbcb01ac2538e54c45514c0560e686abf17070adfba489fd1b3b86455a
59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a
60ef48eb370be5c07d38093d5e77dc0fa9f28077c15cd3a164abfc4db9dc8427
6273cf2c968632a85a5081e8f0a484185e2febdb25c0a575e50f9ecef59a1943
62ce950ad0d7f664b316b4253bbc993bf0bf8310970f64b150fda6f1fa59dfea
63890326f558587b0840eb0a6e6377f1bf39264e015e568f4c2a03aefce3f929
64a0cd363010895321d3015d8c7973aa9ee24623e6ba363e76d1be39b09f4bd5
6557812bb342a14c23635e24733f11e5752f9807a85053be80b6fbd955a34ed9
68795cb80606f19d4ec0d92744af85048164f53500ad9535229c470fe24fe28a
6d2caed89f9fce0657004831556940668c1068fc27d2ad00bbfefaf17e87094c
6f345fe5c5ed30c1abdc516c3dc3afff45a0f069be4bab60cd381105c6eed40c
747680e5c58389f1e9b013a24bd0b7638a9977c15ee0aae05930aadfae87d0a9
754c94388315799ee1eb0338fa7163a26d71dcb96c7767c14bcb7cd7d1901fc9
7c98b3e37bc9c2a726c320f5db6e1e5a23c2c44d1a5aa35c6fb5e9ae78e64c86
7e61d580e2835389da5920c4a2cdaa12fdbd346cc62ce3ffc1c916bf765dd810
801f94e439e56ff65c1f08e9f76fafe23788cf2a442c45842f9aa60b613aa338
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85555161f697194bd43c35313b86d68c73ff730613b9270c9866e7e39df15680
866e74600600f8647c979414828f3538d646101dc8504de84c2ed00e30460811
8cad642d5009d9f538c20ce327532bea1a130c019fae995d6d37da325626347d
8e0da2e2d764c1a202d33dd39287784df8ac6bc20c7401ea14f2d62001292856
9028c67360db112d1594c1e50ac4dcd1178b4e6a99ce6270cba41a57fab9235e
90a260084cfdf97ada7a8e0650eb310a4206d79f1b3a53225d2b9053cc9e4c13
90bedfa7bbd2bb58b7f47611a77feaf852c117ed7e344885cdb34f7df940658f
916b46685de3064525220ba828d946e60ab332f5e65c62d7df5fe9877f9c54b2
94216b1a0d6612ffc946d76683dcbd71d02c805002fbc4c93dfa5a1d838faaf1
94308b25a82c6c94b07808115e379e4f4151bde0c44100015cda9cb1c5cdb0e7
9545285391aee885c3aab55f116d9aa04e83f23749b30e704dd4b7386a2e5033
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a44fb5ed53eb7914939e0831706f036690e02c6b7872440bf2838ec4dd355e5
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
9e557673ba8a4c81144cc20c40891d872fda49bcdd9b4f3fec1a4ff8b06263f2
a8e427db11a8744bebbcdfd050f7b9d0a84b5a1754d086f1787c40db21955264
abb1dd7905b3797711e15609800d43cabead4c0358dc0030a1932a20e82a37d7
ad5f674afbdd840b0c688c46ac9ec4edd3620e288698f2cd2d46652531b701a9
ae1eff31eff9623af795e27413312563c498759622b7c17ede94ed31b5594e89
ae91e9cf8dbfcfc752190d553c1c618fc7e3e4d3d41ad0de7b9310822793d802
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bb865c0afa3a249dc8a0df2fe67c7c7321ff040c8afa59c6b5f053190df85810
bde6c8f2d12960ffe22f3f0179ccefd3e565641c5bdcd54ad9d8f512c79c6d89
c03e9de091521f552d8de07d05252d59781b1e1dd690ded0faceacfa138f3b16
c293a28e23c66b27bd04bc1742f3aab0ebf6c382961c1e83140f035a08ea5e5d
c86a000c320a53462ea53aa66ff8b72c7edd34a1250c9358938ca8480b0b3e73
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cffef365e4b53f1a6e9d33a7d42c0d1542b573360f774069589240f75f0e84f1
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d956ac845cab2e97e3eefa94be65fd0b0ac3ffef818a02a727830a683f239225
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dd0103b71a9f800bf8509fb3f34f29a1af4b26a10ceef71cea5bb29ae4ea106d
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e639d13392578bad221c136d36c5573bc7d2e04ee36f93d969ad5688df6170d4
e828282e92509efc0f7bc57888382c5816bd403e0abbb685eda5c4372cc7daa5
eacfa4f711eaca1336ff82619c8a2d310dec11266d594fbc7e5a91259cebf848
ece5f25bbc643556099a200aa2df5c428d74048e55db71c1880afd1adcb425a9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f257cdd33770e507c5c648058707e2cd851855e4fe100954ebe33fed31021f81
f34fe84cc3e5be261c489009b5719c58e27fba294569fc0d82764035953f3fe9
f93d1d7d700f850328abfcc87e394dfb26fe1183249925434f8870fba994bc96
fdd01417dbb06d44a4ddb70a5e858285e2f46e9dc4a7b0e05a4afabc29453bee
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382
ffe2ef5ce19169f51b69f0dfdac122f402043b13afd7c65b2dab551ebf3b7629

www.scmagazine.com Open in urlscan Pro 34.197.250.24 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

144 Requests

100 %HTTPS

51 %IPv6

29 Domains

46 Subdomains

45 IPs

6 Countries

2941 kBTransfer

4498 kBSize

14 Cookies

19 Outgoing links

Redirected requests

144 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.scmagazine.com Open in urlscan Pro
34.197.250.24 Public Scan

Screenshot
Live screenshot

Full Image

144
Requests

100 %
HTTPS

51 %
IPv6

29
Domains

46
Subdomains

45
IPs

6
Countries

2941 kB
Transfer

4498 kB
Size

14
Cookies

144 HTTP transactions
4 data transactions