threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Submission: On July 17 via manual (July 17th 2021, 3:07:33 pm UTC) from IN

Summary HTTP 221 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 45 IPs in 5 countries across 28 domains to perform 221 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 2nd 2021. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
17	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
3	13.224.96.23 13.224.96.23	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700:303... 2606:4700:3031::6815:456d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
19	2600:9000:219... 2600:9000:2190:ce00:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
11	2600:9000:219... 2600:9000:2190:1800:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
15	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
3	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
4	13.224.90.44 13.224.90.44	16509 (AMAZON-02) (AMAZON-02)
1 1	151.101.14.137 151.101.14.137	54113 (FASTLY) (FASTLY)
16	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
16	3.142.110.20 3.142.110.20	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:219... 2600:9000:2190:1a00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
5	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
6	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
5	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
10	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
4	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
2	142.250.110.154 142.250.110.154	15169 (GOOGLE) (GOOGLE)
5	34.253.15.48 34.253.15.48	16509 (AMAZON-02) (AMAZON-02)
2	2404:6800:400... 2404:6800:4006:810::2003	15169 (GOOGLE) (GOOGLE)
6	3.250.250.79 3.250.250.79	16509 (AMAZON-02) (AMAZON-02)
2	146.20.128.174 146.20.128.174	27357 (RACKSPACE) (RACKSPACE)
2 8	34.246.26.134 34.246.26.134	16509 (AMAZON-02) (AMAZON-02)
3 3	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:6a::7	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
10	35.169.133.103 35.169.133.103	14618 (AMAZON-AES) (AMAZON-AES)
4	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
3 4	18.156.48.56 18.156.48.56	16509 (AMAZON-02) (AMAZON-02)
1 1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
1	34.249.223.127 34.249.223.127	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:62::7	15169 (GOOGLE) (GOOGLE)
221	45

17 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.96.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-23.zrh50.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3031::6815:456d (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2600:9000:2190:ce00:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:2190:1800:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.224.90.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-90-44.zrh50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.137 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lit.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 3.142.110.20 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-142-110-20.us-east-2.compute.amazonaws.com

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:1a00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.110.154 (United States)

ASN15169 (GOOGLE, US)

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.253.15.48 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-15-48.eu-west-1.compute.amazonaws.com

unified.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4006:810::2003 (Sydney, Australia)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.250.250.79 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-250-250-79.eu-west-1.compute.amazonaws.com

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.20.128.174 (United States)

ASN27357 (RACKSPACE, US)

ssp.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.246.26.134 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-26-134.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::200e (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:6a::7 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r2---sn-4g5ednsl.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 35.169.133.103 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-169-133-103.compute-1.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.48.56 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-48-56.eu-central-1.compute.amazonaws.com

red.vtracy.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Schopfheim, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.131 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.223.127 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-223-127.eu-west-1.compute.amazonaws.com

secure-gg.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:62::7 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r2---sn-4g5e6nsk.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	threatpost.com threatpost.com assets.threatpost.com media.threatpost.com	1013 KB
33	connatix.com 1 redirects cd.connatix.com cds.connatix.com capi.connatix.com lit.connatix.com vid.connatix.com img.connatix.com	2 MB
29	adsafeprotected.com 2 redirects unified.adsafeprotected.com static.adsafeprotected.com pixel.adsafeprotected.com dt.adsafeprotected.com	288 KB
21	twitter.com platform.twitter.com analytics.twitter.com syndication.twitter.com	387 KB
19	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	76 KB
18	doubleclick.net 1 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net pubads.g.doubleclick.net bid.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net cm.g.doubleclick.net	180 KB
8	2mdn.net 3 redirects s0.2mdn.net gcdn.2mdn.net r2---sn-4g5ednsl.c.2mdn.net r2---sn-4g5e6nsk.c.2mdn.net	1 MB
7	admetricspro.com qd.admetricspro.com	325 KB
6	googleapis.com imasdk.googleapis.com	723 KB
6	google.com www.google.com adservice.google.com	2 KB
5	twimg.com cdn.syndication.twimg.com pbs.twimg.com	70 KB
4	vtracy.de 3 redirects red.vtracy.de	2 KB
4	amazon-adsystem.com c.amazon-adsystem.com	36 KB
3	google-analytics.com www.google-analytics.com	19 KB
3	gstatic.com www.gstatic.com csi.gstatic.com	134 KB
3	adlightning.com tagan.adlightning.com	59 KB
2	adsrvr.org 2 redirects match.adsrvr.org	1004 B
2	lkqd.net ssp.lkqd.net	691 B
2	kasperskycontenthub.com kasperskycontenthub.com	1 KB
1	imrworldwide.com secure-gg.imrworldwide.com	265 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	572 B
1	google.de www.google.de	107 B
1	t.co t.co	455 B
1	quantcount.com rules.quantcount.com quantcount.com Failed	344 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	quantserve.com secure.quantserve.com	9 KB
1	googletagmanager.com www.googletagmanager.com	56 KB
1	googletagservices.com www.googletagservices.com	24 KB
221	28

	Domain	Requested by
19	assets.threatpost.com	threatpost.com assets.threatpost.com
16	capi.connatix.com	cd.connatix.com
15	platform.twitter.com	threatpost.com tagan.adlightning.com platform.twitter.com
15	threatpost.com	threatpost.com
13	pagead2.googlesyndication.com	threatpost.com srcdoc tpc.googlesyndication.com
11	media.threatpost.com	threatpost.com
10	dt.adsafeprotected.com
9	vid.connatix.com	cd.connatix.com
8	pixel.adsafeprotected.com	2 redirects static.adsafeprotected.com tagan.adlightning.com
7	googleads.g.doubleclick.net
7	qd.admetricspro.com	threatpost.com qd.admetricspro.com
6	static.adsafeprotected.com	imasdk.googleapis.com threatpost.com
6	imasdk.googleapis.com	cd.connatix.com imasdk.googleapis.com
5	unified.adsafeprotected.com	imasdk.googleapis.com
5	syndication.twitter.com	platform.twitter.com
4	red.vtracy.de	3 redirects
4	ade.googlesyndication.com
4	pubads.g.doubleclick.net	imasdk.googleapis.com
4	c.amazon-adsystem.com	qd.admetricspro.com c.amazon-adsystem.com
3	gcdn.2mdn.net	3 redirects
3	adservice.google.com	imasdk.googleapis.com
3	pbs.twimg.com
3	img.connatix.com	threatpost.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com threatpost.com
3	cds.connatix.com	threatpost.com tagan.adlightning.com cd.connatix.com
3	www.google.com	threatpost.com
3	tagan.adlightning.com	threatpost.com tagan.adlightning.com
2	match.adsrvr.org	2 redirects
2	tpc.googlesyndication.com	imasdk.googleapis.com tpc.googlesyndication.com
2	r2---sn-4g5ednsl.c.2mdn.net
2	ssp.lkqd.net	cd.connatix.com
2	csi.gstatic.com	imasdk.googleapis.com
2	bid.g.doubleclick.net	imasdk.googleapis.com
2	cdn.syndication.twimg.com	platform.twitter.com
2	s0.2mdn.net	imasdk.googleapis.com
2	kasperskycontenthub.com	threatpost.com
2	securepubads.g.doubleclick.net	www.googletagservices.com tagan.adlightning.com
1	r2---sn-4g5e6nsk.c.2mdn.net
1	secure-gg.imrworldwide.com	blank
1	dsp.adfarm1.adition.com	1 redirects
1	cm.g.doubleclick.net	1 redirects
1	googleads4.g.doubleclick.net
1	lit.connatix.com	cd.connatix.com
1	analytics.twitter.com	tagan.adlightning.com
1	www.google.de	threatpost.com
1	t.co	threatpost.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	rules.quantcount.com	secure.quantserve.com
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.gstatic.com	www.google.com
1	www.googletagmanager.com	threatpost.com
1	cd.connatix.com	1 redirects
1	www.googletagservices.com	threatpost.com
0	quantcount.com Failed	secure.quantserve.com
221	55

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
cybersecurity.att.com
www.bleepingcomputer.com
www.techradar.com
akismet.com
t.co
indd.adobe.com

Subject Issuer	Validity	Valid
threatpost.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-07-03`	a year	crt.sh
*.adlightning.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-10` - `2022-07-09`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
assets.threatpost.com Amazon	`2021-02-04` - `2022-03-05`	a year	crt.sh
media.threatpost.com Amazon	`2021-02-04` - `2022-03-05`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
kasperskycontenthub.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-07-03`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2020-09-29` - `2021-10-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
wrapper-vast.adsafeprotected.com Amazon	`2020-12-18` - `2022-01-16`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-01-06` - `2022-02-04`	a year	crt.sh
*.lkqd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-09` - `2022-07-14`	a year	crt.sh
fw.adsafeprotected.com Amazon	`2020-09-09` - `2021-10-09`	a year	crt.sh
*.c.docs.google.com GTS CA 1C3	`2021-07-06` - `2021-09-14`	2 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
dt.adsafeprotected.com Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh
vtracy.de Amazon	`2021-05-25` - `2022-06-23`	a year	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-28` - `2022-02-01`	a year	crt.sh

This page contains 17 frames:

Primary Page: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Frame ID: 18F0D1F7444ADD7C7F4F10F5F6561B4B
Requests: 108 HTTP requests in this frame

Frame: https://cds.connatix.com/p/123972/connatix.player.dc.js
Frame ID: 06EC3C966F45484EECDAD2ECB7B1B87C
Requests: 38 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fthreatpost.com
Frame ID: 9836228C1925E950C221906BBB7737EF
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html
Frame ID: FC6A220223F7328457933427199EE8EA
Requests: 6 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html
Frame ID: D65D85EE55F1753D214233E9FE8FEA9B
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html
Frame ID: 6A908DF58938ACE207EC1BA27E076B6B
Requests: 25 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.06c6ee58c3810956b7509218508c7b56.en.html
Frame ID: 0D46C92D9F6A290F2811C15A527A4693
Requests: 3 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
Frame ID: CF5B2C035CB19D735016DDC5AC679429
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 8F6C84A0EA2DA45CF1369C619894665F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: A6283042590B1807A8597A7BFCD782F8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: D6C0B504551BE6A3A4EB1B92E57114F6
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/loader.js
Frame ID: 9E5F5A3DB705EB3FA223A652ADA2EF57
Requests: 4 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.8.js
Frame ID: 4BBF40246E316D7D3F4C0C078ACE03B9
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 7B578692FAA46AFD27CD24EBC8A60390
Requests: 3 HTTP requests in this frame

Frame: https://secure-gg.imrworldwide.com/cgi-bin/m?ca=nlsn283845&cr=crtve&ce=googledbm&pc=googledbm_plc0003&ci=nlsnci1614&am=3&at=view&rt=banner&st=image&gdpr=&gdpr_consent=&r=[timestamp]&C78=G1,DCM&uoo=0
Frame ID: FBB3A596564AB79B671575EAC1EF9F1F
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/loader.js
Frame ID: 6EAF3E2B0DEF6EAA49D44D21627828FD
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.8.js
Frame ID: 93E1E3FBBD15380C8D6054E158F5DC0A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Page Statistics

221
Requests

98 %
HTTPS

49 %
IPv6

28
Domains

55
Subdomains

45
IPs

5
Countries

6488 kB
Transfer

13226 kB
Size

4
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/malwrhunterteam
Title: MalwareHunterTeam

Search URL Search Domain Scan URL

URL: https://twitter.com/aboutdfir/status/1415532608428158977
Title: isn’t a lightbulb moment

Search URL Search Domain Scan URL

URL: https://cybersecurity.att.com/blogs/labs-research/revils-new-linux-version
Title: Alien Labs

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/linux-version-of-hellokitty-ransomware-targets-vmware-esxi-servers/
Title: BleepingComputer

Search URL Search Domain Scan URL

URL: https://twitter.com/fwosar/status/1382111802398498819
Title: Babuk

Search URL Search Domain Scan URL

URL: https://www.techradar.com/news/revil-ransomware-group-deploys-linux-encryptor-against-vmware-virtual-machines
Title: GoGoogle

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: http://twitter.com/Armis
Title: @Armis

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23CISOs
Title: #CISOs

Search URL Search Domain Scan URL

URL: https://t.co/af8dADZOdQ
Title: https://t.co/af8dADZOdQ

Search URL Search Domain Scan URL

URL: https://indd.adobe.com/view/01579c19-a6ca-4cb0-8106-ed4d5d02a292
Title: Advertise With Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://cd.connatix.com/connatix.player.js HTTP 302
https://cds.connatix.com/p/123972/connatix.player.dc.js

Request Chain 158

https://gcdn.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/3DEEF7136A781B42ADB78B3C3AE0C3DFD70CFC9F.5DFA0FEEA657F872B48B2D295CF730FED3150BC8/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-4g5ednsl.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/80B06AE607256B22BA2D29A74A1C148FF83033D5.717661B3F4850A02AD8C61A10962BF1672D19426/key/cms1/cms_redirect/yes/mh/pk/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5ednsl/ms/onc/mt/1626534054/mv/m/mvi/2/pl/52/file/file.mp4

Request Chain 160

https://gcdn.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/3DEEF7136A781B42ADB78B3C3AE0C3DFD70CFC9F.5DFA0FEEA657F872B48B2D295CF730FED3150BC8/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-4g5ednsl.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/3F0FD93FB13C5DF2BF11A4E7356730AFFA0DB74A.0459E6F01D6F567B425852762666D1EF6DF198EB/key/cms1/cms_redirect/yes/mh/pk/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5ednsl/ms/onc/mt/1626534054/mv/m/mvi/2/pl/52/file/file.mp4

Request Chain 172

https://pixel.adsafeprotected.com/rfw/st/728464/55012521/skeleton.js?videoId=3a3be4e93602247b787da771c026588c&apiframeworks=2,8&bundleId=[BUNDLEID]&mon=55012522&omidPartner=-1&xmapp=0&xmtp=v&xsId=6ece0ff5-60f1-4c3d-86a9-717b4edae786&adsafe_par=&logTestResults=false&adsafe_url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&adsafe_type=abdq&adsafe_url=https%3A%2F%2Fthreatpost.com%2F&adsafe_type=f&adsafe_jsinfo=,id:6a7bf1ef-8110-cd83-9a64-2e67f7d1e037,c:iDP4aj,sl:outOfView,em:false,fr:true,mn:app07ie,pt:2-5-15,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:v,br:u,abv:na,an:n,oam:0,vc:jv3,scm:publ2,nbld:0,mtim:4,fm:sDqYKc6+1*.728464-55012521%7C11%7C12%7C13%7C14%7C15%7C161%7C17%7C181%7C19%7C1a1%7C1b%7C1c%7C1d%7C1e,idMap:1*,pl:,rmeas:1,rend:1,renddet:env,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,tt:fwjsvid,thd:1,et:34,oid:add96302-e710-11eb-b926-06aaa1ae1a14,v:19.8.217,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0,abc:0,abct:306,x_vv:3.7.0,x_vanstag:fw,x_xpc:iaso HTTP 302
https://static.adsafeprotected.com/skeleton.js?videoId=3a3be4e93602247b787da771c026588c&apiframeworks=2,8&bundleId=[BUNDLEID]&mon=55012522&omidPartner=-1&xmapp=0&xmtp=v&xsId=6ece0ff5-60f1-4c3d-86a9-717b4edae786

Request Chain 177

https://red.vtracy.de/img.tr?tr_adid=k25888486_s6915580_p304906530_c151506207&tr_mid=0&tr_et=400&tr_sync=true&tr_uid1=DC&t=2564499605&gdpr_consent=&gdpr=&gdpr_pd= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=vivakide_dmp2&google_cm&v3=vi-828d9167-c3de-4c5b-9138-1944cd659bd9&adid=k25888486_s6915580_p304906530_c151506207&tr_aa=true&tr_ttd=true&tr_run=false&tr_adf=false&tr_timestamp=1626534439393 HTTP 302
https://red.vtracy.de/tr_cm?v3=vi-828d9167-c3de-4c5b-9138-1944cd659bd9&adid=k25888486_s6915580_p304906530_c151506207&tr_aa=true&tr_ttd=true&tr_run=false&tr_adf=false&tr_timestamp=1626534439393&google_gid=CAESEGy-_BRMT0L-h1iCU_iuC3Q&google_cver=1 HTTP 302
https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fred.vtracy.de%2Ftr_aa%3Fv3%3Dvi-828d9167-c3de-4c5b-9138-1944cd659bd9%26adid%3Dk25888486_s6915580_p304906530_c151506207%26userId%3D%25%25COOKIE%25%25%26tr_timestamp%3D1626534439517%26tr_run%3Dfalse%26tr_ttd%3Dtrue HTTP 302
https://red.vtracy.de/tr_aa?v3=vi-828d9167-c3de-4c5b-9138-1944cd659bd9&adid=k25888486_s6915580_p304906530_c151506207&userId=6985912221336336537&tr_timestamp=1626534439517&tr_run=false&tr_ttd=true HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=m82k10l&ttd_tpi=1&ttd_puid=vi-828d9167-c3de-4c5b-9138-1944cd659bd9 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=m82k10l&ttd_tpi=1&ttd_puid=vi-828d9167-c3de-4c5b-9138-1944cd659bd9 HTTP 302
https://red.vtracy.de/tr_ttd.tr?&tdid=1b20b532-7052-4dd1-a14c-2783ab192fb9&ttd_puid=vi-828d9167-c3de-4c5b-9138-1944cd659bd9&ttd_puid=vi-828d9167-c3de-4c5b-9138-1944cd659bd9

Request Chain 181

https://pixel.adsafeprotected.com/rfw/st/728464/55012522/skeleton.gif?xmtp=v&xmapp=0&xsId=6ece0ff5-60f1-4c3d-86a9-717b4edae786 HTTP 302
https://static.adsafeprotected.com/skeleton.gif?xmtp=v&xmapp=0&xsId=6ece0ff5-60f1-4c3d-86a9-717b4edae786

Request Chain 198

https://gcdn.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/3DEEF7136A781B42ADB78B3C3AE0C3DFD70CFC9F.5DFA0FEEA657F872B48B2D295CF730FED3150BC8/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-4g5e6nsk.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0D7192B1684D8D4CEAA8750B924C86585DBC08E9.79810FF2B6BE295C8FC37C5F4C3DF3D82DF190E1/key/cms1/cms_redirect/yes/mh/pk/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nsk/ms/onc/mt/1626534283/mv/m/mvi/2/pl/52/file/file.mp4

221 HTTP transactions
-2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/ 85 KB
22 KB 372ms
94ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

68ed88fff5fdcc41bce2603a72fb2fa7235d6634fe2508bbad02a38206491e8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatpost.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Sat, 17 Jul 2021 15:07:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/167883>; rel="alternate"; type="application/json" <https://threatpost.com/?p=167883>; rel=shortlink
X-Frame-Options: SAMEORIGIN
X-Debug-Auth: off
X-Request-Host: threatpost.com
x-cache-hit: HIT
Content-Encoding: gzip

GET
H/1.1 200
OK museosans-900italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 365ms
180ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:12 GMT
Last-Modified: Thu, 15 Jul 2021 16:21:14 GMT
Server: nginx
ETag: "60f0607a-3ca8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 15528
Expires: Sun, 17 Jul 2022 15:07:12 GMT

GET
H/1.1 200
OK museosans-900-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 278ms
93ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:12 GMT
Last-Modified: Thu, 15 Jul 2021 16:21:16 GMT
Server: nginx
ETag: "60f0607c-5124"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 20772
Expires: Sun, 17 Jul 2022 15:07:12 GMT

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 366ms
180ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:12 GMT
Last-Modified: Thu, 15 Jul 2021 16:21:14 GMT
Server: nginx
ETag: "60f0607a-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 15820
Expires: Sun, 17 Jul 2022 15:07:12 GMT

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 376ms
185ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:12 GMT
Last-Modified: Thu, 15 Jul 2021 16:21:14 GMT
Server: nginx
ETag: "60f0607a-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 20900
Expires: Sun, 17 Jul 2022 15:07:12 GMT

GET
H/1.1 200
OK museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 287ms
96ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:12 GMT
Last-Modified: Thu, 15 Jul 2021 16:21:16 GMT
Server: nginx
ETag: "60f0607c-5c74"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 23668
Expires: Sun, 17 Jul 2022 15:07:12 GMT

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 457ms
185ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:12 GMT
Last-Modified: Thu, 15 Jul 2021 16:21:14 GMT
Server: nginx
ETag: "60f0607a-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 20884
Expires: Sun, 17 Jul 2022 15:07:12 GMT

GET
H/1.1 200
OK museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 729ms
179ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:12 GMT
Last-Modified: Thu, 15 Jul 2021 16:21:16 GMT
Server: nginx
ETag: "60f0607c-5bac"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 23468
Expires: Sun, 17 Jul 2022 15:07:12 GMT

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 643ms
93ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:12 GMT
Last-Modified: Thu, 15 Jul 2021 16:21:16 GMT
Server: nginx
ETag: "60f0607c-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 20920
Expires: Sun, 17 Jul 2022 15:07:12 GMT

GET
H/1.1 200
OK museosans-100italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 653ms
96ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:12 GMT
Last-Modified: Thu, 15 Jul 2021 16:21:16 GMT
Server: nginx
ETag: "60f0607c-5b34"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 23348
Expires: Sun, 17 Jul 2022 15:07:12 GMT

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 758ms
192ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://threatpost.com
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Origin: https://threatpost.com
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:12 GMT
Last-Modified: Thu, 15 Jul 2021 16:21:14 GMT
Server: nginx
ETag: "60f0607a-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000 public
Connection: close
Accept-Ranges: bytes
Content-Length: 20680
Expires: Sun, 17 Jul 2022 15:07:12 GMT

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 34 KB
14 KB 40ms
13ms Script
application/javascript 13.224.96.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-23.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1dbd8a3e5323c66c5636caba2bc0175d24be56e9ef9c05050968d5f7e6d57ae8

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: W_iBzT.xU0GovJ76pZ1t4whnpYddLddE
content-encoding: gzip
etag: "0506606ee77a6851ef060fe3ea9578cb"
age: 1589
x-cache: Hit from cloudfront
content-length: 14225
x-amz-meta-git_commit: 165eba0
last-modified: Fri, 16 Jul 2021 23:50:43 GMT
server: AmazonS3
date: Sat, 17 Jul 2021 14:40:43 GMT
content-type: application/javascript
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-amz-cf-id: iewDm7KWdMYXg-_1Cr0CqrKPUR_NqJHCsEFjG1d68pCUkqKXjGoQsA==

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 26 KB
4 KB 36ms
15ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96360cdfad170cb263cb44fcb39b29be40de62551769b40250ec754805bd096e

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 93
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 11 May 2021 04:57:26 GMT
server: cloudflare
etag: W/"67cb-5c206bb059aa2-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8yELxodC5AHgOH286McLpcMe6YdBhEj%2FpP0un80s0SvnVhIQmSoeQshevtN7At4xk%2F9I8TaB5VdyqjmI52aljSMroMYpI0TDWFUJONt1%2FDxxv%2BGJp00T66fvC%2B0aPlax1f0kvSzWx7FG8EfC2D8P6%2BO"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 670460e92bb2c303-FRA
expires: Sat, 17 Jul 2021 15:08:36 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 69 KB
24 KB 37ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51d36a3a2d7849d66382de22ad923303cd83baf7107f8c5110b2d8f4076c633f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "932 / 387 of 1000 / last-modified: 1626473478"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24150
x-xss-protection: 0
expires: Sat, 17 Jul 2021 15:07:12 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 310 KB
90 KB 60ms
39ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 93
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 01 Jun 2021 14:47:10 GMT
server: cloudflare
etag: W/"4d957-5c3b56abf6028-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j7F4VAv5zOpQzRLrPSxgzq4NH8%2FLNqqKTnRG0Uhi5jmrmSdBU447c2K6LJnZ9O4cNPa3%2F6ec0FUiM7bIbi4vEWMzce7u4DDfsGQlvdv4JiuQdimCPE4jf2lGmigkx4STCzk9bJP5D8KcVSKUuDH8k0jT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 670460e92bb6c303-FRA
expires: Sat, 17 Jul 2021 15:10:35 GMT

GET
H2 200 uspcmp.js Show response
qd.admetricspro.com/js/threatpost/ 148 KB
58 KB 52ms
31ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 93
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sat, 08 Aug 2020 22:40:07 GMT
server: cloudflare
etag: W/"24e50-5ac65673cef1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZMNFlJ3xS0ygNX9ekf9T191kB96UbuhhtdGZp6ZyyOkenKxCEbrFGRk2gzo%2BgZ7qGcXhKY51HJXUUDs%2B%2Br3U0FeVsZrMKYhgmS1mqpm9uF1eIhB3yC12ZMicnzFdUgdZ4c%2BErLSfJrx8IHuP1SD0FAq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 670460e92bbac303-FRA
expires: Sat, 17 Jul 2021 15:09:34 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 275 B
479 B 39ms
18ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 92
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 10 Jun 2021 18:02:52 GMT
server: cloudflare
etag: W/"113-5c46d33309544-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yNVUlU2XxF%2FeORxJQXUn5RnqPU0nNrYicw7puncGB6lX898hXFqxNWHYf7%2FeIFQYx%2Bk1tvAmfDFzc41qewXqn4S3bsM7XwRJ86%2FOfh7EljhtXG2iXCot6f%2FJkurG%2B3EhNGryF209omdHeKBlwShcJxA1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 670460e92bbdc303-FRA
expires: Sat, 17 Jul 2021 15:12:29 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 421 KB
127 KB 57ms
36ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a103be6f279cae8485833488abe0ba61ec1ee6754a4f35df960fd970a480647f

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 93
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Wed, 05 May 2021 13:42:31 GMT
server: cloudflare
etag: W/"695c1-5c1955dc8c1d2-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YLBOZFC%2F8ceIGyKxoiiWOLGuqYcwUabzevKTBsLqSWfl7Zt0kFvofC7GfCl%2Fnw97w77uF7BwwDXk3o0nhtSpbW0%2B0bARHPbtHwWulmqiWvxyx1jSfvr%2BNhLuOMZtbCwhP5LHaJpdqnXVd1X%2BTiJ4b1Ye"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 670460e92bc0c303-FRA
expires: Sat, 17 Jul 2021 15:12:20 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 33 KB
10 KB 36ms
16ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83c6bdb6c54b2fb90a204cf0279e2d868513572d0963ec534083902c1307844b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 92
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 19 Apr 2021 20:48:42 GMT
server: cloudflare
etag: W/"83c9-5c059747d2d30-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GNXgm7sI3F7KxpxMbNImZJKaARvPHPBNl4y%2FviKK8NvB1m%2FqePp8bUTteniHO92FnmEOOlHuxIJSsAh8JMTIRFJwxTXUlbYTg6GRhsA20DVfUqclO19M%2F9Ud2pXGUniSrE4GP5bbOQhd3d0LmlSBnUB2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 670460e92bc2c303-FRA
expires: Sat, 17 Jul 2021 15:09:34 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 292 KB
42 KB 621ms
567ms Stylesheet
text/css 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

651e04b0e5647f9e2913196fa892689f13772efe4636cc1bbdad48868f67e1ce

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
content-length: 42435
x-cache-hit: HIT
last-modified: Thu, 15 Jul 2021 16:21:17 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: EExYFqDCdz-pQjEDcWVPZ-fbkNTlu9buvxlxhFj2gtOwE33nce4p-Q==
expires: Sat, 17 Jul 2021 21:15:54 GMT

GET
H/1.1 200
OK jquery-1.12.4-wp.js Show response
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 95 KB
37 KB 763ms
197ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:12 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Jul 2021 16:21:15 GMT
Server: nginx
ETag: W/"60f0607b-17a56"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800 public
Connection: close
Expires: Sat, 24 Jul 2021 15:07:12 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 20 KB
7 KB 656ms
602ms Script
application/x-javascript 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/themes/threatpost-2018/assets/js/loadmore.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=ca03198e

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b813e47b551a74f55e504ad2e4a7fdb97ee55a9497486ffa61f4dfc34e6fd338

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
content-length: 6410
x-cache-hit: HIT
last-modified: Thu, 15 Jul 2021 16:21:16 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: 9RL7SzccVYCk_jtBdbRlJ2yCDUWI3nUvDbMSCmP4eP2hf9AcPWq70g==
expires: Sat, 17 Jul 2021 21:15:54 GMT

GET
H2 200 b-165eba0-e576843d.js Show response
tagan.adlightning.com/math-aids-threatpost/ 68 KB
23 KB 17ms
15ms Script
application/javascript 13.224.96.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-165eba0-e576843d.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-23.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82b879cecc94dd8ae083ebfe40c3b8b93c3ac29092f7d129c945d978af2d57d7

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 19:21:29 GMT
content-encoding: gzip
age: 5859943
x-cache: Hit from cloudfront
content-length: 22679
x-amz-meta-git_commit: 165eba0
last-modified: Mon, 10 May 2021 19:20:01 GMT
server: AmazonS3
etag: "a95eaf187a1e2dca56e19bd3c7883edc"
x-amz-version-id: CXfQcbAwTtSpvWa8.32mZB8uVbGgzv9k
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: pM1SGBkgRgfEE2ChquRxDkdkLc9BSicSet4795t0nlxCdUhkk2sUzw==

GET
H2 200 bl-099a478-a768cfae.js Show response
tagan.adlightning.com/math-aids-threatpost/ 52 KB
22 KB 17ms
15ms Script
application/javascript 13.224.96.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-099a478-a768cfae.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-23.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2a58e25d839949dd623c8e56ddb50461307e569a0ff116f099e3cf197e03bb20

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 00:38:04 GMT
content-encoding: gzip
age: 52149
x-cache: Hit from cloudfront
content-length: 22440
x-amz-meta-git_commit: 099a478
last-modified: Fri, 16 Jul 2021 23:49:51 GMT
server: AmazonS3
etag: "582f8a1f781aaed123762ab8c59e322e"
x-amz-version-id: Ng5_SAG_s82PhFaG8tAGnedz9CQsBzuW
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: F4xfedt-xe-khiP49nJocf43nph5rmLTeXySS9opVnqSksZdGPrPlw==

GET
H2 200 pubads_impl_2021071401.js Show response
securepubads.g.doubleclick.net/gpt/ 329 KB
115 KB 37ms
14ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061813

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

sffe /

Resource Hash

65506c87a4e71875a107df7ca37f45ccfd40688cf8e01f65c7e71792dbd6818c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 14 Jul 2021 08:38:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117283
x-xss-protection: 0
expires: Sat, 17 Jul 2021 15:07:12 GMT

GET
H2 200 hellokitty-e1626467172148.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/07/16162559/ 96 KB
97 KB 52ms
14ms Image
image/jpeg 2600:9000:2190:1800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/16162559/hellokitty-e1626467172148.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1ce5f600746a117c916637c6d27f8fe09fb7e0c915ff3e89dda27818519a3a1b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 21:10:59 GMT
via: 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront), 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
last-modified: Fri, 16 Jul 2021 20:26:13 GMT
server: AmazonS3
age: 64574
etag: "c391fa0917d7f581811bb863e5e335c2"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, ZRH50-C1
accept-ranges: bytes
content-length: 98542
x-amz-cf-id: h1zDzmwjZGj-vMVgGrsT13HWQqX8bRfZMNfmaIchAf786HdfNArSJQ==
expires: Sat, 16 Jul 2022 20:26:12 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 34ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:12 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 813
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 28779
x-tw-cdn: VZ
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/6763)
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
620 B 23ms
21ms Script
text/javascript 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=explicit

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4901bcd683c63a97591b6de7fe16fd7cd848d660e11e40143278933d9aaf731f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Sat, 17 Jul 2021 15:07:12 GMT

GET
H/1.1 200
OK scripts.js Show response
kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/ 2 KB
1 KB 413ms
93ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:13 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Jul 2021 16:21:12 GMT
Server: nginx
ETag: W/"60f06078-828"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Sat, 24 Jul 2021 15:07:13 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
743 B 18ms
17ms Script
text/javascript 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4901bcd683c63a97591b6de7fe16fd7cd848d660e11e40143278933d9aaf731f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Sat, 17 Jul 2021 15:07:12 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 413ms
410ms Script
application/x-javascript 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/jquery.json.min.js&ver=ca03198e

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
content-length: 926
x-cache-hit: HIT
last-modified: Thu, 15 Jul 2021 16:21:13 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: QKBVnHMAmeYc4HKegXwEdbfb4yS_A9-swZxCtt3HBmwHFQ-KtjliMg==
expires: Sat, 17 Jul 2021 21:15:55 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 34 KB
12 KB 280ms
93ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.4.17.15
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:13 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Jul 2021 16:21:15 GMT
Server: nginx
ETag: W/"60f0607b-88c2"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800 public
Connection: close
Expires: Sat, 24 Jul 2021 15:07:13 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 7 KB
3 KB 420ms
418ms Script
application/x-javascript 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/conditional_logic.min.js&ver=ca03198e

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
content-length: 2685
x-cache-hit: HIT
last-modified: Thu, 15 Jul 2021 16:21:13 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: seqvu0Y8NmJoQdJsHODcr0tpXPU_WM5aBS4hO_uX6ybwdMtjj5uCSg==
expires: Sat, 17 Jul 2021 21:15:54 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 5 KB
2 KB 378ms
375ms Script
application/x-javascript 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/placeholders.jquery.min.js&ver=ca03198e

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
content-length: 1747
x-cache-hit: HIT
last-modified: Thu, 15 Jul 2021 16:21:13 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: EtJHgGhklHhSTRjbKP3vQXp3miFphTXMpk0xghUfph3Q-IVGrsC4bg==
expires: Sat, 17 Jul 2021 21:15:54 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 161 KB
51 KB 420ms
418ms Script
application/x-javascript 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js,wp-content/themes/threatpost-2018/assets/js/main.js,wp-includes/js/wp-embed.min.js,wp-content/plugins/akismet/_inc/form.js&ver=ca03198e

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d04f6744c40f6e55a29eb854b41ae936d98474edec14efa6bfd76fc79217d125

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
content-length: 51510
x-cache-hit: HIT
last-modified: Thu, 15 Jul 2021 16:21:17 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: rOy22T0dnfNcArqru6-nkJeou3ev5-bSVn7MOVKbSyfskBsEqpKPoA==
expires: Sat, 17 Jul 2021 21:15:53 GMT

GET
H3-29 200 vendor-list.json Show response
qd.admetricspro.com/js/cmp2/ 256 KB
37 KB 171ms
160ms XHR
application/json 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 31 May 2021 16:54:38 GMT
server: cloudflare
etag: W/"3ffae-5c3a314b5dcb2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uzBUQSJJHyEtWBgYMa6pF8DcSflsiZQ%2Bl9m0q4Xbt%2FZ%2FC4syDtwcS4qj5zIFHm%2FGSvsEln2Khtf%2FHWqX%2Fup0gs4Rbc%2F6ikAB1%2Bsvgnr4IG4QEC3C%2F703KKA3Yrecu4IA2BD%2FjjzHA4V0sG%2Fq7SzqbS8y"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 670460ea2bce2c32-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 17 Jul 2021 15:17:12 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 123 KB
33 KB 45ms
12ms Script
application/javascript 13.224.90.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.90.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-90-44.zrh50.r.cloudfront.net
Software: Server /
Resource Hash: e7a1375f883984026b922acfbe7cbc0bd02effdbfbfdde9354922a6055502624

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 20:57:41 GMT
content-encoding: gzip
server: Server
age: 65370
etag: f8520ea4ebd91256d6b4f461d472242a
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 8c175d0adc08dac3750e9201b76886e8.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: HJDQ_J13MpB0okrd1UAc4euAMZtdyOJl
x-amz-cf-id: V3lKYzlfufksh8EsEszUX-91LMpbOYkRW28Ra3Z5w_3d2FV99K0-qA==

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/123972/ Frame 06EC
Redirect Chain

https://cd.connatix.com/connatix.player.js
https://cds.connatix.com/p/123972/connatix.player.dc.js

994 KB
221 KB

43ms
6ms

Script
application/javascript

151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/123972/connatix.player.dc.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5fae5dfe73bb1807b890ff7dff72ff10a0dce2b66f9f91458b33cd48c4e36981

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: br
last-modified: Fri, 16 Jul 2021 15:54:29 GMT
age: 83019
etag: "584072a830d6994f8cdd39a6a7126a72"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
content-length: 226447

Redirect headers

location: https://cds.connatix.com/p/123972/connatix.player.dc.js
date: Sat, 17 Jul 2021 15:07:12 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
age: 0
accept-ranges: bytes
content-length: 0
retry-after: 0

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
398 B 407ms
96ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=1697258347&back=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:13 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: HIT
Transfer-Encoding: chunked
X-Debug-Auth: off
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Request-Host: kasperskycontenthub.com
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 172 KB
56 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ad39dc5407316ddc102a245bf79aec9ade38d52c7ed3fa5219fc57bc931e3380

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:12 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56692
x-xss-protection: 0
expires: Sat, 17 Jul 2021 15:07:12 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 13 KB
5 KB 287ms
97ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 01864580e1f385dc4512aed0de4b324cc1a04812709e7020e857612fc0ce9f4c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: same-origin
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:13 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Jul 2021 16:21:16 GMT
Server: nginx
ETag: W/"60f0607c-3496"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800 public
Connection: close
Expires: Sat, 24 Jul 2021 15:07:13 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 13 KB
5 KB 277ms
93ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 01864580e1f385dc4512aed0de4b324cc1a04812709e7020e857612fc0ce9f4c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: threatpost.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: same-origin
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Connection: keep-alive
Referer: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: public
Date: Sat, 17 Jul 2021 15:07:13 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Jul 2021 16:21:14 GMT
Server: nginx
ETag: W/"60f0607a-3496"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800 public
Connection: close
Expires: Sat, 24 Jul 2021 15:07:13 GMT

GET
H2 200 logo.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 517ms
517ms Image
image/png 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jul 2021 16:21:14 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: "60f0607a-4a32"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 18994
x-amz-cf-id: WDlyizHZPZSMIe4i5BGVdixD8fV77jCO7Zy4YElSTxnApnrM1WTknQ==
expires: Sat, 24 Jul 2021 15:07:13 GMT

GET
H2 200 museosans-700-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 500ms
469ms Font
font/woff2 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Origin: https://threatpost.com
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jul 2021 16:21:14 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: "60f0607a-51a4"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 20900
x-amz-cf-id: HwYdbUkaT23qH_5GFrNFiRY9vhuOjLVeR4b3-xxovGx0YmUMDYk9nw==
expires: Sun, 17 Jul 2022 15:07:13 GMT

GET
H2 200 museosans-100-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 555ms
525ms Font
font/woff2 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Origin: https://threatpost.com
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jul 2021 16:21:14 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: "60f0607a-50c8"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 20680
x-amz-cf-id: WiesBzUCyVIwSH9nK24ExLHlRvwPHvqnbct6ETbc7JRvvxIpXNp0cA==
expires: Sun, 17 Jul 2022 15:07:13 GMT

GET
H2 200 museosans-300-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 341ms
311ms Font
font/woff2 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Origin: https://threatpost.com
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jul 2021 16:21:16 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: "60f0607c-51b8"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 20920
x-amz-cf-id: K-347ywrA6zDiWBLPLlJucmjTk_opUEfCAyaHvrs8MJsyGhtkopzxg==
expires: Sun, 17 Jul 2022 15:07:13 GMT

GET
H2 200 museosans-500-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 469ms
439ms Font
font/woff2 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Origin: https://threatpost.com
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jul 2021 16:21:16 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: "60f0607c-5194"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 20884
x-amz-cf-id: AFL-jiUiQFQx2Cr0WUSqO1t5JUOHct9T1t3e5iGI1VPhuGutFSXotg==
expires: Sun, 17 Jul 2022 15:07:13 GMT

GET
H2 200 museosans-700italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 496ms
472ms Font
font/woff2 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Origin: https://threatpost.com
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jul 2021 16:21:14 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: "60f0607a-3dcc"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 15820
x-amz-cf-id: 4zoekX4rt5-MYPa72R_1rRsze9kQAEOlrMvMw_fb2feabvPL1Cb7kw==
expires: Sun, 17 Jul 2022 15:07:13 GMT

GET
H2 200 museosans-300italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 376ms
376ms Font
font/woff2 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Origin: https://threatpost.com
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jul 2021 16:21:16 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: "60f0607c-5bac"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 23468
x-amz-cf-id: rbWVgiqi5YhuAATxoQONKEdbX3NDiZaFvMqGMurayLzISEDfvdQt5w==
expires: Sun, 17 Jul 2022 15:07:13 GMT

GET
H2 200 Lisa-Vaas-Headshot.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/05/05095532/ 18 KB
19 KB 15ms
13ms Image
image/jpeg 2600:9000:2190:1800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/05/05095532/Lisa-Vaas-Headshot.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d5a65e5129df0b4c89e73f205c6cb89cba0cd1d8e21a1512ca76b769634052d

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Jun 2021 18:05:25 GMT
via: 1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront), 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
last-modified: Tue, 25 May 2021 13:37:34 GMT
server: AmazonS3
age: 1717309
etag: "78f8fd88850c65941db84cb8bf0d741d"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, ZRH50-C1
accept-ranges: bytes
content-length: 18649
x-amz-cf-id: CNmy8Fq3gU1CqaTHxWd7EYwA6LZX5SZggoH88wf8cES5n2vIX5Y21A==
expires: Wed, 25 May 2022 13:37:32 GMT

GET
H2 200 subscribe2.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/ 8 KB
9 KB 15ms
14ms Image
image/jpeg 2600:9000:2190:1800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 00:18:19 GMT
via: 1.1 6165dcc1fdf84ac65e8204c05709f1cb.cloudfront.net (CloudFront), 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
last-modified: Tue, 19 Feb 2019 20:14:58 GMT
server: AmazonS3
age: 8088535
etag: "5ba45563f793f39ef6baf02645651654"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1, ZRH50-C1
accept-ranges: bytes
content-length: 8281
x-amz-cf-id: VpikE-7NCqQMnaeTWYbIeM6sG4PolGlgy0X6xFw1dznooQ5WGkfJnA==
expires: Wed, 19 Feb 2020 20:14:57 GMT

GET
H2 200 CISO-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/07/16131625/ 23 KB
24 KB 16ms
16ms Image
image/jpeg 2600:9000:2190:1800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/16131625/CISO-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ba0a839c92a3c068379d0a2057cc166ca5f9084f0297acbcaf64b8dd165e0db8

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 17:27:58 GMT
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e5.cloudfront.net (CloudFront), 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
last-modified: Fri, 16 Jul 2021 17:16:31 GMT
server: AmazonS3
age: 77956
etag: "586b1b31d9be27d04ad82560e0361c07"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, ZRH50-C1
accept-ranges: bytes
content-length: 23757
x-amz-cf-id: AZUHuPGGZs2mxATBI6hGBUURMEkMaOXj8DUyb-UM41v7qwORws4hPQ==
expires: Sat, 16 Jul 2022 17:16:30 GMT

GET
H2 200 Juniper-patch-dlya-Junos-540x270.png
media.threatpost.com/wp-content/uploads/sites/103/2021/07/16130712/ 184 KB
185 KB 18ms
18ms Image
image/png 2600:9000:2190:1800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/16130712/Juniper-patch-dlya-Junos-540x270.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e6022f9910b4d6c566895293c5cdb07e5cda45a6bb5e6c2d480baf15dacbe4f9

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 17:17:58 GMT
via: 1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront), 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
last-modified: Fri, 16 Jul 2021 17:07:17 GMT
server: AmazonS3
age: 78556
etag: "1859936ddc2033fcfe418ce0e618cdb3"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, ZRH50-C1
accept-ranges: bytes
content-length: 188920
x-amz-cf-id: VydVjsdpUvIroLFAdfkpC3qQVXlw079EePNucj0pjtBzx8mn9AJLTA==
expires: Sat, 16 Jul 2022 17:07:16 GMT

GET
H2 200 i-spy--540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2015/02/07005538/ 43 KB
43 KB 33ms
33ms Image
image/jpeg 2600:9000:2190:1800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2015/02/07005538/i-spy--540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b28bba15bc42fcd809e29f9bd2f9297503211d295f0adf70190e9a5be87caa86

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 15:56:18 GMT
via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront), 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
last-modified: Mon, 02 Jul 2018 23:58:48 GMT
server: AmazonS3
age: 83456
etag: "9917809302d310a0c6aba27787917551"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, ZRH50-C1
accept-ranges: bytes
content-length: 43953
x-amz-cf-id: w7wd8dno1MiupGPTnEHr2DO1GaGgIHMCQcvkZYfL1yWZP09Wuz2hEQ==
expires: Tue, 02 Jul 2019 23:58:46 GMT

GET
H2 200 mail-plane-light.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
743 B 375ms
375ms Image
image/svg+xml 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
last-modified: Thu, 15 Jul 2021 16:21:14 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: W/"60f0607a-33c"
x-cache: Miss from cloudfront
content-type: image/svg+xml
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=604800, public
x-amz-cf-id: ufRwcXrh28QoixOydRFjnbuZf3jrZt8074vqJd2NNkGoMuHzeTiRKQ==
expires: Sat, 24 Jul 2021 15:07:13 GMT

GET
H2 200 twitter-blue.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
868 B 378ms
377ms Image
image/svg+xml 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
last-modified: Thu, 15 Jul 2021 16:21:16 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: W/"60f0607c-364"
x-cache: Miss from cloudfront
content-type: image/svg+xml
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=604800, public
x-amz-cf-id: XKHAHJ9Uu-8lhysj8dMIRsREqh8OpvrpMa3ivuj7WklFH1iBsYIsQA==
expires: Sat, 24 Jul 2021 15:07:13 GMT

GET
H2 200 CISO-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/07/16131625/ 2 KB
3 KB 17ms
15ms Image
image/jpeg 2600:9000:2190:1800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/16131625/CISO-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7446ce6e9a19121a0b02fd65fd58ca9c825aecf6a23d0eeb55444aa814c0a2d4

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 17:28:23 GMT
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront), 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
last-modified: Fri, 16 Jul 2021 17:16:31 GMT
server: AmazonS3
age: 77931
etag: "c494b5c9e86c912b5fa55c8345355941"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, ZRH50-C1
accept-ranges: bytes
content-length: 2206
x-amz-cf-id: jiKgQoNESMoq8-VrLLAfqZ2a3DfPjduZ8Kps7LSJZn0gUXm6aZpKpQ==
expires: Sat, 16 Jul 2022 17:16:30 GMT

GET
H2 200 devsecops2-64x64.png
media.threatpost.com/wp-content/uploads/sites/103/2021/07/14123107/ 5 KB
5 KB 18ms
16ms Image
image/png 2600:9000:2190:1800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/14123107/devsecops2-64x64.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 53af3add3060c7908cc26e0cfca3a16636e685c263e108a2f13dca97dfcd654e

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Jul 2021 16:33:56 GMT
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront), 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
last-modified: Wed, 14 Jul 2021 16:31:12 GMT
server: AmazonS3
age: 253998
etag: "1118cdefafa566263500b2e6a59d345d"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, ZRH50-C1
accept-ranges: bytes
content-length: 5067
x-amz-cf-id: qWMT46rhjuD9H1XkEpBJ6O93e_rAHeaWiUm3JqlNWwmcLl3zPTGVqQ==
expires: Thu, 14 Jul 2022 16:31:11 GMT

GET
H2 200 RDP-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/07/13103737/ 2 KB
3 KB 18ms
16ms Image
image/jpeg 2600:9000:2190:1800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/13103737/RDP-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 28dddfbabcdfcd8cb87c318f9711178d16b16e3f6cc73b1f42385c82c2da06f1

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Jul 2021 14:51:23 GMT
via: 1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront), 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
last-modified: Tue, 13 Jul 2021 14:37:43 GMT
server: AmazonS3
age: 346550
etag: "11f741ef5b9eafd3d5d2261aa3af7252"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, ZRH50-C1
accept-ranges: bytes
content-length: 2508
x-amz-cf-id: MZG07ELzhWmM5w9_v-9rVcR1kIDmzQbQ2GhVFV_kjRybijeWcL2jmQ==
expires: Wed, 13 Jul 2022 14:37:42 GMT

GET
H2 200 robot-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/07/08121652/ 2 KB
2 KB 17ms
16ms Image
image/jpeg 2600:9000:2190:1800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/08121652/robot-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 458ec6bf86adec408af1104a278c83a02a2d396d247e3813cd7d89995f0ec7ce

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 16:20:51 GMT
via: 1.1 c6702f5f3b6e77da6f394e67ef1a6aab.cloudfront.net (CloudFront), 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
last-modified: Thu, 08 Jul 2021 16:17:01 GMT
server: AmazonS3
age: 773183
etag: "e9f97913208feda8d5677d2fe28bd51a"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, ZRH50-C1
accept-ranges: bytes
content-length: 1797
x-amz-cf-id: tPxeYlyGXGqbspV6si9yeovFzn2KnYo7BpOsLMP9ZH2vrbZIrxwYBA==
expires: Fri, 08 Jul 2022 16:17:00 GMT

GET
H2 200 lock-pick-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/07/07095937/ 1 KB
2 KB 18ms
17ms Image
image/jpeg 2600:9000:2190:1800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/07095937/lock-pick-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1be2b1f7a9e55ef22a384a5182612e5031174c30ca5cc4f032d45adcaf7f6712

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 14:11:46 GMT
via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront), 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
last-modified: Wed, 07 Jul 2021 13:59:41 GMT
server: AmazonS3
age: 867328
etag: "23c0eb79631154c05763b22e6175e36a"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, ZRH50-C1
accept-ranges: bytes
content-length: 1355
x-amz-cf-id: 4xK1lMLwuNGmIr3ud-YeHpMVeMZEOCtlTR6W1d1J6_Es9FWzlOhKiQ==
expires: Thu, 07 Jul 2022 13:59:40 GMT

GET
H2 200 player.css
cds.connatix.com/p/123972/ 53 KB
8 KB 14ms
14ms Stylesheet
text/css 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/123972/player.css
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b8b19af75b77e8d96706f9c314513e0a15cd1093c3c59a0bb99c8ba2839ffebf

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: br
last-modified: Fri, 16 Jul 2021 15:54:29 GMT
age: 83020
etag: "c6e2d0f7624aab499fbb112163409456"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
content-length: 8234

GET
H2 200 mail-plane-large-dark.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
743 B 374ms
373ms Image
image/svg+xml 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
last-modified: Thu, 15 Jul 2021 16:21:14 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: W/"60f0607a-32c"
x-cache: Miss from cloudfront
content-type: image/svg+xml
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=604800, public
x-amz-cf-id: _3r6KgA0kVIsK6dQkVmpx2v9Fwvupx315vq5-bR11WCT1YFNHWCvLA==
expires: Sat, 24 Jul 2021 15:07:13 GMT

GET
H2 200 logo-white.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 376ms
376ms Image
image/png 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jul 2021 16:21:16 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: "60f0607c-260a"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 9738
x-amz-cf-id: KFixGD49ZfhUbgNuxMeoTistKuoFxrfitBqCgqWnqdwkLG15ku9rFg==
expires: Sat, 24 Jul 2021 15:07:13 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/ 341 KB
133 KB 27ms
8ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e1b2833041de1561cb7c581248ef8e325f3318a24be95a3886fae8b398fda123

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 15:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84721
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136011
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 02:05:32 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Jul 2022 15:35:12 GMT

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 57 B
414 B 13ms
12ms XHR
application/json 13.224.90.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.90.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-90-44.zrh50.r.cloudfront.net
Software: Server /
Resource Hash: 8ea9df9aa296a2eac3fe1a8b6972fecea49c7295f723cf9c93356ff9301a09ec

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 21:48:26 GMT
via: 1.1 8c175d0adc08dac3750e9201b76886e8.cloudfront.net (CloudFront)
server: Server
age: 62327
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: max-age=86087, s-maxage=86400
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-length: 57
x-amz-cf-id: VzsVsPcFMQI1LLENFJmf_wV9UMQzLGZb2Fl7gLryBuD0xJkZqVQbhw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 37ms
12ms XHR
application/javascript 13.224.90.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.90.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-90-44.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: UwMoja_wiYmXZ_L.v58hX8_8XzeYFzV9
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 54990
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 01 Jul 2021 22:05:10 GMT
server: AmazonS3
date: Fri, 16 Jul 2021 23:52:04 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: wkG6hTRk0VSp4hCaL4tYH4Q77xoKuI0pXXFhlWQZSGztb5HWpPtkIQ==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 974
date: Sat, 17 Jul 2021 14:50:59 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Sat, 17 Jul 2021 16:50:59 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
9 KB 25ms
7ms Script
application/javascript 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
etag: "WhyxmPkT7L77qVDcrjxwGw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Sat, 24 Jul 2021 15:07:13 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 23ms
6ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
via: 1.1 varnish
last-modified: Mon, 12 Jul 2021 21:25:31 GMT
age: 54009
etag: "65cf0c0ceb852397f0d1e6732cd3c533+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1958
x-timer: S1626534433.254886,VS0,VE0
x-served-by: cache-fra19154-FRA

POST
H/1.1 200
OK pls Show response
capi.connatix.com/core/ Frame 06EC 19 KB
7 KB 437ms
127ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 5c7e70f4aa71367e5eb0af4a3ba785dae484c125229885f0d940be035da02aa0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:13 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 7010

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&aip=1&a=1310167821&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&ul=en-us&de=UTF-8&dt=Linux%20Variant%20of%20HelloKitty%20Ransomware%20Targets%20VMware%20ESXi%20Servers%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=913572859&gjid=1472696927&cid=1093366451.1626534433&tid=UA-35676203-21&_gid=167293688.1626534433&_r=1&gtm=2wg7e0PM29HLF&z=163929854

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j91&aip=1&a=1310167821&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&ul=en-us&de=UTF-8&dt=Linux%20Variant%20of%20HelloKitty%20Ransomware%20Targets%20VMware%20ESXi%20Servers%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=1093366451.1626534433&tid=UA-35676203-21&_gid=167293688.1626534433&gtm=2wg7e0PM29HLF&z=891983264

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 10:30:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 16577
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 2 B
344 B 45ms
12ms Script
application/javascript 2600:9000:2190:1a00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 14:44:48 GMT
via: 1.1 871dedfc10f4428aa2412b6f788b791a.cloudfront.net (CloudFront)
server: AmazonS3
age: 1345
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: ZRH50-C1
content-length: 2
x-amz-cf-id: e40Pe-BmgoVawu-Ix3tnNjqS-eCNCP5Ncd7MwFn6w6_0ZdIDjy6odg==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
87 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-35676203-21&cid=1093366451.1626534433&jid=913572859&gjid=1472696927&_gid=167293688.1626534433&_u=YEBAAEAAAAAAAC~&z=309292264

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 17 Jul 2021 15:07:13 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
455 B 132ms
114ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Sat, 17 Jul 2021 15:07:13 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 07943b264f338ed8c767959f5ff83b7541464c40da1c802e882a14d7cf06ac4f
x-transaction: e6e72e5b9189fc76
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 17ms
17ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-35676203-21&cid=1093366451.1626534433&jid=913572859&_u=YEBAAEAAAAAAAC~&z=847108335

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
16ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-35676203-21&cid=1093366451.1626534433&jid=913572859&_u=YEBAAEAAAAAAAC~&z=847108335

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST error
quantcount.com/log/ 0
0

GET
H2 200 flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
564 B 281ms
281ms Image
image/svg+xml 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
last-modified: Thu, 15 Jul 2021 16:21:14 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: W/"60f0607a-ec"
x-cache: Miss from cloudfront
content-type: image/svg+xml
via: 1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
cache-control: max-age=604800, public
x-amz-cf-id: tUdleAt-ap3e-FeP8bf2MXYCKLocCsd7JtsVDbLEbJGH34IdHvovcw==
expires: Sat, 24 Jul 2021 15:07:13 GMT

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 403ms
403ms Font
font/woff2 2600:9000:2190:ce00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:ce00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Origin: https://threatpost.com
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ca03198e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 17 Jul 2021 15:07:13 GMT
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jul 2021 16:21:15 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: "60f0607b-12d68"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 77160
x-amz-cf-id: ERaaH6PQ9pccrz-G81uhDdkNnHtAxXmx3nVIjOwZfMpaL3MmGKi8bA==
expires: Sun, 17 Jul 2022 15:07:13 GMT

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame 9836 319 KB
103 KB 8ms
8ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fthreatpost.com
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6723) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 412070
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sat, 17 Jul 2021 15:07:13 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6723)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
657 B 131ms
116ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Sat, 17 Jul 2021 15:07:13 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: ff58710e41a32df91c9fca47eb15b440001411289d52e2c51aabeb07a8300509
x-transaction: 8143bf14ffc843e0
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 9836 184 B
419 B 127ms
112ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=fcde919ee6cb9a8eae52de0c0675d69104f5dfed

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fthreatpost.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

77a328b3ec0bf931a19c692f7f14e117fd4c299c781561e02b679aae5d377620

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
last-modified: Sat, 17 Jul 2021 15:07:13 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: e238036104e088c297531879bdb45b90e3cf5a6543350ab4d30c01e9db4b80e6
content-length: 153

GET
H2 200 blockedDomains_1.bin Show response
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame 06EC 51 B
316 B 40ms
6ms XHR
application/octet-stream 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_1.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 814221921d936293a6dcceebe84bea01d2a40a18be1072d4b216914014532e2a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
fastly-restarts: 1
last-modified: Tue, 16 Feb 2021 13:25:11 GMT
age: 10119256
etag: "6867d1891d8793fd49a645adb5b6b6c3"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
content-length: 62

POST
H/1.1 200
OK sr Show response
capi.connatix.com/tr/ Frame 06EC 0
295 B 103ms
103ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sr?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:13 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 68 KB
24 KB 30ms
16ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

sffe /

Resource Hash

5d3666336eef9c0816bdd1735211d0ff1017e9c5ae3ebf90ebb73577aa35b491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "932 / 158 of 1000 / last-modified: 1626473418"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24135
x-xss-protection: 0
expires: Sat, 17 Jul 2021 15:07:13 GMT

GET
H2 200 2_media.bin Show response
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/ Frame 06EC 291 B
346 B 7ms
6ms XHR
application/octet-stream 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/2_media.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 932da60c35768cdd109c7361be41eba1a055942888f455927375479e314665ae

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 19:10:28 GMT
age: 83204
etag: "53d21854a3955729248e5c87ab1b28bc"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
content-length: 255

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 06EC 340 KB
117 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17c95dda6af1a7e1e5cf6d3f17df342ab4a3136715e9d470b9285889009c475f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119593
x-xss-protection: 0
expires: Sat, 17 Jul 2021 15:07:13 GMT

GET
H2 200 1.png
img.connatix.com/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 6 KB
7 KB 14ms
6ms Image
image/png 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
age: 215240
etag: "CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age: 86400
fastly-io-info: ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/png
content-length: 6487

POST
H/1.1 200
OK ao Show response
capi.connatix.com/tr/ Frame 06EC 0
295 B 103ms
103ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ao?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:13 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 prebid4.43.0-1.js Show response
cds.connatix.com/p/plugins/ Frame 06EC 369 KB
101 KB 6ms
6ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid4.43.0-1.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4adaeccb264cbd8319080fd9f61eb769ff6f8aa1a02ab3408430b2b853d9cbe8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
content-encoding: br
last-modified: Fri, 11 Jun 2021 12:04:10 GMT
age: 3121360
etag: "e4701779c6417de6368034bef638e34b"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
content-length: 103396

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ Frame 06EC 2 KB
1 KB 687ms
369ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 6755ea4d19f3574dd89ccec79b8a8815f2f59107ee84eb0b00051ce21bd5814b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK ps Show response
capi.connatix.com/tr/ Frame 06EC 0
295 B 199ms
103ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ps?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 1_th.jpg
img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/ 7 KB
7 KB 8ms
5ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: fa62ab7470e4189b49540a2b0288f88bb294dc695f2b757f9d94f00de4ac3eee

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:13 GMT
age: 96243
etag: "p49+aK57aPAjr1JxMk1RL2BDKAHNnKRCW6KQKwxytJw"
access-control-max-age: 86400
fastly-io-info: ifsz=77907 idim=2560x1440 ifmt=jpeg ofsz=7460 odim=400x225 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 7460

GET
H/1.1 200
OK button.5573c974dc31bbdab5ea7923a0bd5cf3.js Show response
platform.twitter.com/js/ 7 KB
3 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.5573c974dc31bbdab5ea7923a0bd5cf3.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:13 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:56:41 GMT
Server: ECS (frb/6763)
Age: 412071
Etag: "382be2960021b88f6ce982d997cdbd01+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2294

GET
H/1.1 200
OK horizon_tweet.2bd42981e3af03ce9186a5655508da28.js Show response
platform.twitter.com/js/ 7 KB
3 KB 13ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_tweet.2bd42981e3af03ce9186a5655508da28.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669E) /
Resource Hash: 263627ec362c25037d69022de008fad33cf85ec7267604a5ae5c8e6fe4ad9e38

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:13 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:56:41 GMT
Server: ECS (frb/669E)
Age: 412071
Etag: "43544c32afe87494042045e40e7b3213+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2436

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
369 B 51ms
51ms XHR
text/javascript 13.224.90.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&pid=aH37Qr8qDlWwU&cb=0&ws=1600x1200&v=7.67.00&t=2000&slots=%5B%7B%22id%22%3A%22Amazon_400x225%22%2C%22mt%22%3A%22v%22%7D%5D&cfgv=0&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdprl=%7B%22status%22%3A%22tcfv2-timeout%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.90.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-90-44.zrh50.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:14 GMT
via: 1.1 8c175d0adc08dac3750e9201b76886e8.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: ZRH50-C1
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: r1JVVMcHekvKaB6f0xxo22CN8Da4Il-4OccXyyRX8e8yb4Pd1EcDfQ==

GET
H3-29 200 bridge3.471.1_en.html Show response
imasdk.googleapis.com/js/core/ Frame FC6A 577 KB
189 KB 21ms
8ms Document
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e15422f05cbcde9d0d0753658f6e095c40ca06db76f84e74ab191c4d6f8fa560

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.471.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 193844
date: Thu, 15 Jul 2021 13:09:45 GMT
expires: Fri, 15 Jul 2022 13:09:45 GMT
last-modified: Tue, 13 Jul 2021 20:58:43 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 179849
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 06EC 44 KB
17 KB 37ms
15ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Sat, 17 Jul 2021 15:07:14 GMT

GET
H3-29 200 bridge3.471.1_en.html Show response
imasdk.googleapis.com/js/core/ Frame D65D 577 KB
189 KB 7ms
6ms Document
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e15422f05cbcde9d0d0753658f6e095c40ca06db76f84e74ab191c4d6f8fa560

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.471.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 193844
date: Thu, 15 Jul 2021 13:09:45 GMT
expires: Fri, 15 Jul 2022 13:09:45 GMT
last-modified: Tue, 13 Jul 2021 20:58:43 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 179849
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 bridge3.471.1_en.html Show response
imasdk.googleapis.com/js/core/ Frame 6A90 577 KB
189 KB 11ms
11ms Document
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e15422f05cbcde9d0d0753658f6e095c40ca06db76f84e74ab191c4d6f8fa560

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.471.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 193844
date: Thu, 15 Jul 2021 13:09:45 GMT
expires: Fri, 15 Jul 2022 13:09:45 GMT
last-modified: Tue, 13 Jul 2021 20:58:43 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 179849
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 06EC 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06EC 0
234 B 70ms
40ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?u=f&lid=152&sdkv=h.3.471.1&id=ima_html5&c=2213501706575327&domain

Requested by

Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK follow_button.06c6ee58c3810956b7509218508c7b56.en.html Show response
platform.twitter.com/widgets/ Frame 0D46 36 KB
14 KB 9ms
7ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.06c6ee58c3810956b7509218508c7b56.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: 2aad1dea74398906714d858498fcf050795f15a08fac55ce829a107393b5cfa6

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: personalization_id="v1_EJOMapOOB2MjQHNs274oIA=="
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 412071
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sat, 17 Jul 2021 15:07:14 GMT
Etag: "2619db8370b1a8c68c62850e51110674+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:42 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6763)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 13632

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame CF5B 487 B
972 B 7ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6727) /
Resource Hash: c1e1b14a3f3e54a42db1eebf9bc6e8c9bcb4c84db8d0718c34cd2939b66db3df

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: personalization_id="v1_EJOMapOOB2MjQHNs274oIA=="
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://threatpost.com/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1352
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Sat, 17 Jul 2021 15:07:14 GMT
Etag: "9499152ee1cc90f29736540537706c94"
Last-Modified: Mon, 12 Jul 2021 20:35:14 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6727)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8F6C 36 KB
13 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 14:11:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3364
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 17 Jul 2021 15:11:10 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame A628 36 KB
12 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 14:11:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3364
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 17 Jul 2021 15:11:10 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame D6C0 36 KB
12 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 14:11:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3364
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 17 Jul 2021 15:11:10 GMT

GET
H2 200 playlist.m3u8 Show response
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/ Frame 06EC 309 B
271 B 7ms
6ms XHR
application/x-mpegurl 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/playlist.m3u8
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:14 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 19:10:28 GMT
age: 97553
etag: "8a966507b13615ecdc1330a4bc9dcfe1"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
content-length: 164

GET
H/1.1 200
OK embed.runtime.d9280ec0b285102d53f4.js Show response
platform.twitter.com/embed/ Frame CF5B 8 KB
4 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.d9280ec0b285102d53f4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6724) /
Resource Hash: e3624d84d52ff6a3de2486c46e8da313233b427f98949457e9260fdce7840042

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jul 2021 20:35:05 GMT
Server: ECS (frb/6724)
Age: 412072
Etag: "4008b4ce41a2dfdf20cdb96586d1d9b0+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3515

GET
H/1.1 200
OK embed.modules.b77b7cad63a09dd863a4.js Show response
platform.twitter.com/embed/ Frame CF5B 501 KB
160 KB 8ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6795) /
Resource Hash: ce2c83aa57d73b90ff0266ebe6d8631a0a090a0406e1108a36056a28b7128a61

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jul 2021 20:35:14 GMT
Server: ECS (frb/6795)
Age: 412071
Etag: "835a67b4167ec7940920d0e1f512c7f5+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 163558

GET
H/1.1 200
OK embed.i18n.c12629618c7555761d5d.js Show response
platform.twitter.com/embed/ Frame CF5B 146 B
651 B 14ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.c12629618c7555761d5d.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: bcce16468496437c5089ea25ac4a21df4b96043deb2220bda588d72283991fff

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Mon, 12 Jul 2021 20:35:06 GMT
Server: ECS (frb/67BE)
Age: 412072
Etag: "5f4a09fa71bda22516384aa36d71d94d"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 146

GET
H/1.1 200
OK embed.Tweet.112f82b95de83a12e01c.js Show response
platform.twitter.com/embed/ Frame CF5B 15 KB
6 KB 21ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.112f82b95de83a12e01c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674B) /
Resource Hash: 218e05d485c264de86e6458d2ccf256d5e3e214b7a95639d9341b412f32eb51e

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jul 2021 20:35:05 GMT
Server: ECS (frb/674B)
Age: 412072
Etag: "d18735ea2012260a37f89d55214ea437+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5568

GET
DATA 200
OK truncated
/ Frame 0D46 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 info.json Show response
cdn.syndication.twimg.com/widgets/followbutton/ Frame 0D46 234 B
662 B 31ms
8ms Script
application/javascript 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/widgets/followbutton/info.json?callback=__twttr.setFollowersCountAndFollowing&lang=en&screen_names=threatpost

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/follow_button.06c6ee58c3810956b7509218508c7b56.en.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67AA) /

Resource Hash

0e765d3c7a5688e557cb9224f35a940bb233178decdec0c197a7ae9cab1f02da

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 368
x-cache: HIT
content-disposition: attachment; filename=jsonp.jsonp
access-control-allow-methods: GET
vary: Accept-Encoding
content-length: 178
x-xss-protection: 0
last-modified: Sat, 17 Jul 2021 15:01:06 GMT
server: ECS (frb/67AA)
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: application/javascript;charset=utf-8
expires: Sat, 17 Jul 2021 15:17:14 GMT
cache-control: must-revalidate, max-age=600
x-connection-hash: b3d68ebc741e615a719a9cdc4154c5376d60ac968ecdc5d18566fd38fc2e0596
accept-ranges: bytes
timing-allow-origin: *
x-transaction: 098db01374647eec
access-contol-allow-origin: platform.twitter.com

GET
H2 200 0.m3u8 Show response
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/ Frame 06EC 551 B
300 B 6ms
6ms XHR
application/x-mpegurl 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/0.m3u8
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2d8ec18a4288dbc3438cca4a20aa09805cc63b6143711315970818aae4776c84

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:14 GMT
content-encoding: gzip
last-modified: Fri, 02 Jul 2021 19:10:28 GMT
age: 97553
etag: "07b137385372caaa5bc87fe5fcdbf514"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
content-length: 237

GET
H2 206 0.mp4 Show response
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/ Frame 06EC 1 KB
1 KB 9ms
9ms XHR
video/mp4 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4c3bb0cf1307b258f7610c14aeddc97d17fcb96910f0182f0cff68df687d449e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-1359

Response headers

date: Sat, 17 Jul 2021 15:07:14 GMT
last-modified: Fri, 02 Jul 2021 19:10:28 GMT
age: 97551
etag: "9a6fa7a658c3bfb087d2734dbce319ef"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 0-1359/4241285
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 1360

OPTIONS
H2 200 0.mp4
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/ Frame 0
0 6ms
6ms Preflight 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/0.mp4
Protocol: H2
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

retry-after: 0
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Sat, 17 Jul 2021 15:07:14 GMT
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
access-control-allow-origin: *
content-length: 0

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ Frame 06EC 1 KB
890 B 577ms
268ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: fa1925dbad2ce2e35b9feb402612339abc8de3b8cbe8b1efd3a0482491fad473

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 614

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js Show response
platform.twitter.com/embed/ Frame CF5B 21 KB
7 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.d9280ec0b285102d53f4.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67F2) /
Resource Hash: c84737ed98fba5d40474804773fa4a889faad2a9f5a7f049c1d850494e9b5f39

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jul 2021 20:35:06 GMT
Server: ECS (frb/67F2)
Age: 412072
Etag: "633742842407ac7dad3d420012727391+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7050

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js Show response
platform.twitter.com/embed/ Frame CF5B 3 KB
2 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.d9280ec0b285102d53f4.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: 7b612ff529725ae692fe908ca7abab4d85d2cf65d40a0490185df84bc1bf5654

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jul 2021 20:35:04 GMT
Server: ECS (frb/6763)
Age: 412072
Etag: "e2a8baad532925d1d8cb8923f885aba8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 1545

OPTIONS
H2 200 0.mp4
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/ Frame 0
0 6ms
6ms Preflight 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/0.mp4
Protocol: H2
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

retry-after: 0
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Sat, 17 Jul 2021 15:07:14 GMT
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
access-control-allow-origin: *
content-length: 0

GET
H2 206 0.mp4 Show response
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/ Frame 06EC 648 KB
648 KB 7ms
6ms XHR
video/mp4 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b9c047619443ea3a47ff7fa0c67551103cdf6c4030c4b5ea69765fadffd0f8c6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=1360-664566

Response headers

date: Sat, 17 Jul 2021 15:07:14 GMT
last-modified: Fri, 02 Jul 2021 19:10:28 GMT
age: 97551
etag: "9a6fa7a658c3bfb087d2734dbce319ef"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 1360-664566/4241285
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 663207

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js Show response
platform.twitter.com/embed/ Frame CF5B 118 KB
32 KB 11ms
10ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.d9280ec0b285102d53f4.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67E2) /
Resource Hash: 404c99a291c53119a6bc17d791918a0c258daa0b2ff5740d8387da180085cc35

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jul 2021 20:35:07 GMT
Server: ECS (frb/67E2)
Age: 412072
Etag: "5f5c2203dc3e7463e8048cccdc25073d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 31959

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js Show response
platform.twitter.com/embed/ Frame CF5B 16 KB
6 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.d9280ec0b285102d53f4.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6738) /
Resource Hash: de6bfdf9ff0a2da5cf6e7f959ff0298d69a2eba4d4fafc5a457dd9513e2147b6

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jul 2021 20:35:04 GMT
Server: ECS (frb/6738)
Age: 412072
Etag: "4e87c3299d0f183ececc85b416a98a5d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5753

GET
H/1.1 200
OK embed.ondemand.Tweet.21bc304e285cf4685051.js Show response
platform.twitter.com/embed/ Frame CF5B 60 KB
15 KB 7ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.21bc304e285cf4685051.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.d9280ec0b285102d53f4.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67AA) /
Resource Hash: 52dd9255bbfc1067f03f2b5fd55c6145395ef01f7595b3c03e62ba9b62bce970

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=threatpost&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfX0%3D&frame=false&hideCard=false&hideThread=false&id=1415403132230803460&lang=en&origin=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&sessionId=fcde919ee6cb9a8eae52de0c0675d69104f5dfed&siteScreenName=threatpost&theme=light&widgetsVersion=82e1070%3A1619632193066&width=500px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Jul 2021 20:35:06 GMT
Server: ECS (frb/67AA)
Age: 412072
Etag: "bc65dd97130b49bcc298b3fd7285c31f+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14504

GET
H2 200 tweet Show response
cdn.syndication.twimg.com/ Frame CF5B 2 KB
1 KB 6ms
6ms XHR
application/json 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweet?features=tfw_experiments_cookie_expiration%3A1209600%3Btfw_horizon_tweet_embed_9555%3Ahte&id=1415403132230803460&lang=en

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6725) / Express

Resource Hash

866c91b5d9e409558fa275dfbfc6965d103827c34b8d2566f0c70b6bcdaa3c9c

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"74b-GE4YPz2NLJg7uuwkNIjGox6T1PM"
age: 32
x-powered-by: Express
x-cache: HIT
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
content-length: 817
x-xss-protection: 0
last-modified: Sat, 17 Jul 2021 15:06:42 GMT
server: ECS (frb/6725)
x-frame-options: SAMEORIGIN
date: Sat, 17 Jul 2021 15:07:14 GMT
vary: Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=60
access-control-allow-credentials: true
x-connection-hash: f77430822dc2f6adc7a4561a8d751fc03ecb360f388910eb0c2948b1d8d74211
accept-ranges: bytes
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

GET
H2 200 jot
syndication.twitter.com/i/ Frame CF5B 43 B
374 B 125ms
124ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1626534434562%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-1%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22threatpost%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22threatpost%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22d61acad%3A1625878599986%22%2C%22item_ids%22%3A%5B%221415403132230803460%22%5D%2C%22item_details%22%3A%7B%221415403132230803460%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Sat, 17 Jul 2021 15:07:14 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e238036104e088c297531879bdb45b90e3cf5a6543350ab4d30c01e9db4b80e6
x-transaction: a62a952afc9f9072
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ Frame 06EC 2 B
327 B 110ms
110ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: ffdbea2a5a9959ea5f9809139a0178c725fa9474a88f1cfe10f702bdb35c3cc0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 BPp7B47T_normal.png
pbs.twimg.com/profile_images/526793652673064960/ Frame CF5B 5 KB
5 KB 10ms
6ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/526793652673064960/BPp7B47T_normal.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67E2) /

Resource Hash

6a108e0af8fe6848b275a2827822879e528159c28a6f189f18288ab169abad78

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:14 GMT
x-content-type-options: nosniff
age: 427672
x-cache: HIT
content-length: 5303
x-response-time: 123
surrogate-key: profile_images profile_images/bucket/2 profile_images/526793652673064960
last-modified: Mon, 27 Oct 2014 17:50:48 GMT
server: ECS (frb/67E2)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 488ba989047a332967b183d0f87ac16b545d2f92c2dd349412b2d110d7ecea76
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 E6SFhcNX0AIqQRg
pbs.twimg.com/media/ Frame CF5B 16 KB
17 KB 10ms
10ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/E6SFhcNX0AIqQRg?format=png&name=360x360

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6752) /

Resource Hash

307249eba418a11fb0682c8a9b0c6db6e0a4bd12b4f1307b069ae88f0ba7699d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:14 GMT
x-content-type-options: nosniff
age: 241056
x-cache: HIT
content-length: 16886
surrogate-key: media media/bucket/9 media/1415402992455634946
last-modified: Wed, 14 Jul 2021 20:07:04 GMT
server: ECS (frb/6752)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 92e4a67d4acba24b6c1acece92bbdb9e9960f7afb30c4c1f2cc5a724851ff50d
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 E6SFiZXWEAkQ1n7
pbs.twimg.com/media/ Frame CF5B 45 KB
46 KB 6ms
6ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/E6SFiZXWEAkQ1n7?format=png&name=360x360

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6738) /

Resource Hash

f9393b6086ef517df2d5d88caa8c1c77a309124b3739befc23d4403f232a6be1

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:14 GMT
x-content-type-options: nosniff
age: 241056
x-cache: HIT
content-length: 46459
surrogate-key: media media/bucket/5 media/1415403008872026121
last-modified: Wed, 14 Jul 2021 20:07:08 GMT
server: ECS (frb/6738)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 23e8fb00bc8692de8beee2e04e35a8073566084222f61f3f9a53738c658ea8a9
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

POST
H/1.1 200
OK g Show response
capi.connatix.com/rtb/ Frame 06EC 2 B
303 B 104ms
103ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/rtb/g?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: ffdbea2a5a9959ea5f9809139a0178c725fa9474a88f1cfe10f702bdb35c3cc0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 28

OPTIONS
H2 200 0.mp4
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/ Frame 0
0 6ms
6ms Preflight 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/0.mp4
Protocol: H2
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

retry-after: 0
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Sat, 17 Jul 2021 15:07:14 GMT
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
access-control-allow-origin: *
content-length: 0

GET
H2 206 0.mp4 Show response
vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/ Frame 06EC 643 KB
643 KB 7ms
6ms XHR
video/mp4 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 9262a81e3d9b60c02da67b2af339cb7306ba7986594c0e11cf4c68e8b21a2af9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=664567-1322997

Response headers

date: Sat, 17 Jul 2021 15:07:14 GMT
last-modified: Fri, 02 Jul 2021 19:10:28 GMT
age: 97552
etag: "9a6fa7a658c3bfb087d2734dbce319ef"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 664567-1322997/4241285
cache-control: public,max-stale=31557600,stale-while-revalidate= 31557600, immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 658431

POST
H/1.1 200
OK mq Show response
capi.connatix.com/tr/ Frame 06EC 0
295 B 104ms
103ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/mq?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 jot
syndication.twitter.com/i/ Frame CF5B 43 B
165 B 126ms
124ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1626534434927%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22impression%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-1%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22threatpost%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22threatpost%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22d61acad%3A1625878599986%22%2C%22item_ids%22%3A%5B%221415403132230803460%22%5D%2C%22item_details%22%3A%7B%221415403132230803460%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Sat, 17 Jul 2021 15:07:15 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e238036104e088c297531879bdb45b90e3cf5a6543350ab4d30c01e9db4b80e6
x-transaction: ce4a7bbb6da75107
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame CF5B 43 B
117 B 130ms
129ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1626534434961%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-1%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22threatpost%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22threatpost%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22d61acad%3A1625878599986%22%2C%22item_ids%22%3A%5B%221415403132230803460%22%5D%2C%22item_details%22%3A%7B%221415403132230803460%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A881.4000015258789%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Sat, 17 Jul 2021 15:07:15 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e238036104e088c297531879bdb45b90e3cf5a6543350ab4d30c01e9db4b80e6
x-transaction: d440a010fa220ce3
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
118 B 116ms
115ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?dnt=1&l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22threatpost%22%2C%22widget_creator_screen_name%22%3A%22threatpost%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Awithcount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1626534435006%2C%22dnt%22%3Atrue%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22follow%22%2C%22action%22%3A%22impression%22%7D%7D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Sat, 17 Jul 2021 15:07:15 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e238036104e088c297531879bdb45b90e3cf5a6543350ab4d30c01e9db4b80e6
x-transaction: 0621612485b9471b
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H/1.1 200
OK sv Show response
capi.connatix.com/tr/ Frame 06EC 0
295 B 103ms
103ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sv?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:16 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 06EC 107 B
570 B 38ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 17 Jul 2021 15:07:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame D65D 156 B
871 B 180ms
158ms XHR
text/xml 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F2570&description_url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1517722308686209&cust_params=domains%3Dthreatpost.com&vad_type=linear&sdkv=h.3.471.1&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=2833875835&sdk_apis=2%2C8&sid=BC163FE5-2C2C-4455-8B5C-C44BA41A9183&top=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&loc=about%3Ablank&dlt=1626534432377&idt=2023&dt=1626534436904&cookie_enabled=1&scor=126173048071369&ged=ve4_td5_tt3_pd5_la5000_er1010.1249.1163.1549_vi0.0.1200.1600_vp100_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 06EC 107 B
122 B 29ms
14ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 17 Jul 2021 15:07:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06EC 0
56 B 39ms
39ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?adtagurl=https%3A%2F%2Fpubads.g.doubleclick.net%2Fgampad%2Fads%3Fiu%3D%2F107430338%2FCNXORTEST%2F8566%26description_url%3Dhttps%253A%252F%252Fthreatpost.com%252Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%252F167883%252F%26tfcd%3D0%26npa%3D0%26sz%3D400x300%257C640x480%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3D08d820fb-1440-4c24-9300-1895d16bc777%26cust_params%3Ddomains%253Dthreatpost.com%26vad_type%3Dlinear&customPlayback=f&customClick=f&lid=8&sdkv=h.3.471.1&id=ima_html5&c=2213501706575327&domain

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 6A90 25 KB
7 KB 273ms
258ms XHR
text/xml 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F8566&description_url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2972401145388126&cust_params=domains%3Dthreatpost.com&vad_type=linear&sdkv=h.3.471.1&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=2825327691&sdk_apis=2%2C8&sid=757487B4-4CC2-44B4-AE4F-DEF0E57EE33B&top=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&loc=about%3Ablank&dlt=1626534432377&idt=2077&dt=1626534437638&cookie_enabled=1&scor=2614275064329283&ged=ve4_td6_tt4_pd6_la6000_er1010.1249.1163.1549_vi0.0.1200.1600_vp100_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

32c9e47652eef12c886bfa49fcbd9d27bf122d77ed77bc38601a2bdec1bb377d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6748
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 6A90 20 KB
13 KB 75ms
45ms XHR
text/xml 142.250.110.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-BROsGJlXyhkFah6NcxkbOQq7eq7daitWnBKkQJ5fn97iByQiU4_hhvs9kPtuPzZptFGrZfjoNl2L3OEH7NB5bmFKoEwQ&dbm_d=AKAmf-BfGPTt8nkARAWssG64OmizwVZTB9u_X5-pgk0r1v8QJUxMQUaQBqYluTOfPXaIWirHji9AuQzWFBc1uhGSoSgYZOo4RNidwel9OidI0NxHGHOPUwnMq-bepRP5CgYgofUVmoLSIB6vOw1C_i2bTHo4jZghMtH3iJrLgXpBleUhfy-UEjUrcI2PyVEPILGpyLupqfBnAQNgds563ggKxIXY3o71X0NPXg85QT5M7LBH1vvk1Bgv2yF3DtUTsoK1kyGZbcy7AVJ-UxrM14hR7jtFwwfIs69FVzYz0iHwlcxCwcGkIDatnjDNPJln762M0PTCTLU2I3uPq2ET7FnCvwNKCr0RTVb_RBT6bTKvL5A4jUgjF3kLCGa0TARIT5GAWmvziD3yyDcucVVnaJaFZGAxU3_2exCG1TjnV6qptMEJYmreeldRwAQ4CIfPEqibhh-t9p0AOTfFGLJeJZ2-WDkFG6PmGaW2ZuhEJ1bZawAVR-bdtyLheP0QWF_rgB96k43ZWG0hbbEXXATi_QpTvJZUywH-t3ySPPAZBBNKxUkIxorqn9Vf0igp5279wiTOxyF-HK_KLPoqSi3f7UsVW3KiE-bfjYCE3XtkOi_tOQ0mFsxWnxEcgAuCZVcOmqqRFBmWGfywWXtCfGppOXaMgg51gw5x1gJhyp2aKXSJFVW3UuAc-eKEt1M7tEPDI8Jjgv59sAFjhPWGSSEi5r9wEwAVFgQt0TfpTJJTofBixTqTwu5IQqQTlHOsSmJyatmQV5rkErUPDkIGGVI0fp1NYGuJBRkwfC7aTzFqdvYaW7lfoMni-XLxHI2RxCQx2W1qs_nUU4MkXwlynd6SvwBzqc4OXyJja0U9-L1-qqHeY8CvySvFD4SwOiqFRvFVciC77OysqpxhC3wldGJiYhyB64aZbTUqSZbAODpCw5bn5GkUmlvCcrQfSZmtHZ1MO_A4_vUpOsB0g8m0Fto8kTKghhpRRK4oFWVtVQqyRqSeHr0OzChii2LJx3J8Rl3C5dpZLWnorJ_oD7lgIA2Vh6Ijb1-DHx8ULlwjSYupIjpd10XapKo_zVrBTVCjCv1aRY2qrzvIxzsizSkQPi7A4fFFiFp4vDXrStzAU0DzkhmzHweLCzdgQhYUYlKYLbxDJb_k35t4ReznOSQBDJcQMQYj-h9YY2ThEoHju3dBXKwbxXoF52Oq70EI6zIhmnLxZoXsC9qWx2YcxM0i4jDH3DGgVq18GKb2cqonqrod9JDuBGodePVoVxaMd4VjwKQOKz6D2Ovivvr00b5N4Sk-TRYmLgfVLpb0Bxao0No0esYuifS9me-2nDZWcvojDfiQenGiQ16otHknrJhxCL9dduRPYpwoCSWXPP9ZKzPqzHJn8BYw0wugeQj6vVIJ9HHPWz9ZPCGyfxvzi-nsdflxzModqYY-6HXgvXz7N6eWIzMhpvV1fHXApYAzXaRh0x9m-LmsYAIKzr8X0qdA5Y6Qsq432tcmZoEkKUY4RgI7tk1UBdZaVWoE1vn_A1w3qovMZ0gp75ertxox7DK76fg_wNNa52bIoGPLsB03GSAZ-nbtSdQFICXNnv7Zyj7i6hhyG43yQRWS0Oj4ZPQwY5s5yemnluOSrerBRE2dAOVfCe-i_Cppges5yvtRFSuc8-KgdGdwuJUgGWNiPQ3Q74nXLqVhR4wS4yhPp-63sfXCUI9NRkcWhmNTQT8GIKCpVgu1iotlluVL1ADDr-P93FhYZWavDkdjI5Ps8RSJnItr7YcjA2_OKPHQ5vjAkxmFzz9R07dGMXje2dBVcFPd3_rqydRXTIeNbFckaUM2y6ODRdqAJx8AlfgD0hEt9HdRNKiDA7P2vaUCB-_-2SnwixHYIAE4Mya2THqw2op4LsOVGEb-FTvsq31nCclo-WRGIhsFxhjVDJUJzeJ-798kOQGkNtEEJbxPeY9rRZbh8OJCYqmwFCaFSqBis9xGWqSiPEshPOwxSXyX_sC0slp1l0RUY0gqENy2ZPUUyziVFShH1pGPX9_HiRlwvbhoMgZEoVKu5DxCl91cnH8G79J0p_eI8uxSMpIssUOcHiH4A-G_7h9RY5xUr3_Ty42qEpQN8lsNGA9PFjoSoqyP35xj7oPH2JdLcKey6Wg0PBR4vjsNymhe5G49RBRMo53F978KPeeb9gjJu8VUvfdd8P4D37ud7O-Q_rh8-5zHo80Q7XYnRabdY-rw03KuFyYHo4Xa4UtCixTelDS5a8cOTVL8mMZ4U9q7QPGSFpfWXShkyGf1kn_Fd8cAQ9-QDeBFIS13ZgJoz-fP3vLi6RW42Sc6v_XSG_7HI_EQyX-U1Vn6L682ziZeGjfwgjXoc2aUKgH3UAvgCxjS_ADCERZZ3n5pxdNDeKEB0vmuog11LxAhm3MxQ_FKHT2FLLf5LFDVeR9srNx3mw_foLA5h7C1MpqJJ8gVBOz8xx8-e8Q7naadcjTQVBa1zqVPlF34KR18AEcKLprc-Ip8dI4ckOm_ZF3-2Cw5O8QiD3VCIkrwJFaQVLKK5a6czZGUpN5Gm6v6eWXqTUYOKAgR-2k0XIRlclMoj6crRHqkYSUxRB6FVw9lZF42I8SA3sFPCLN8RQxNwxhR0s1pfmcPzlEfX06hbv127TTPe7Ls6sVFuEPJex0UxeNq4vJjcoW0eJWIwO6yTTCy2fAGK3ktvxXiqNLLna2tlHVIW1TncKmZ_T8U84tezdnnabLXpCyx0Pc1s7QKm_QeqBsF8Yf8khXCm3qUJUo1MGli7TpOspbPK82qMHGyg_lFceS7ZRmCmUdQ7JjUPXc42nFuKB_dxlmgAKyADOXF2VuIrSLOWRLo-RliS2Yc_PBG7w9YlsS3nYaJRdrYNdY8_-WLxhF0wbeobEBWWBeDFMqzB4XTyRe6p475eWwUC-IPZm_KJ5HVp3FPiNZfVwUhsykcujNb35iAbH3t_vrZHodX5ehTjzEw1LRyiLnhXf5L1HhkKU5SqlcMn0a2sBlWLgFdUiCnyH5B-_gDgixid1zqFtBslpgKnpUR8OONdujPK3Pv-WdOZD-tJ4U&cid=CAASEuRoT9mH5d6k9VC62sOZGyZ_EA&sdkv=h.3.471.1&osd=2&frm=1&vis=1&sdr=1&is_amp=0&hl=en&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=2825327691&sdk_apis=2%2C8&sid=757487B4-4CC2-44B4-AE4F-DEF0E57EE33B&top=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&loc=about%3Ablank&dlt=1626534432377&idt=2077&dt=1626534437927&ged=ve4_td6_tt4_pd6_la6000_er1010.1249.1163.1549_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.110.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08e7370971dc99dde77852601b25e52e7c870df4af7165cf529d82ef3b7896df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12823
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 55012521 Show response
unified.adsafeprotected.com/v2/728464/ Frame 6A90 21 KB
4 KB 156ms
56ms XHR
text/xml 34.253.15.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unified.adsafeprotected.com/v2/728464/55012521?mon=55012522&omidPartner=-1&apiframeworks=2,8&bundleId=[BUNDLEID]&originalVast=https://ad.doubleclick.net/ddm/pfadx/N105603.2093103DBM/B25888486.304906530%3Bsz%3D0x0%3Bkw%3D51375491%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.3.471.1%3Bdc_osd%3D2%3Bdc_frm%3D1%3Bdc_adk%3D2825327691%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/%3Bdc_vast%3D4%3Bdc_ves%3DdGltZXN0YW1wOiAxNjI2NTM0NDM3OTg2Cg%3Bdc_cid%3D151506207%3Bdc_adid%3D497841493%3Bdc_vpaid%3D0%3B
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.15.48 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-15-48.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 69e9bdd28733875c70f92161d75a5bd685d054f86e8d3fa78222812c8cd69b7a

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:18 GMT
Content-Encoding: gzip
Vary: Origin
Content-Type: text/xml; charset=UTF-8
Access-Control-Allow-Origin: https://imasdk.googleapis.com
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4101

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06EC 0
20 B 54ms
39ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?vd=diff&oc=f&nc=f&oi=f&ni=f&custVid=718565213&lid=93&sdkv=h.3.471.1&id=ima_html5&c=2213501706575327&domain

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 6A90 0
348 B 1070ms
383ms Ping
image/gif 2404:6800:4006:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kr7wltvz&c=2203625467151&slotId=1101812733575.5&qqid=CKT6_fqw6vECFeHjuwgdiYgOxw&gqid=JfLyYNq8KJOU9u8P1qezyA4&fb=ima_html5-lima&sdkv=h.3.471.1&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&wta=1&vmfc=19&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4006:810::2003 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 6A90 42 B
140 B 19ms
17ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 loader.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 9E5F 52 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/loader.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9b86fb3ddf4db048fcdb86ae7b80be5565a239669b67652a8ae1398e487edbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 14:56:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 21:02:50 GMT
server: sffe
age: 654
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18950
x-xss-protection: 0
expires: Sat, 17 Jul 2021 15:11:24 GMT

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 6A90 42 B
64 B 25ms
25ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
pubads.g.doubleclick.net/pagead/ Frame 6A90 0
0 44ms
43ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/pagead/adview?ai=C2HMyJfLyYOTTKeHH7_UPiZG6uAydsaSoY9mIjIKRDomF9cipJRABINKW5jhglYKAgLAHyAEFqQJUzvh2M86zPqgDAcgDE5gEAKoE3wFP0KMF-W1ZW9B_RlL7pq-wq42mu8Fmc6XshWQRdEK0-ZH4pEqMqYcwzNN61l-CY80DHwB0T-Twt0lnWI8-hWTB3ukBu5fMKd1dfa8PDRkwqXrHJwXUdqpn--lZdK6MqrLipZejmS1RLgPwr_8zRb18AzEehmYHkuTybFEL9P7zysytQUhG7sWQKLriTCAQwEW1xE6EJNGLio4ItKyGFQU_lLS138k08qW0lQGa7e8FYGVbVu-wbyvz0JQJbDWn8voX_Vn6KuFS0BVo_q-tseg_vbf5T9RmnFcdU62mcFVVwATrycX2xwPgBAOIBdPoqbIxkgUGCBsQAxgDkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAZOgAfVhLmuAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUb2AcA8gcLEN6zxwgY0-aMrAHSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTEzNTY2MzI4NjIzNTQ0ODaACgPICwGwE_PX1wvIE6e1j90D0BMA2BMDiBQF2BQB0BUBgBcBshcaChgIABIUcHViLTE5Mjk2MTU2OTQzNzMxMDM&sigh=EmYh6LGfCjo&cmd=Ch1jYS12aWRlby1wdWItMTkyOTYxNTY5NDM3MzEwMxAAGAI&cid=CAQSOwCNIrLMsyIz7c9iPTFiOZu7uzV8HJr0Aj_5_SzMpJc-vcPf8e1urxchotdBxJmS1G45ZWpD3QMc6IeN&vt=10&sdkv=h.3.471.1&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw1MjQ5MjY4Mjk5MTRAlAIKOAgCEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk0OTc4NDE0OTMyCTE1MTUwNjIwN0BPCl8IARIbdW5pZmllZC5hZHNhZmVwcm90ZWN0ZWQuY29tGgNEQ00gBCoJNDk3ODQxNDkzMgkxNTE1MDYyMDdAngFSHiUAAKBBKAE6CzE1MTUwNjIwNy0xQgRHRENNUABgARgB
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s42-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06EC 0
20 B 39ms
39ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?lid=130&sdkv=h.3.471.1&id=ima_html5&c=2213501706575327&domain

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vpaid.2021.02.11-11.02-19676e0.js Show response
static.adsafeprotected.com/ias/v1/ Frame 9E5F 176 KB
42 KB 140ms
56ms Script
application/javascript 3.250.250.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/ias/v1/vpaid.2021.02.11-11.02-19676e0.js
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.250.250.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-250-250-79.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 40ca98c145bf27de21e87e43748da8e926d8986e851f3e6747cafc4da373bca2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:18 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 16:29:40 GMT
server: nginx/1.16.1
age: 14747
etag: W/"14bdef8489e0d98a23c89039d178011f"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800

GET
H2 200 ad Show response
ssp.lkqd.net/ Frame 06EC 168 B
346 B 728ms
335ms XHR
application/xml 146.20.128.174
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.lkqd.net/ad?pid=593&sid=1081148&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=400&height=225&dnt=%5Bdo_not_track%5D&gdpr=1&gdprcs=undefined&ip=159.48.53.18&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&pageurl=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&contentid=%5Bcontent_id%5D&contenttitle=This%20Day%20in%20History&contentlength=71&contenturl=%5Bcontent_url%5D&rnd=d9ae3e36-7258-459a-aa1f-3e4e7d868a54
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.174 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: 0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://threatpost.com
date: Sat, 17 Jul 2021 15:07:18 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-encoding: gzip
content-type: application/xml; charset=UTF-8

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/db2/video/728464/55012521/ 40 B
383 B 305ms
38ms XHR
application/javascript 34.246.26.134
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/db2/video/728464/55012521/skeleton.js?videoId=3a3be4e93602247b787da771c026588c&adsafe_url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&adsafe_type=abdq&adsafe_jsinfo=br:u
Requested by: Host: static.adsafeprotected.com
URL: https://static.adsafeprotected.com/ias/v1/vpaid.2021.02.11-11.02-19676e0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.26.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-26-134.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2d853d5c205e6bc73c9928255af1ea931f948c6f46f607eeef92935f37f72f5a

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:18 GMT
content-encoding: gzip
x-server-name: app24.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: X-Server-Name
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/fwjsvid/st/728464/55012521/ 223 KB
74 KB 318ms
52ms Script
application/javascript 34.246.26.134
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/fwjsvid/st/728464/55012521/skeleton.js?videoId=3a3be4e93602247b787da771c026588c&apiframeworks=2,8&bundleId=[BUNDLEID]&mon=55012522&omidPartner=-1&xmapp=0&xmtp=v&xsId=6ece0ff5-60f1-4c3d-86a9-717b4edae786&adsafe_par=&logTestResults=false
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.26.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-26-134.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e161fc2236af47e2fe2dc323c09bd73bc24fc2b7b6467a8b94a3f95b02cbe32f

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:18 GMT
content-encoding: gzip
x-server-name: app07.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1

206
Partial Content

file.mp4
r2---sn-4g5ednsl.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m...
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sig...
https://r2---sn-4g5ednsl.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,i...

87 KB
0

233ms
7ms

Media
video/mp4

2a00:1450:4001:6a::7
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5ednsl.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/80B06AE607256B22BA2D29A74A1C148FF83033D5.717661B3F4850A02AD8C61A10962BF1672D19426/key/cms1/cms_redirect/yes/mh/pk/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5ednsl/ms/onc/mt/1626534054/mv/m/mvi/2/pl/52/file/file.mp4

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:6a::7 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:18 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 20 May 2021 12:43:07 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-1439955/1439956
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1439956
Expires: Sat, 17 Jul 2021 15:07:18 GMT

Redirect headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:18 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r2---sn-4g5ednsl.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/80B06AE607256B22BA2D29A74A1C148FF83033D5.717661B3F4850A02AD8C61A10962BF1672D19426/key/cms1/cms_redirect/yes/mh/pk/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5ednsl/ms/onc/mt/1626534054/mv/m/mvi/2/pl/52/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 652
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06EC 0
20 B 39ms
38ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?apl=0&ip=1&iavp=0&lid=99&sdkv=h.3.471.1&id=ima_html5&c=2213501706575327&domain

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

206

https://gcdn.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sig...
https://r2---sn-4g5ednsl.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,i...

1 MB
1 MB

17ms
8ms

Media
video/mp4

2a00:1450:4001:6a::7
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5ednsl.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/3F0FD93FB13C5DF2BF11A4E7356730AFFA0DB74A.0459E6F01D6F567B425852762666D1EF6DF198EB/key/cms1/cms_redirect/yes/mh/pk/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5ednsl/ms/onc/mt/1626534054/mv/m/mvi/2/pl/52/file/file.mp4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6a::7 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

3ff5695eb428fb5333956f38650af27c8b6017ae19e0daf220383d2c4fd2638e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 20 May 2021 12:43:07 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
Content-Range: bytes 0-1439955/1439956
client-protocol: quic
cache-control: private, max-age=86400
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1439956
expires: Sat, 17 Jul 2021 15:07:18 GMT

Redirect headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:18 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r2---sn-4g5ednsl.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/3F0FD93FB13C5DF2BF11A4E7356730AFFA0DB74A.0459E6F01D6F567B425852762666D1EF6DF198EB/key/cms1/cms_redirect/yes/mh/pk/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5ednsl/ms/onc/mt/1626534054/mv/m/mvi/2/pl/52/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 652
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 6A90 41 KB
15 KB 32ms
8ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 12:45:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94920
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Jul 2022 12:45:18 GMT

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 6A90 42 B
64 B 19ms
17ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CeIavJfLyYOTTKeHH7_UPiZG6uAydsaSoY9mIjIKRDomF9cipJRABINKW5jhglYKAgLAHyAEFqQJUzvh2M86zPqgDAcgDE5gEAKoE4gFP0KMF-W1ZW9B_RlL7pq-wq42mu8Fmc6XshWQRdEK0-ZH4pEqMqYcwzNN61l-CY80DHwB0T-Twt0lnWI8-hWTB3ukBu5fMKd1dfa8PDRkwqXrHJwXUdqpn--lZdK6MqrLipZejmS1RLgPwr_8zRb18AzEehmYHkuTybFEL9P7zysytQUhG7sWQKLriTCAQwEW1xE6EJNGLio4ItKyGFQU_lLS138k08qW0lQGa7e8FYGVbVu-wbyvz0JQJbDWn8voX_QH7iP1a6oN8bBYzesStduhL1dXXBluC_7U59CtNquYFwATrycX2xwPgBAOQBgGgBk6AB9WEua4CqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDmAsByAsBgAwBsBPz19cL0BMA2BMDiBQF2BQB0BUBgBcB&sigh=6T6hxsIisUE&label=vast_creativeview&ad_mt=0&acvw=sv%3D900%26cb%3Dj%26e%3D19%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26vpaid%26dur%3D-1%26vmtime%3D-1%26is%3D0%26cs%3D0%26c%3D0%26mc%3D-1%26nc%3D-1%26mv%3D-1%26nv%3D-1%26lte%3D-2%26ces%26femt%3D3787%26femvt%3D0%26emc%3D3%26emuc%3D0%26emb%3D3,0,0,0,0%26avms%3Dexc%26qi%3D885958576%26psm%3D0%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D1626534438770%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1626534438232&sdkv=h.3.471.1&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw1MjQ5MjY4Mjk5MTRAlAIKOAgCEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk0OTc4NDE0OTMyCTE1MTUwNjIwN0BPCmQIARIbdW5pZmllZC5hZHNhZmVwcm90ZWN0ZWQuY29tGgNEQ00gBCoJNDk3ODQxNDkzMgkxNTE1MDYyMDdAngFSIxAEJQAAoEEoAToLMTUxNTA2MjA3LTFCBEdEQ01ImgRQAGABGAE.

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/db2/video/728464/55012521/ 92 B
314 B 32ms
32ms Script
application/javascript 34.246.26.134
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/db2/video/728464/55012521/skeleton.js?ias_callback=__IntegralAS_6a7bf1ef8110cd839a642e67f7d1e037_5221&videoId=3a3be4e93602247b787da771c026588c&apiframeworks=2,8&bundleId=[BUNDLEID]&mon=55012522&omidPartner=-1&xmapp=0&xmtp=v&xsId=6ece0ff5-60f1-4c3d-86a9-717b4edae786&adsafe_par=&logTestResults=false&adsafe_url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&adsafe_type=abdq&adsafe_url=https%3A%2F%2Fthreatpost.com%2F&adsafe_type=f&adsafe_jsinfo=,id:6a7bf1ef-8110-cd83-9a64-2e67f7d1e037,c:iDP4aj,sl:outOfView,em:false,fr:true,mn:app07ie,pt:2-5-15,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:v,br:u,abv:na,an:n,oam:0,vc:jv3,scm:publ2,nbld:0,mtim:4,fm:sDqYKc6+1*.728464-55012521%7C11%7C12%7C13%7C14%7C15%7C161%7C17%7C181%7C19%7C1a1%7C1b%7C1c%7C1d%7C1e,idMap:1*,pl:,rmeas:1,rend:1,renddet:env,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,tt:fwjsvid,thd:1,et:34,oid:add96302-e710-11eb-b926-06aaa1ae1a14,v:19.8.217,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.26.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-26-134.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b97b92827808a9f1f2c39a95970569f0df05c32b46a1f0cd695ece2eb6fcec24

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:18 GMT
content-encoding: gzip
x-server-name: app01.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: application/javascript;charset=utf-8
server: nginx

GET
H2 200 sca.17.5.8.js Show response
static.adsafeprotected.com/ Frame 4BBF 81 KB
21 KB 33ms
32ms Script
application/javascript 3.250.250.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.8.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.250.250.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-250-250-79.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 5741be6b72688b3214f976204cfc20318cad398025dd67f3899de16e52d09f3c

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:18 GMT
content-encoding: gzip
last-modified: Tue, 06 Jul 2021 16:56:51 GMT
server: nginx/1.16.1
etag: W/"d3a5eb4641ef598834c5a5da80f41ea3"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

POST
H/1.1 200
OK abt Show response
capi.connatix.com/tr/ Frame 06EC 0
295 B 107ms
107ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/abt?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:18 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3-29 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 7B57 23 KB
9 KB 45ms
7ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/H0ZEmIz7.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://imasdk.googleapis.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://imasdk.googleapis.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8727
date: Fri, 16 Jul 2021 12:45:19 GMT
expires: Sat, 16 Jul 2022 12:45:19 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 94919
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
216 B 289ms
93ms Image
image/gif 35.169.133.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=728464&asId=6a7bf1ef-8110-cd83-9a64-2e67f7d1e037&tv=%7Bc:iDP4ci,time:156,type:e,env:%7Bgca:false,cca:true%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:156,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:32,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:v,bkn:%7Bpiv:%5B149~100%5D,as:%5B149~400.225%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:O,tt:fwjsvid,dtt:0,fm:sDqYKc6+1*.728464-55012521%7C11%7C12%7C13%7C14%7C15%7C161%7C17%7C181%7C19%7C1a1%7C1b%7C1c%7C1d%7C1e,idMap:1*,rmeas:1,rend:1,renddet:env%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.133.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-133-103.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
x-server-name: dt21.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3-29 200 s-OE46cnkXGFQoo4r8zhnqxzG88VmeLG6mk72mZMPyg.js Show response
pagead2.googlesyndication.com/bg/ Frame 7B57 35 KB
13 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/s-OE46cnkXGFQoo4r8zhnqxzG88VmeLG6mk72mZMPyg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3e384e3a727917185428a38afcce19eac731bcf1599e2c6ea693bda664c3f28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 14:22:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 89109
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13247
x-xss-protection: 0
last-modified: Tue, 06 Jul 2021 09:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 16 Jul 2022 14:22:09 GMT

GET
H2 200 ad Show response
ssp.lkqd.net/ Frame 06EC 168 B
345 B 96ms
96ms XHR
application/xml 146.20.128.174
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.lkqd.net/ad?pid=593&sid=1081146&output=svpaid&support=html5&execution=any&placement=&playinit=auto&volume=0&width=400&height=225&dnt=%5Bdo_not_track%5D&gdpr=1&gdprcs=undefined&ip=159.48.53.18&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&pageurl=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&contentid=%5Bcontent_id%5D&contenttitle=This%20Day%20in%20History&contentlength=71&contenturl=%5Bcontent_url%5D&rnd=d07735d7-23e1-475a-8e41-ede0430a2e19
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.174 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: 0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: https://threatpost.com
date: Sat, 17 Jul 2021 15:07:19 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-encoding: gzip
content-type: application/xml; charset=UTF-8

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 94ms
94ms Image
image/gif 35.169.133.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=728464&asId=6a7bf1ef-8110-cd83-9a64-2e67f7d1e037&tv=%7Bc:iDP4hi,pingTime:-10,time:466,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.5.8v220002022000220000022002222000022220200000222200222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222222220022202200022002220222202,sd:MTcuNS44djEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNS44dk1vemlsbGF8fE5ldHNjYXBlfHxufHwxNnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fC0xMjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,asp:1626534439254%7C%7C99910c4a8929c77e1187ac2b4bed23f9%7C%7Cf34e96995ddf3ff5eb1bfde138cfe29c%7C%7C946e4be0de5d9643b515edc2641f585d%7C%7C2dd8ebeec7a3537589b22d4300c4b546%7C%7Cf02ce63d4dbc5c073a20bac8481e7ac0%7C%7Ccf90794fbb9f7b755e689cf0b99ba8e0%7C%7Cdbc6a715b1730fda8a816d6cbf5721ea%7C%7C1625590601,ch:n%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.133.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-133-103.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
x-server-name: dt25.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK pixel.png
unified.adsafeprotected.com/ Frame 9E5F 35 B
174 B 34ms
30ms Image
image/gif 34.253.15.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjozMDMsInNpdGVfdXVpZCI6ImFmZGRlZjVkLWMyMDQtNDBhOS1iNGZiLTk2NWExNDVkMDY5NiIsImJpZF9yZXF1ZXN0Ijp7InNpdGUiOnsicGFnZSI6Imh0dHBzOi8vdGhyZWF0cG9zdC5jb20vbGludXgtdmFyaWFudC1vZi1oZWxsb2tpdHR5LXJhbnNvbXdhcmUtdGFyZ2V0cy12bXdhcmUtZXN4aS1zZXJ2ZXJzLzE2Nzg4My8ifX0sImNiIjoxNjI2NTM0NDM5Mjg2LCJpYXNfc2luZ2xldGFnIjp0cnVlLCJpYXNfc2luZ2xldGFnX291dGNvbWUiOjE5LCJoZWFkZXJzIjp7ImhlYWRlcjgiOiJpYXNvIn0sImN1c3RvbSI6eyJjdXN0b203IjoiNzI4NDY0IiwiY3VzdG9tOCI6IjU1MDEyNTIxIiwiY3VzdG9tMTEiOiIyMDIxLjAyLjExLTExLjAyLTE5Njc2ZTAiLCJ4c2lkIjoiNmVjZTBmZjUtNjBmMS00YzNkLTg2YTktNzE3YjRlZGFlNzg2In19
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.15.48 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-15-48.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:19 GMT
Connection: keep-alive
Content-Length: 35
Vary: Origin
Content-Type: image/gif

GET
H2

200

skeleton.js
static.adsafeprotected.com/
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/728464/55012521/skeleton.js?videoId=3a3be4e93602247b787da771c026588c&apiframeworks=2,8&bundleId=[BUNDLEID]&mon=55012522&omidPartner=-1&xmapp=0&xmtp=v&xsId=6...
https://static.adsafeprotected.com/skeleton.js?videoId=3a3be4e93602247b787da771c026588c&apiframeworks=2,8&bundleId=[BUNDLEID]&mon=55012522&omidPartner=-1&xmapp=0&xmtp=v&xsId=6ece0ff5-60f1-4c3d-86a9...

17 B
17 B

32ms
32ms

Image
application/javascript

3.250.250.79
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.js?videoId=3a3be4e93602247b787da771c026588c&apiframeworks=2,8&bundleId=[BUNDLEID]&mon=55012522&omidPartner=-1&xmapp=0&xmtp=v&xsId=6ece0ff5-60f1-4c3d-86a9-717b4edae786
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.250.250.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-250-250-79.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:19 GMT
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: nginx/1.16.1
age: 9611636
etag: "53fab767ecbd3bf07990b10246befbd4"
x-cache-status: HIT
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 17

Redirect headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
x-server-name: app02.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js?videoId=3a3be4e93602247b787da771c026588c&apiframeworks=2,8&bundleId=[BUNDLEID]&mon=55012522&omidPartner=-1&xmapp=0&xmtp=v&xsId=6ece0ff5-60f1-4c3d-86a9-717b4edae786
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 dc_oe=ChMItNCP-7Dq8QIViBHTCh18ZwezEAAYACCfmp9IQhMIpPr9-rDq8QIV4eO7CB2JiA7H;met=1;acvw=sv%3D900%26cb%3Dj%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26a...
ade.googlesyndication.com/ddm/activity/ Frame 6A90 42 B
107 B 69ms
46ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMItNCP-7Dq8QIViBHTCh18ZwezEAAYACCfmp9IQhMIpPr9-rDq8QIV4eO7CB2JiA7H;met=1;acvw=sv%3D900%26cb%3Dj%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26vpaid%26dur%3D20010%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D3787%26femvt%3D0%26emc%3D5%26emuc%3D0%26emb%3D5,0,0,0,0%26avms%3Dexc%26qi%3D885958576%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1626534439325%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1626534438232;dc_rfl=1,https%253A%252F%252Fthreatpost.com%252Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%252F167883%252F%240;ecn1=1;etm1=0;eid1=11;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 6A90 42 B
64 B 19ms
18ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CeIavJfLyYOTTKeHH7_UPiZG6uAydsaSoY9mIjIKRDomF9cipJRABINKW5jhglYKAgLAHyAEFqQJUzvh2M86zPqgDAcgDE5gEAKoE4gFP0KMF-W1ZW9B_RlL7pq-wq42mu8Fmc6XshWQRdEK0-ZH4pEqMqYcwzNN61l-CY80DHwB0T-Twt0lnWI8-hWTB3ukBu5fMKd1dfa8PDRkwqXrHJwXUdqpn--lZdK6MqrLipZejmS1RLgPwr_8zRb18AzEehmYHkuTybFEL9P7zysytQUhG7sWQKLriTCAQwEW1xE6EJNGLio4ItKyGFQU_lLS138k08qW0lQGa7e8FYGVbVu-wbyvz0JQJbDWn8voX_QH7iP1a6oN8bBYzesStduhL1dXXBluC_7U59CtNquYFwATrycX2xwPgBAOQBgGgBk6AB9WEua4CqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDmAsByAsBgAwBsBPz19cL0BMA2BMDiBQF2BQB0BUBgBcB&sigh=6T6hxsIisUE&label=part2viewed&ad_mt=291&acvw=sv%3D900%26cb%3Dj%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26vpaid%26dur%3D20010%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26i0%3D275%26ic%3D0%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D3787%26femvt%3D0%26emc%3D5%26emuc%3D0%26emb%3D5,0,0,0,0%26avms%3Dexc%26qi%3D885958576%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1626534439325%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1626534438232&sdkv=h.3.471.1&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw1MjQ5MjY4Mjk5MTRAlAIKOAgCEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk0OTc4NDE0OTMyCTE1MTUwNjIwN0BPCmQIARIbdW5pZmllZC5hZHNhZmVwcm90ZWN0ZWQuY29tGgNEQ00gBCoJNDk3ODQxNDkzMgkxNTE1MDYyMDdAngFSIxAEJdkVoEEoAToLMTUxNTA2MjA3LTFCBEdEQ01ImgRQAGABGAE.

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6A90 0
20 B 43ms
41ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6A90 0
592 B 63ms
28ms Image
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvtuH-YsOElO2ihe2ZUNu-ZQvjp_CH9MYgKKQYK6B_9oKe62xux2gDnMN90Egn0qrxoBLXr_Lb6dKPZ_-qRxHRiFQEH3VreRpsGnh_VX63i2ln-sTG0eTzFc6GOCEMOv9zOHzQR2ZUNCiwhg9xNEZOwGsYj-L_R5MGHQi-uLnpyrWfrYafQ0EhiESu7gBEuTiwTARW9Ri3zYUOe-JxCGuwz6jMlOp0XJY_dO6izD_L1G2ACOx5O7iBuOp3cOa4-KBgYuKZPym6Ly66UFqCZCmVbZYY0Y05qIAhk4plThSn_T7CSM9RfL5XTD_jqLdGgnt3GZn6QZoAxRN-X5NhsO_aK-hxuWJmghbO0UR7MAOFo0PUt-hnuI-KV58gt_fivwBzW5LsJX7EKvuiYd4TpUzyCcv3p75gO3j_sbikx4IrqA3-oriQ06DkjbFH4YDJw-O0TPe8AUZUk9aFy4JGrVhRnrjh1jjK6q_I-RuvwFoaj_t3FWcy0d7lo9ns98TUnRszs_aqqjKCydZnCMwm8vRXPZhY2HEOOCBBmwr9xrJm0TlzXsGpQh6jh5pr-3aty5ldk-8a-mlEkKMVRIs8wEpnTUnweWTsI4tenwF2npuZuwJb5YBbbia_MmiWXz1U5VLdePGZIDWdjcohDH7n_9rzT1FnLwShe7p7aIlrmtH7g4tVB9On-y6BdUKGjm2FU36YTwN3Fy6U5sUptskdrsZzzuJz5FhR6DMMoIWJ60oTyPmpKF8YgBecxW-k4Zu_PgyTzKd2whN2ZWyJ6Y1iJ7gy81EMWySfXdTqSBXYYBdG0O9r9tCmucTuY5_exKfBVRF0siGmmpBxsnS_vT693l84TRonGNGGjmp2UAWUhnCkjgqyS3e_0BOGH0WoLn_qgmQ3iMwdc0NO2LkYJoc2-gpdPpMXKEAwKtYFs05Tp5Kw5M12crAmfVETGFjxqLUQJ2hardqtGK7h4A7fbqrge5icOGVlEITNPNT1ID3vJt_Meku9myzORUVnGxXGc1QxZetc-iJrueXfsEClE2VGZtebax3rWANrSDw4BerMznkLrqw3jx7Lb6uPNcfWkzaqMNqVVDNzetvPgHTspnmLczwQzOFoE45QVhUet4wASva2sW2ht84DgTRwV1674Gfks6fpoAApPjjNZIdfp8Zeywm879K568RLC28vUvz1PLZw_iWMZqw&sai=AMfl-YS9jgaOoMU3aavjIWYCm-YecnV-bnjnQHUPyYN6gz7GLfENX6y2kUzu9BR1KyOz0WnF674Fl68gNF2P3Gry3f2eRmgiDtcRpacuozwwTKu9gUWybYR_pWbclQcQ9JBLM0FL0LOmS67kN83ztsETXcA1rFULig&sig=Cg0ArKJSzITzt6_Bi4ggEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&sdkv=h.3.471.1&adurl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 17 Jul 2021 15:07:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

tr_ttd.tr
red.vtracy.de/ Frame 6A90
Redirect Chain

https://red.vtracy.de/img.tr?tr_adid=k25888486_s6915580_p304906530_c151506207&tr_mid=0&tr_et=400&tr_sync=true&tr_uid1=DC&t=2564499605&gdpr_consent=&gdpr=&gdpr_pd=
https://cm.g.doubleclick.net/pixel?google_nid=vivakide_dmp2&google_cm&v3=vi-828d9167-c3de-4c5b-9138-1944cd659bd9&adid=k25888486_s6915580_p304906530_c151506207&tr_aa=true&tr_ttd=true&tr_run=false&tr...
https://red.vtracy.de/tr_cm?v3=vi-828d9167-c3de-4c5b-9138-1944cd659bd9&adid=k25888486_s6915580_p304906530_c151506207&tr_aa=true&tr_ttd=true&tr_run=false&tr_adf=false&tr_timestamp=1626534439393&goog...
https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fred.vtracy.de%2Ftr_aa%3Fv3%3Dvi-828d9167-c3de-4c5b-9138-1944cd659bd9%26adid%3Dk25888486_s6915580_p304906530_c151506207%26userId%3D%25%...
https://red.vtracy.de/tr_aa?v3=vi-828d9167-c3de-4c5b-9138-1944cd659bd9&adid=k25888486_s6915580_p304906530_c151506207&userId=6985912221336336537&tr_timestamp=1626534439517&tr_run=false&tr_ttd=true
https://match.adsrvr.org/track/cmf/generic?ttd_pid=m82k10l&ttd_tpi=1&ttd_puid=vi-828d9167-c3de-4c5b-9138-1944cd659bd9
https://match.adsrvr.org/track/cmb/generic?ttd_pid=m82k10l&ttd_tpi=1&ttd_puid=vi-828d9167-c3de-4c5b-9138-1944cd659bd9
https://red.vtracy.de/tr_ttd.tr?&tdid=1b20b532-7052-4dd1-a14c-2783ab192fb9&ttd_puid=vi-828d9167-c3de-4c5b-9138-1944cd659bd9&ttd_puid=vi-828d9167-c3de-4c5b-9138-1944cd659bd9

49 B
421 B

9ms
8ms

Image
image/gif

18.156.48.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://red.vtracy.de/tr_ttd.tr?&tdid=1b20b532-7052-4dd1-a14c-2783ab192fb9&ttd_puid=vi-828d9167-c3de-4c5b-9138-1944cd659bd9&ttd_puid=vi-828d9167-c3de-4c5b-9138-1944cd659bd9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.156.48.56 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-48-56.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:19 GMT
Cache-Control: must-revalidate
Expires: Wed, 5 Feb 1986 06:06:06 GMT
Server: Apache
Connection: keep-alive
Content-Length: 49
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://red.vtracy.de/tr_ttd.tr?&tdid=1b20b532-7052-4dd1-a14c-2783ab192fb9&ttd_puid=vi-828d9167-c3de-4c5b-9138-1944cd659bd9&ttd_puid=vi-828d9167-c3de-4c5b-9138-1944cd659bd9
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 375

GET
H3-29 200 pixel
googleads.g.doubleclick.net/xbbe/ Frame 6A90 0
0 17ms
15ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMXn2QIQgofdrgIY0-aMrAEgATAB&v=APEucNUxnWx8XNCx29Md5-mZl7-oacW9pR8ni9NSV3Oz1LeZaeetrbRA1hLvt4lB5yHAeU49T2V8
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 6A90 43 B
181 B 8ms
6ms Image
image/gif 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 06:52:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
age: 29701
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Sun, 18 Jul 2021 06:52:18 GMT

GET
H/1.1 200
OK pixel.png
unified.adsafeprotected.com/ Frame 6A90 35 B
174 B 32ms
30ms Image
image/gif 34.253.15.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjoiU0VDT05EQVJZX0lNUFJFU1NJT04iLCJwdWJsaXNoZXJVdWlkIjoiYTVkYjAyYjAtMmI3OC00OWEzLTg0ZmYtMDA1NTlkNjk3Y2I5Iiwic2l0ZVV1aWQiOiJhZmRkZWY1ZC1jMjA0LTQwYTktYjRmYi05NjVhMTQ1ZDA2OTYiLCJiaWRSZXF1ZXN0Ijp7InNpdGUiOnsicGFnZSI6Imh0dHBzOi8vaW1hc2RrLmdvb2dsZWFwaXMuY29tLyJ9fSwiY3VzdG9tIjp7ImN1c3RvbTEiOiIiLCJjdXN0b20yIjoiNC4wIiwiY3VzdG9tMyI6IjQuMCIsImN1c3RvbTciOiI3Mjg0NjQiLCJjdXN0b204IjoiNTUwMTI1MjEiLCJ4c2lkIjoiNmVjZTBmZjUtNjBmMS00YzNkLTg2YTktNzE3YjRlZGFlNzg2In0sImhlYWRlcnMiOnsiaGVhZGVyMTEiOiJEQ00iLCJoZWFkZXIxMiI6ImFkLmRvdWJsZWNsaWNrLm5ldCIsImhlYWRlcjMiOiItMSIsImhlYWRlcjQiOiIyLDgiLCJoZWFkZXI1IjoiW0JVTkRMRUlEXSIsImhlYWRlcjgiOiJpYXNvIiwiaGVhZGVyOSI6IiJ9LCJjYiI6IjE2MjY1MzQ0MzgxNTQzOTAzMjYiLCJpYXNTaW5nbGV0YWciOnRydWUsImlhc1NpbmdsZXRhZ091dGNvbWUiOiJPVVRDT01FX01fX1ZQQUlEX19XRUJfUFhMIn0=&key1=ROKU_ADS_APP_ID&key2=$APP_STOREURL
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.15.48 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-15-48.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:19 GMT
Connection: keep-alive
Content-Length: 35
Vary: Origin
Content-Type: image/gif

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame 6A90
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/728464/55012522/skeleton.gif?xmtp=v&xmapp=0&xsId=6ece0ff5-60f1-4c3d-86a9-717b4edae786
https://static.adsafeprotected.com/skeleton.gif?xmtp=v&xmapp=0&xsId=6ece0ff5-60f1-4c3d-86a9-717b4edae786

43 B
258 B

31ms
31ms

Image
image/gif

3.250.250.79
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?xmtp=v&xmapp=0&xsId=6ece0ff5-60f1-4c3d-86a9-717b4edae786
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.250.250.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-250-250-79.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:19 GMT
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: nginx/1.16.1
age: 12583867
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-cache-status: HIT
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 43

Redirect headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
x-server-name: app11.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif?xmtp=v&xmapp=0&xsId=6ece0ff5-60f1-4c3d-86a9-717b4edae786
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 dc_oe=ChMItNCP-7Dq8QIViBHTCh18ZwezEAAYACCfmp9IQhMIpPr9-rDq8QIV4eO7CB2JiA7H;met=1;acvw=sv%3D900%26cb%3Dj%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26...
ade.googlesyndication.com/ddm/activity/ Frame 6A90 42 B
515 B 61ms
46ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMItNCP-7Dq8QIViBHTCh18ZwezEAAYACCfmp9IQhMIpPr9-rDq8QIV4eO7CB2JiA7H;met=1;acvw=sv%3D900%26cb%3Dj%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26vpaid%26dur%3D20010%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D3787%26femvt%3D0%26emc%3D5%26emuc%3D0%26emb%3D5,0,0,0,0%26avms%3Dexc%26qi%3D885958576%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1626534439320%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1626534438232;ecn1=1;etm1=0;eid1=200101;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 6A90 42 B
64 B 17ms
16ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssJMoJP21_XTM__nxGi-3hewgKUCuJozQQ2qHaBaPV6DRCszMfeDVvBJ3y-Qlex-rOd82w2mun4Bx-Atl25BIwRodJFtJpHF2hNNvkVuA2Yo-rg&sai=AMfl-YQqRge3wEPBZWvjjIy46OBAI8ccmGXYyXxefTmnHbOScTBHq67f5N9xJ7iiVjpS_C7uoGUN-nOfBgOsA8x-6AHczZaBTQlqeocHkrnaMAZ-Npbzk1-M0AKRp9M&sig=Cg0ArKJSzPNr9rN2RAhNEAE&cid=CAASEuRoT9mH5d6k9VC62sOZGyZ_EA&id=lidarv&acvw=sv%3D900%26cb%3Dj%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26vpaid%26dur%3D20010%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D275%26ic%3D274%26cs%3D274%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D3787%26femvt%3D0%26emc%3D5%26emuc%3D0%26emb%3D5,0,0,0,0%26avms%3Dexc%26qi%3D885958576%26psm%3D-2147483648%26psv%3D-2147483648%26psfv%3D-2147483648%26psa%3D0%26ptlt%3D1626534439320%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.04%26t%3D1626534438232&avm=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m
secure-gg.imrworldwide.com/cgi-bin/ Frame FBB3 0
265 B 114ms
38ms Image
text/plain 34.249.223.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gg.imrworldwide.com/cgi-bin/m?ca=nlsn283845&cr=crtve&ce=googledbm&pc=googledbm_plc0003&ci=nlsnci1614&am=3&at=view&rt=banner&st=image&gdpr=&gdpr_consent=&r=[timestamp]&C78=G1,DCM&uoo=0
Requested by: Host: blank
URL: about:blank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.223.127 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-223-127.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gg.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
content-length: 0
expires: Thu, 01 Dec 1994 16:00:00 GMT

POST
H/1.1 200
OK ai Show response
capi.connatix.com/tr/ Frame 06EC 2 B
327 B 104ms
103ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ai?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 37aa3970b6801c9d286464f7d86e50bf41c88e54c7b4d08f3ff61935b3f59c3c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:19 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 1_th.jpg
img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/ 7 KB
7 KB 6ms
6ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/60764267-557e-410f-85cb-f102d92ee134/616fe27a-4e51-4bf0-8812-ba742b98603f/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: fa62ab7470e4189b49540a2b0288f88bb294dc695f2b757f9d94f00de4ac3eee

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:19 GMT
age: 96248
etag: "p49+aK57aPAjr1JxMk1RL2BDKAHNnKRCW6KQKwxytJw"
access-control-max-age: 86400
fastly-io-info: ifsz=77907 idim=2560x1440 ifmt=jpeg ofsz=7460 odim=400x225 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 7460

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B57 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.3.471.1&bgai=B84H7JfLyYPSpO4ijzAb8zp2YCwAAAAA4AeAEAg&bg=!FRalFlLNAAZjFomlYxY7ACkAdvg8Wmo5BevzpEvST32OGI4ijcEQIlKG2WPz3clTLi5MQ5Q1UOHGWAIAAAHAUgAAAA1oAQcKAFOxGGda9jhLoaI4IhIUbkDh7_6GvuGcN3HTUJUhHnrCxQHXQ6-dcn2F63B6OLvA00SclLqxI_m8C_RcgAGCHQIx3nJnxZi5_gyo1NCj2kCbMmxcjZkClw9zJjvQc6VRBDJl9oTz9Ndd_FIDfD2tMwmSBl0GF1l2HRKu70II7YSOXmcVzeA2UknTOYK8Xprvt8CWZ8p9WVEXbF2OCUg5sJQxyL6oEEoGy5JIsLoU8rScPMP0ebAF1W8CvXwmRfqIs6cexCxuBzvMEKLTU4vEszIwz8tmM_NaqdDT4HCuUBWcHl7ehCNHMaqwUXxwMCL_FVCxPrzfEGY2sod8czKCDWQ1Do8ay4MWGkhuv-JQTUtgo3FL7BUyU0w1deZkAD_d1nILpkfZbRaX5tm8b8m0cyQSEuqlUBRmk6ti2s4dzuXmDzmQ0Gbh1qr0uATCsVJ5iIW-rgmua4N94re9gsclTgY8SMTGqeKHCAIgsyVovqSiu4w-_8Sy2pJMVw8a0T9Rqc20SPzVuULUxWFyefY_Zw8__3r8PNfwYKEFJFUFn6HSlNLa2HmmuHUKYJLaZnd1-HhlQcIIwsmcu57jO3UbV0m73kMRNb14g4npGx_czKECVgQf2WD_kSlIcQl2uxoLlEdyFsoWr7uRkdHkuo8LuSTtaCPJLoSiTQZiNyxxSWflYIb1smzo-GcNO2TV-IAPrbhOdoc0W_MlGiNI05UDhCO6lRB5bStR-yCDWTGNN1xo-sTCQ-0ZpP40xXG8f15_uSCDgrCGVA3ACn-0WEzCi8uckCpQCepRuXvC8LCve_a6Iu-A2xYznbyxdv2bsZ-n6Vq1s8PeuHvnsGndFa0j_4o3ZoReBt1JMM_sXq7k4IXhVb2Ry6ya-Ap3FbAJcbm1EJIyc4sd_7Z8VefJ30UFXdUH6xoqGDA3Wk-AqSB4Tmtlt7cTMyQZbQTTa5e24hKl9G1dNTItzYe4wD8stcQhKlgld37xQM4HRSQRS1Qk0g

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 06EC 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 17 Jul 2021 15:07:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame FC6A 25 KB
7 KB 182ms
181ms XHR
text/xml 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F107430338%2FCNXORTEST%2F6148&description_url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1511970746014112&cust_params=domains%3Dthreatpost.com&vad_type=linear&sdkv=h.3.471.1&osd=2&frm=1&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=3684048191&sdk_apis=2%2C8&sid=6FCD2755-0483-4449-B72B-32F7C82789D8&eid=44736270&top=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&loc=about%3Ablank&dlt=1626534432377&idt=2002&dt=1626534439771&cookie=ID%3D16a74c51b82b5e31%3AT%3D1626534437%3AS%3DALNI_MbpPj_7cdTbzR1M7XTikybCp0kOZQ&scor=1334913661007000&ged=ve4_td8_tt6_pd8_la8000_er1010.1249.1163.1549_vi0.0.1200.1600_vp100_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

24aade2676fdb029a60acf8e0baa4c90895213374833948e910d97860fbcf252

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6673
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame FC6A 20 KB
13 KB 52ms
38ms XHR
text/xml 142.250.110.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-AXUMCn5ihU-wUocca8qjnbvMSOg0749J3RL-wpcJNszbkBJkzN1z1ECRRusYgpRHrCyxSn1O1t7_yk7WlrcEguTqsitA&dbm_d=AKAmf-Ds0JW0nhDtSAbthNfdxF0-ptsl67E6o1FJkXO8lswkIBsFCagkSIYRE74aVI_lLdQf39pSOiyK-9S1Y1nH-xuP2vAz-eTQu2hcOxYe25eDIb7h1c35pxj2vBlOgT-9ZEFaKUl91IhVtu1ytHAvl30yr18GWo6KOrLG8MTOBwQ5GEdcj1Et1evnczk0LNaWmWiEJ4LrXqcR-iGNXU5xitFSMsLWmHb5fguDB0DWoh0dF-8mcxiktqblm9o_yOGpUadkL4OnKhrJtoquU_Celx2Lg8wlwf47jaMYSk3WaYSt6J41Kp5qKIPBIGiJZt5OVO-bv2Rlgl6NwCu_SSpWusj2VDmFMT5HjGr_SFLnx5uWnOlle1JQ4x7i69VkLVqZrvBYSapstFLnJdTabuI9fg4c7rj-0rfNBXJZigYyRFHwNxwEARqrdGMzuXham5ctTcNPveuOcQkG2vTcoe2oiIvvpvG4B6KkcSdWoUv7Qk6Az_lduENV1hDuGmhc3V0tC131932mwWZXcMBufwKhQ4Vg-610Yw7dxRbLQtmbF6_f-P36prPqj9Jnl3Bzg8Yyar1OhLNWPtI5mtHjlF1Hdg7w_rf1_RLdW15uGyrWUIMKe2bunWWDTOLJO70qAANnWjSUOxd7HXm9S66ima-qLGgfud8u7zIcqs5k4Slp_oVsB2Fwmh_v6kyuekswpmqjVW8ny-4QLd5Xzd_hD-5-wvrjN_h8Yf4h9_TJXIZ6eD5BxwqBwpxeoQnc6qS7TBugPFsXt68vn1Cmw5TmqZbmukEFXzcB8YjvIzQkYicuehAfqUamKPhxnzfpKjEFauf2nIaH3nZwaPD8mtBlOd8D3dg75OfwRqsQLBxnxOOc-AAl5sY_ZOzF9t2SE4EnUzTwFBQ5RHHs7SXKMZ6UFvvP3K0k8lz5oe0b715C2cAphJycijdLscYtp90irUw6MktFfdJsw8fyGaXdIrvN082J7LpBuiBdulg7RI1RDbHVy3_5k3Kqq8UQusjMGEyYJr1GMp3lvCIKWSVPmbr-WicAtQds1Xi2sGU9Rfp5_yFvTg8h-2x0Giftkf9rdPEbqda0mqwC5dMlCSjWEE28rVj8Ay2RU38HLslPuz3_uGMazEKdIbXdRE2kwCGuSfQ1Xqt2ebwZ1uIYYAGEkjfUrlJLQ0WSlxAPydcD9IRx8sCrRhxvjNFW0pNNySfePmbf59O0SMtOy_wiXEA-E8k_Q1gnLFBcj5_q1QQxxkM1zJPTYxJojCJdsxIjmSBWT3Epjj0L1CE1ONrmw3N3CfG3UcCmgNUUR5gkbJdpmKNFnM_SToVz6VOmjMv6O4JktuTFioKxdqagQpIDmc6HJnCqsaQPcLp6vsc-HYFa2qFp3CGJWPie0sGWq5xM3f-GJpzqgSuhwIzZZJwsLP1zG5b5DR0RfFyCOsmuimhDFZtg9aRslvSOyeV0Y1VwAo3-NGjuNCvFPtGPIa-nTw13eaiL_kFlYUVoP14aPzcct3payyYML3ynnKwMDCLlTYrZT7uMyg66QmfxmjlwsGwPxvIJI1-hPeaf0HoxHFj4cxruGUczxZj-doIVsBetlD9E8Pd89kBp8ye_FxQq8RiNfollraw1kx6YBJsZVvuV-uc8RfwjgwJOTvYGQuSSCersVq5YErY1woTR55zC_8q9RYjtsB596CjdA6yyWPa70wfKuoGu2th8DY-eT8bf0ucEC2uQXY6NozcnovC7WdaHvLFWw0mEFXib-zdv_kHYunjIquRvJ0Jk5mR64TGBxN9UFghatUixqx8ZsIPxcyHPQ8FGKGkVxaiSWVyUYOwsL3WWwfVpmpi8ZVPROgVmPw3NfqrEb6KdVBaRFEEFQT2PJTsL6S47G0fn9iL3xzc7RVurV9yFYIed4KJqpF_26TZ64JY9xsavfDXY2bTSh7Y43cTXXgxf46CWLIHK0rru2znPST78A-C8b5-3tJDOaEYg1Jac95nvWPPQL1gvQTQooPguIOMfNmXWwOSQXtGl__MBIfzqXuu3XlR1V1HG7J78p29egT_rH39HGgYmwpWXziJB5idGvSd6rUqoIYGDkVxAwSJnSzDDvUy2-4nC9gUBuAKA4knb7LnQdQNSzLE1iHQ37JhXnzRoESPZlTSm3Y3POlRJyxC6fi147oRo5yEsTU-uQGtvcFgU8l2JES0YY3vjijxL1IlnBf0H3kMGjzp_C1C-aXlXoGY2pA0yhAjip16cSmYYt4Y9OCN18y66YEndoKAQdn_36WtdsY13uC0e7LMY8ZiiYFOuyGxwlvieheI14_nqsgl7PNQKVKEplNgOGJeom_TWRnKSMzMZAHFmBiSR7OVboIvZlvTJ5S9y-gVIq4bHwNcqyvMM8QADz8IZUQaj7jyBVtMRm68kbEkqvfdWO-2DLNIEN4NJkdU_iRHbHJHX31LJbp74cd7cd3IOtTrvS9p5ogzXFU-jh_43OV2PCa_7YRHo1XqygtqnDaoZolgsbDlvM6okJqn05PvX062zkHHKu6BduxYsUKqOs7uMwEJ06RzibW_hm2_3tsj5VwHQ9HJYjV1Pv6UM3Pp_1nq4drn6HNyk7tojB_ut0gbLkx3Yt59jIu9lxPXmGr3BNVkRJoel4wqWEq0slPV_ECJcBiuSps31AC_w_ER-Xru_guutwYb47qNmNmEFk7zHKie9qs92kdt4oUSkvFYvhad_-l2D3dJ1cWlo_Edte0BVhf_geIiWClGZUMGdOzslfaD36HQe9H5EIpahPkUHTDSq_EqiYDZid0393bQW37Su6_P_hZVM43XeKthp1w7-XOjDKKQ6X4whJpCizd4KKCavfKdjOLV7464M6tFdIBXZ2iteu2zDVyrIaNQ4wjAex0tfB7v11VROCUCp71pWXsIcz2gi77OxE_TBG4JQ08Ztfm8KLzvITTCfSioCidSywOriKmUN2QRL7b0BFryfIrJ7nGX2WZmVp2X8aiO9NtGHzk1cmGV79yLFoKpFLMPoYySsWFe8qWTvOtVwXcGw8XtN4zHGxzg9fYMkqro2pHmoQvtQ8uBwkohdXJd_bxaDp1eWuPQN_olk&cid=CAASEuRogOGsek6gHcmsycmn3GNNqQ&sdkv=h.3.471.1&osd=2&frm=1&vis=1&sdr=1&is_amp=0&hl=en&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&sdki=44d&adk=3684048191&sdk_apis=2%2C8&sid=6FCD2755-0483-4449-B72B-32F7C82789D8&eid=44736270&top=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&loc=about%3Ablank&dlt=1626534432377&idt=2002&dt=1626534439965&ged=ve4_td8_tt6_pd8_la8000_er1010.1249.1163.1549_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.110.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53c8c3a952a872f6b8375d5363997aae15d849cff5a3e086d2b8074dd1d1ad37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12787
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 55012521 Show response
unified.adsafeprotected.com/v2/728464/ Frame FC6A 21 KB
4 KB 55ms
55ms XHR
text/xml 34.253.15.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unified.adsafeprotected.com/v2/728464/55012521?mon=55012522&omidPartner=-1&apiframeworks=2,8&bundleId=[BUNDLEID]&originalVast=https://ad.doubleclick.net/ddm/pfadx/N105603.2093103DBM/B25888486.304906530%3Bsz%3D0x0%3Bkw%3D51375491%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.3.471.1%3Bdc_osd%3D2%3Bdc_frm%3D1%3Bdc_adk%3D3684048191%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/%3Bdc_vast%3D4%3Bdc_ves%3DdGltZXN0YW1wOiAxNjI2NTM0NDQwMDA0Cg%3Bdc_cid%3D151506207%3Bdc_adid%3D497841493%3Bdc_vpaid%3D0%3B
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.15.48 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-15-48.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 42cb4521d16916f351c353568ff388c3527541d7c78f6f2e78461b946c187a36

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:20 GMT
Content-Encoding: gzip
Vary: Origin
Content-Type: text/xml; charset=UTF-8
Access-Control-Allow-Origin: https://imasdk.googleapis.com
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 4101

POST
H2 204 csi
csi.gstatic.com/ Frame FC6A 0
54 B 685ms
384ms Ping
image/gif 2404:6800:4006:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kr7wlttq&c=2203625467151&slotId=1101812733575.5&qqid=CJai__uw6vECFZzEuwgdaOYMXw&gqid=J_LyYIfbL7rH7_UPr6iKoAo&fb=ima_html5-lima&sdkv=h.3.471.1&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&wta=1&ghmsh_eids=44736270&vmfc=19&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.471.1_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4006:810::2003 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:20 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame FC6A 42 B
64 B 18ms
18ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CBFLCJ_LyYNbyMJyJ7_UP6Myz-AWdsaSoY9mIjIKRDomF9cipJRABINKW5jhglYKAgLAHyAEFqQJUzvh2M86zPqgDAcgDE5gEAKoE4gFP0M9ZaSwozbWlvJGuG3gyyWzfDvK2qOBfyntpxyEXga-n6H5UEDEIlhRDSpgaGXZC-_DjrOQA6JpyXCGS3S_H853tK4lts4WEmM6LQ5du0UboODOmHY7tmokSIDpl-Y4XKWqcnYK-C5JZw1iWakfIR581T8tzfsQ2bdMQNLMpwnpeDnpM0eh2RQoXc3-oYtMjRSMR81I2n7Z0NBOPKj4EHZAJhSrLutTDJ8n2BURrUSwo4VOco_kqTKbqo7JgiSvik5Wp4XB8PzKOagrDpVBR5NAIohM1eyQOVu9uojw8W73CwATrycX2xwPgBAOQBgGgBk6AB9WEua4CqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDmAsByAsBgAwBsBPz19cL0BMA2BMDiBQF2BQB0BUBgBcB&sigh=S8NrmwWrJnw&label=video_ad_loaded&acvw=[VIEWABILITY]&sdkv=h.3.471.1&vci=[CREATIVE_PLAYBACK]

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 loader.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 6EAF 52 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/loader.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9b86fb3ddf4db048fcdb86ae7b80be5565a239669b67652a8ae1398e487edbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 14:56:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 21:02:50 GMT
server: sffe
age: 656
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18950
x-xss-protection: 0
expires: Sat, 17 Jul 2021 15:11:24 GMT

GET
H2 200 vpaid.2021.02.11-11.02-19676e0.js Show response
static.adsafeprotected.com/ias/v1/ Frame 6EAF 176 KB
42 KB 32ms
32ms Script
application/javascript 3.250.250.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/ias/v1/vpaid.2021.02.11-11.02-19676e0.js
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.250.250.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-250-250-79.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 40ca98c145bf27de21e87e43748da8e926d8986e851f3e6747cafc4da373bca2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:20 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 16:29:40 GMT
server: nginx/1.16.1
age: 15649
etag: W/"14bdef8489e0d98a23c89039d178011f"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/db2/video/728464/55012521/ 40 B
382 B 33ms
32ms XHR
application/javascript 34.246.26.134
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/db2/video/728464/55012521/skeleton.js?videoId=e3121fe5d147a2768bcfd9885810b87c&adsafe_url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&adsafe_type=abdq&adsafe_jsinfo=br:u
Requested by: Host: static.adsafeprotected.com
URL: https://static.adsafeprotected.com/ias/v1/vpaid.2021.02.11-11.02-19676e0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.26.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-26-134.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2d853d5c205e6bc73c9928255af1ea931f948c6f46f607eeef92935f37f72f5a

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:20 GMT
content-encoding: gzip
x-server-name: app13.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: X-Server-Name
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/fwjsvid/st/728464/55012521/ 223 KB
74 KB 46ms
45ms Script
application/javascript 34.246.26.134
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/fwjsvid/st/728464/55012521/skeleton.js?videoId=e3121fe5d147a2768bcfd9885810b87c&apiframeworks=2,8&bundleId=[BUNDLEID]&mon=55012522&omidPartner=-1&xmapp=0&xmtp=v&xsId=ed59679c-eb8a-44e4-a0c4-d02131028bd0&adsafe_par=&logTestResults=false
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.26.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-26-134.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 27b705297955597e3b4e3bc99ae77f8a13bf03eb18fcb9b00d21023ec07537c0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:20 GMT
content-encoding: gzip
x-server-name: app23.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1

206
Partial Content

file.mp4
r2---sn-4g5e6nsk.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m...
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sig...
https://r2---sn-4g5e6nsk.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,i...

103 KB
0

29ms
7ms

Media
video/mp4

2a00:1450:4001:62::7
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5e6nsk.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0D7192B1684D8D4CEAA8750B924C86585DBC08E9.79810FF2B6BE295C8FC37C5F4C3DF3D82DF190E1/key/cms1/cms_redirect/yes/mh/pk/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nsk/ms/onc/mt/1626534283/mv/m/mvi/2/pl/52/file/file.mp4

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:62::7 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 20 May 2021 12:43:07 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-1439955/1439956
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1439956
Expires: Sat, 17 Jul 2021 15:07:20 GMT

Redirect headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:20 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r2---sn-4g5e6nsk.c.2mdn.net/videoplayback/id/59948e8f9274e9b7/itag/342/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3765962588/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0D7192B1684D8D4CEAA8750B924C86585DBC08E9.79810FF2B6BE295C8FC37C5F4C3DF3D82DF190E1/key/cms1/cms_redirect/yes/mh/pk/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nsk/ms/onc/mt/1626534283/mv/m/mvi/2/pl/52/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 652
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/db2/video/728464/55012521/ 92 B
315 B 33ms
32ms Script
application/javascript 34.246.26.134
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/db2/video/728464/55012521/skeleton.js?ias_callback=__IntegralAS_65c93a78b3dc0846d5b39a5735cccc87_4894&videoId=e3121fe5d147a2768bcfd9885810b87c&apiframeworks=2,8&bundleId=[BUNDLEID]&mon=55012522&omidPartner=-1&xmapp=0&xmtp=v&xsId=ed59679c-eb8a-44e4-a0c4-d02131028bd0&adsafe_par=&logTestResults=false&adsafe_url=https%3A%2F%2Fthreatpost.com%2Flinux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers%2F167883%2F&adsafe_type=abdq&adsafe_url=https%3A%2F%2Fthreatpost.com%2F&adsafe_type=f&adsafe_jsinfo=,id:65c93a78-b3dc-0846-d5b3-9a5735cccc87,c:iDP4xi,sl:outOfView,em:false,fr:true,mn:app23ie,pt:2-5-15,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:v,br:u,abv:na,an:n,oam:0,vc:jv3,scm:publ2,nbld:0,mtim:3,fm:sDqYKzg+1*.728464-55012521%7C11%7C12%7C13%7C14%7C15%7C161%7C17%7C181%7C191%7C192%7C1a1%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g,idMap:1*,pl:,rmeas:1,rend:1,renddet:env,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,tt:fwjsvid,thd:1,et:23,oid:aebae9f0-e710-11eb-b453-0ad2739237b2,v:19.8.217,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.26.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-26-134.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ea735b046d315558426ae2710a8850ad4241c7fd1f4859b2684d4cc874a98b1e

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:20 GMT
content-encoding: gzip
x-server-name: app04.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: application/javascript;charset=utf-8
server: nginx

GET
H2 200 sca.17.5.8.js Show response
static.adsafeprotected.com/ Frame 93E1 81 KB
21 KB 32ms
32ms Script
application/javascript 3.250.250.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.8.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/linux-variant-of-hellokitty-ransomware-targets-vmware-esxi-servers/167883/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.250.250.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-250-250-79.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 5741be6b72688b3214f976204cfc20318cad398025dd67f3899de16e52d09f3c

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 15:07:20 GMT
content-encoding: gzip
last-modified: Tue, 06 Jul 2021 16:56:51 GMT
server: nginx/1.16.1
etag: W/"d3a5eb4641ef598834c5a5da80f41ea3"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 93ms
93ms Image
image/gif 35.169.133.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=728464&asId=65c93a78-b3dc-0846-d5b3-9a5735cccc87&tv=%7Bc:iDP4yp,time:91,type:e,env:%7Bgca:false,cca:true%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:91,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:v,bkn:%7Bpiv:%5B85~100%5D,as:%5B85~400.225%5D%7D%7D%5D,slEventCount:1,em:false,fr:true,e:O,tt:fwjsvid,dtt:0,fm:sDqYKc6+1*.728464-55012521%7C11%7C12%7C13%7C14%7C15%7C161%7C17%7C181%7C191%7C192%7C1a1%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g,idMap:1*,rmeas:1,rend:1,renddet:env%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.133.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-133-103.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:20 GMT
x-server-name: dt45.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

POST
H/1.1 200
OK st Show response
capi.connatix.com/tr/ Frame 06EC 0
295 B 103ms
103ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/st?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:20 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 94ms
94ms Image
image/gif 35.169.133.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=728464&asId=65c93a78-b3dc-0846-d5b3-9a5735cccc87&tv=%7Bc:iDP4Mc,pingTime:-10,time:946,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.5.8v220002022000220000022002222000022220200000222200222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222222220022202200022002220222202,sd:MTcuNS44djEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNS44dk1vemlsbGF8fE5ldHNjYXBlfHxufHwxNnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fC0xMjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,asp:1626534439254%7C%7C99910c4a8929c77e1187ac2b4bed23f9%7C%7Cf34e96995ddf3ff5eb1bfde138cfe29c%7C%7C946e4be0de5d9643b515edc2641f585d%7C%7C2dd8ebeec7a3537589b22d4300c4b546%7C%7Cf02ce63d4dbc5c073a20bac8481e7ac0%7C%7Ccf90794fbb9f7b755e689cf0b99ba8e0%7C%7Cdbc6a715b1730fda8a816d6cbf5721ea%7C%7C1625590601,ch:n,sca:%7Bspg:6a7bf1ef-8110-cd83-9a64-2e67f7d1e037%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.133.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-133-103.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:21 GMT
x-server-name: dt22.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dc_oe=ChMItNCP-7Dq8QIViBHTCh18ZwezEAAYACCfmp9IQhMIpPr9-rDq8QIV4eO7CB2JiA7H;met=1;acvw=sv%3D900%26cb%3Dj%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D2014,0,0,0,0%26mtos%3D2014,2014,...
ade.googlesyndication.com/ddm/activity/ Frame 6A90 42 B
107 B 42ms
42ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMItNCP-7Dq8QIViBHTCh18ZwezEAAYACCfmp9IQhMIpPr9-rDq8QIV4eO7CB2JiA7H;met=1;acvw=sv%3D900%26cb%3Dj%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D2014,0,0,0,0%26mtos%3D2014,2014,2014,2014,2014%26amtos%3D0,0,0,0,0%26mcvt%3D2014%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2014%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1607%26pst%3D204%26vpaid%26dur%3D20010%26vmtime%3D1461%26dtos%3D2014%26dtoss%3D1%26dvs%3D2014%26dfvs%3D2014%26dvpt%3D2014%26is%3D275%26i0%3D275%26ic%3D16777217%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D3787%26femvt%3D0%26emc%3D16%26emuc%3D0%26emb%3D16,0,0,0,0%26avms%3Dexc%26qi%3D885958576%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D-2147483645%26psa%3D0%26ptlt%3D1626534441333%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2014;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1626534438232;ecn1=1;etm1=0;eid1=200000;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 6A90 42 B
113 B 18ms
18ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssJMoJP21_XTM__nxGi-3hewgKUCuJozQQ2qHaBaPV6DRCszMfeDVvBJ3y-Qlex-rOd82w2mun4Bx-Atl25BIwRodJFtJpHF2hNNvkVuA2Yo-rg&sai=AMfl-YQqRge3wEPBZWvjjIy46OBAI8ccmGXYyXxefTmnHbOScTBHq67f5N9xJ7iiVjpS_C7uoGUN-nOfBgOsA8x-6AHczZaBTQlqeocHkrnaMAZ-Npbzk1-M0AKRp9M&sig=Cg0ArKJSzPNr9rN2RAhNEAE&cid=CAASEuRoT9mH5d6k9VC62sOZGyZ_EA&id=lidarv&acvw=sv%3D900%26cb%3Dj%26e%3D9%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D2014,0,0,0,0%26mtos%3D2014,2014,2014,2014,2014%26amtos%3D0,0,0,0,0%26mcvt%3D2014%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2014%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1607%26pst%3D204%26vpaid%26dur%3D20010%26vmtime%3D1461%26dtos%3D2014%26dtoss%3D1%26dvs%3D2014%26dfvs%3D2014%26dvpt%3D2014%26is%3D275%26i0%3D275%26ic%3D16777217%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26lte%3D1%26ces%26femt%3D3787%26femvt%3D0%26emc%3D16%26emuc%3D0%26emb%3D16,0,0,0,0%26avms%3Dexc%26qi%3D885958576%26psm%3D-2147483645%26psv%3D-2147483645%26psfv%3D-2147483645%26psa%3D0%26ptlt%3D1626534441333%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2014&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1626534438232

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK av Show response
capi.connatix.com/tr/ Frame 06EC 0
295 B 103ms
103ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/av?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:21 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 94ms
93ms Image
image/gif 35.169.133.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=728464&asId=6a7bf1ef-8110-cd83-9a64-2e67f7d1e037&tv=%7Bc:iDP4Rd,pingTime:2,time:2693,type:p,clog:%5B%7Bpiv:100,vs:o,r:v,w:400,h:225,t:33%7D,%7Bvs:i,r:,t:508%7D%5D,ve:%7BvEventCount:8,vEvents:%5B%7Bt:-51,tp:adLoaded,sl:o,ad_duration:20,width:400,height:225,volume:0%7D,%7Bt:-35,tp:adStarted,sl:o,ad_duration:20,width:400,height:225,volume:0%7D,%7Bt:164,tp:adDurationChange,sl:o,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:497,tp:adImpression,sl:o,ad_duration:20.010667,width:400,height:225,volume:0,integral_timeToDecision:306,integral_didBlock:false,viewMode:normal,x_vv:3.7.0,x_vanstag:fw,x_xpc:iaso%7D,%7Bt:496,tp:adVideoStart,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:497,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:1665,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:2665,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:2185,o:508,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:32,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:v,bkn:%7Bpiv:%5B500~100%5D,as:%5B500~400.225%5D%7D%7D,%7Bsl:i,t:508,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B2185~100%5D,as:%5B2185~400.225%5D%7D%7D%5D,slEventCount:2,em:false,fr:true,e:O,tt:fwjsvid,dtt:224,fm:sDqYKc6+1*.728464-55012521%7C11%7C12%7C13%7C14%7C15%7C161%7C17%7C181%7C19%7C1a1%7C1b%7C1c%7C1d%7C1e,idMap:1*,rmeas:1,rend:1,renddet:env%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.133.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-133-103.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:21 GMT
x-server-name: dt42.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 94ms
94ms Image
image/gif 35.169.133.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=728464&asId=6a7bf1ef-8110-cd83-9a64-2e67f7d1e037&tv=%7Bc:iDP4Re,pingTime:2,time:2694,type:pf,clog:%5B%7Bpiv:100,vs:o,r:v,w:400,h:225,t:33%7D,%7Bvs:i,r:,t:508%7D%5D,ve:%7BvEventCount:8,vEvents:%5B%7Bt:-51,tp:adLoaded,sl:o,ad_duration:20,width:400,height:225,volume:0%7D,%7Bt:-35,tp:adStarted,sl:o,ad_duration:20,width:400,height:225,volume:0%7D,%7Bt:164,tp:adDurationChange,sl:o,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:497,tp:adImpression,sl:o,ad_duration:20.010667,width:400,height:225,volume:0,integral_timeToDecision:306,integral_didBlock:false,viewMode:normal,x_vv:3.7.0,x_vanstag:fw,x_xpc:iaso%7D,%7Bt:496,tp:adVideoStart,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:497,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:1665,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:2665,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:2186,o:508,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:32,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:v,bkn:%7Bpiv:%5B500~100%5D,as:%5B500~400.225%5D%7D%7D,%7Bsl:i,t:508,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B2186~100%5D,as:%5B2186~400.225%5D%7D%7D%5D,slEventCount:2,em:false,fr:true,e:O,tt:fwjsvid,dtt:224,fm:sDqYKc6+1*.728464-55012521%7C11%7C12%7C13%7C14%7C15%7C161%7C17%7C181%7C19%7C1a1%7C1b%7C1c%7C1d%7C1e,idMap:1*,rmeas:1,rend:1,renddet:env%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.133.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-133-103.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:21 GMT
x-server-name: dt31.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 96ms
96ms Image
image/gif 35.169.133.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=728464&asId=6a7bf1ef-8110-cd83-9a64-2e67f7d1e037&tv=%7Bc:iDP4Rf,pingTime:2,time:2695,type:c,clog:%5B%7Bpiv:100,vs:o,r:v,w:400,h:225,t:33%7D,%7Bvs:i,r:,t:508%7D%5D,ve:%7BvEventCount:8,vEvents:%5B%7Bt:-51,tp:adLoaded,sl:o,ad_duration:20,width:400,height:225,volume:0%7D,%7Bt:-35,tp:adStarted,sl:o,ad_duration:20,width:400,height:225,volume:0%7D,%7Bt:164,tp:adDurationChange,sl:o,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:497,tp:adImpression,sl:o,ad_duration:20.010667,width:400,height:225,volume:0,integral_timeToDecision:306,integral_didBlock:false,viewMode:normal,x_vv:3.7.0,x_vanstag:fw,x_xpc:iaso%7D,%7Bt:496,tp:adVideoStart,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:497,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:1665,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:2665,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:2187,o:508,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:32,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:v,bkn:%7Bpiv:%5B500~100%5D,as:%5B500~400.225%5D%7D%7D,%7Bsl:i,t:508,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B2187~100%5D,as:%5B2187~400.225%5D%7D%7D%5D,slEventCount:2,em:false,fr:true,e:O,tt:fwjsvid,dtt:224,fm:sDqYKc6+1*.728464-55012521%7C11%7C12%7C13%7C14%7C15%7C161%7C17%7C181%7C19%7C1a1%7C1b%7C1c%7C1d%7C1e,idMap:1*,rmeas:1,rend:1,renddet:env,metricId:publ2,cmr:t%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.133.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-133-103.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:21 GMT
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

POST
H/1.1 200
OK abt Show response
capi.connatix.com/tr/ Frame 06EC 0
295 B 103ms
103ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/abt?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:23 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H/1.1 200
OK pixel.png
unified.adsafeprotected.com/ Frame 9E5F 35 B
174 B 29ms
29ms Image
image/gif 34.253.15.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://unified.adsafeprotected.com/pixel.png?eyJ0eXBlIjo0MDMsInNpdGVfdXVpZCI6ImFmZGRlZjVkLWMyMDQtNDBhOS1iNGZiLTk2NWExNDVkMDY5NiIsImJpZF9yZXF1ZXN0Ijp7InNpdGUiOnsicGFnZSI6Imh0dHBzOi8vdGhyZWF0cG9zdC5jb20vbGludXgtdmFyaWFudC1vZi1oZWxsb2tpdHR5LXJhbnNvbXdhcmUtdGFyZ2V0cy12bXdhcmUtZXN4aS1zZXJ2ZXJzLzE2Nzg4My8ifX0sImNiIjoxNjI2NTM0NDQ0MjA1LCJpYXNfc2luZ2xldGFnIjp0cnVlLCJpYXNfc2luZ2xldGFnX291dGNvbWUiOjE5LCJoZWFkZXJzIjp7ImhlYWRlcjgiOiJpYXNvIn0sImN1c3RvbSI6eyJjdXN0b203IjoiNzI4NDY0IiwiY3VzdG9tOCI6IjU1MDEyNTIxIiwiY3VzdG9tMTEiOiIyMDIxLjAyLjExLTExLjAyLTE5Njc2ZTAiLCJ4c2lkIjoiNmVjZTBmZjUtNjBmMS00YzNkLTg2YTktNzE3YjRlZGFlNzg2In19
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.15.48 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-15-48.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 17 Jul 2021 15:07:24 GMT
Connection: keep-alive
Content-Length: 35
Vary: Origin
Content-Type: image/gif

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 96ms
95ms Image
image/gif 35.169.133.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=728464&asId=6a7bf1ef-8110-cd83-9a64-2e67f7d1e037&tv=%7Bc:iDP5z7,pingTime:-4,time:5415,type:m,clog:%5B%7Bpiv:100,vs:o,r:v,w:400,h:225,t:33%7D,%7Bvs:i,r:,t:508%7D%5D,ve:%7BvEventCount:11,vEvents:%5B%7Bt:-51,tp:adLoaded,sl:o,ad_duration:20,width:400,height:225,volume:0%7D,%7Bt:-35,tp:adStarted,sl:o,ad_duration:20,width:400,height:225,volume:0%7D,%7Bt:164,tp:adDurationChange,sl:o,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:497,tp:adImpression,sl:o,ad_duration:20.010667,width:400,height:225,volume:0,integral_timeToDecision:306,integral_didBlock:false,viewMode:normal,x_vv:3.7.0,x_vanstag:fw,x_xpc:iaso%7D,%7Bt:496,tp:adVideoStart,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:497,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:1665,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:2665,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:3915,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:5165,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:5415,tp:adVideoFirstQuartile,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:4907,o:508,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:32,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:v,bkn:%7Bpiv:%5B500~100%5D,as:%5B500~400.225%5D%7D%7D,%7Bsl:i,t:508,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B4907~100%5D,as:%5B4907~400.225%5D%7D%7D%5D,slEventCount:2,em:false,fr:true,e:O,tt:fwjsvid,dtt:100,fm:sDqYKc6+1*.728464-55012521%7C11%7C12%7C13%7C14%7C15%7C161%7C17%7C181%7C19%7C1a1%7C1b%7C1c%7C1d%7C1e,idMap:1*,rmeas:1,rend:1,renddet:env%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.133.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-133-103.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:24 GMT
x-server-name: dt17.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3-29 200 dc_oe=ChMItNCP-7Dq8QIViBHTCh18ZwezEAAYACCfmp9IQhMIpPr9-rDq8QIV4eO7CB2JiA7H;met=1;acvw=sv%3D900%26cb%3Dj%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D4890,0,0,0,0%26mtos%3D4890,4890,...
ade.googlesyndication.com/ddm/activity/ Frame 6A90 42 B
63 B 59ms
45ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMItNCP-7Dq8QIViBHTCh18ZwezEAAYACCfmp9IQhMIpPr9-rDq8QIV4eO7CB2JiA7H;met=1;acvw=sv%3D900%26cb%3Dj%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D4890,0,0,0,0%26mtos%3D4890,4890,4890,4890,4890%26amtos%3D0,0,0,0,0%26mcvt%3D4890%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D4890%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D3877%26pst%3D204%26vpaid%26dur%3D20010%26vmtime%3D4961%26dtos%3D2876%26dtoss%3D2%26dvs%3D2876%26dfvs%3D2876%26dvpt%3D2876%26is%3D275%26i0%3D275%26i1%3D275%26ic%3D0%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D4890,4890,4890,4890,4890%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D3787%26femvt%3D0%26emc%3D30%26emuc%3D0%26emb%3D30,0,0,0,0%26avms%3Dexc%26qi%3D885958576%26psm%3D-2147483617%26psv%3D-2147483617%26psfv%3D-2147483617%26psa%3D0%26ptlt%3D1626534444209%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,4890;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1626534438232;ecn1=1;etm1=0;eid1=960584;

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 6A90 42 B
210 B 17ms
16ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CeIavJfLyYOTTKeHH7_UPiZG6uAydsaSoY9mIjIKRDomF9cipJRABINKW5jhglYKAgLAHyAEFqQJUzvh2M86zPqgDAcgDE5gEAKoE4gFP0KMF-W1ZW9B_RlL7pq-wq42mu8Fmc6XshWQRdEK0-ZH4pEqMqYcwzNN61l-CY80DHwB0T-Twt0lnWI8-hWTB3ukBu5fMKd1dfa8PDRkwqXrHJwXUdqpn--lZdK6MqrLipZejmS1RLgPwr_8zRb18AzEehmYHkuTybFEL9P7zysytQUhG7sWQKLriTCAQwEW1xE6EJNGLio4ItKyGFQU_lLS138k08qW0lQGa7e8FYGVbVu-wbyvz0JQJbDWn8voX_QH7iP1a6oN8bBYzesStduhL1dXXBluC_7U59CtNquYFwATrycX2xwPgBAOQBgGgBk6AB9WEua4CqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgb2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xMzU2NjMyODYyMzU0NDg2gAoDmAsByAsBgAwBsBPz19cL0BMA2BMDiBQF2BQB0BUBgBcB&sigh=6T6hxsIisUE&label=videoplaytime25&ad_mt=5173&acvw=sv%3D900%26cb%3Dj%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D974,1199,1199,1599%26tos%3D4890,0,0,0,0%26mtos%3D4890,4890,4890,4890,4890%26amtos%3D0,0,0,0,0%26mcvt%3D4890%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D4890%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D3877%26pst%3D204%26vpaid%26dur%3D20010%26vmtime%3D4961%26dtos%3D2876%26dtoss%3D2%26dvs%3D2876%26dfvs%3D2876%26dvpt%3D2876%26is%3D275%26i0%3D275%26i1%3D275%26ic%3D0%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D1%26mv%3D0%26nv%3D0%26qmt%3D4890,4890,4890,4890,4890%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D1%26ces%26femt%3D3787%26femvt%3D0%26emc%3D30%26emuc%3D0%26emb%3D30,0,0,0,0%26avms%3Dexc%26qi%3D885958576%26psm%3D-2147483617%26psv%3D-2147483617%26psfv%3D-2147483617%26psa%3D0%26ptlt%3D1626534444209%26pngs%3D9s,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,4890&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.04%26t%3D1626534438232&sdkv=h.3.471.1&vci=CjwIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgtBZFNlbnNlL0FkWCAEKgw1MjQ5MjY4Mjk5MTRAlAIKOAgCEhViaWQuZy5kb3VibGVjbGljay5uZXQaA0RCTSAEKgk0OTc4NDE0OTMyCTE1MTUwNjIwN0BPCmQIARIbdW5pZmllZC5hZHNhZmVwcm90ZWN0ZWQuY29tGgNEQ00gBCoJNDk3ODQxNDkzMgkxNTE1MDYyMDdAngFSIxAEJdkVoEEoAToLMTUxNTA2MjA3LTFCBEdEQ01ImgRQAGABGAE.

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK aq Show response
capi.connatix.com/tr/ Frame 06EC 0
295 B 103ms
103ms XHR
multipart/form-data 3.142.110.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/aq?v=123972
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.110.20 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-110-20.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Sat, 17 Jul 2021 15:07:24 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 95ms
94ms Image
image/gif 35.169.133.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=728464&asId=6a7bf1ef-8110-cd83-9a64-2e67f7d1e037&tv=%7Bc:iDP5DA,pingTime:5,time:5692,type:p,clog:%5B%7Bpiv:100,vs:o,r:v,w:400,h:225,t:33%7D,%7Bvs:i,r:,t:508%7D%5D,ve:%7BvEventCount:11,vEvents:%5B%7Bt:-51,tp:adLoaded,sl:o,ad_duration:20,width:400,height:225,volume:0%7D,%7Bt:-35,tp:adStarted,sl:o,ad_duration:20,width:400,height:225,volume:0%7D,%7Bt:164,tp:adDurationChange,sl:o,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:497,tp:adImpression,sl:o,ad_duration:20.010667,width:400,height:225,volume:0,integral_timeToDecision:306,integral_didBlock:false,viewMode:normal,x_vv:3.7.0,x_vanstag:fw,x_xpc:iaso%7D,%7Bt:496,tp:adVideoStart,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:497,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:1665,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:2665,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:3915,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:5165,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:5415,tp:adVideoFirstQuartile,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:5184,o:508,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:32,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:v,bkn:%7Bpiv:%5B500~100%5D,as:%5B500~400.225%5D%7D%7D,%7Bsl:i,t:508,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5185~100%5D,as:%5B5185~400.225%5D%7D%7D%5D,slEventCount:2,em:false,fr:true,e:O,tt:fwjsvid,dtt:100,fm:sDqYKc6+1*.728464-55012521%7C11%7C12%7C13%7C14%7C15%7C161%7C17%7C181%7C19%7C1a1%7C1b%7C1c%7C1d%7C1e,idMap:1*,rmeas:1,rend:1,renddet:env%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.133.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-133-103.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:24 GMT
x-server-name: dt31.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 94ms
94ms Image
image/gif 35.169.133.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=728464&asId=6a7bf1ef-8110-cd83-9a64-2e67f7d1e037&tv=%7Bc:iDP5DC,pingTime:5,time:5694,type:pf,clog:%5B%7Bpiv:100,vs:o,r:v,w:400,h:225,t:33%7D,%7Bvs:i,r:,t:508%7D%5D,ve:%7BvEventCount:11,vEvents:%5B%7Bt:-51,tp:adLoaded,sl:o,ad_duration:20,width:400,height:225,volume:0%7D,%7Bt:-35,tp:adStarted,sl:o,ad_duration:20,width:400,height:225,volume:0%7D,%7Bt:164,tp:adDurationChange,sl:o,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:497,tp:adImpression,sl:o,ad_duration:20.010667,width:400,height:225,volume:0,integral_timeToDecision:306,integral_didBlock:false,viewMode:normal,x_vv:3.7.0,x_vanstag:fw,x_xpc:iaso%7D,%7Bt:496,tp:adVideoStart,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:497,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:1665,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:2665,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:3915,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:5165,tp:adRemainingTimeChange,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D,%7Bt:5415,tp:adVideoFirstQuartile,sl:i,ad_duration:20.010667,width:400,height:225,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:5186,o:508,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:32,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:v,bkn:%7Bpiv:%5B500~100%5D,as:%5B500~400.225%5D%7D%7D,%7Bsl:i,t:508,wc:0.0.1600.1200,ac:1199.974.400.225,am:v,cc:1199.974.400.225,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5186~100%5D,as:%5B5186~400.225%5D%7D%7D%5D,slEventCount:2,em:false,fr:true,e:O,tt:fwjsvid,dtt:100,fm:sDqYKc6+1*.728464-55012521%7C11%7C12%7C13%7C14%7C15%7C161%7C17%7C181%7C19%7C1a1%7C1b%7C1c%7C1d%7C1e,idMap:1*,rmeas:1,rend:1,renddet:env%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.133.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-133-103.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jul 2021 15:07:24 GMT
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: quantcount.com
URL: https://quantcount.com/log/error?msg=%5BUSPAPI%5D%20unsuccessful:%20TypeError:%20Cannot%20read%20property%20%27getItem%27%20of%20null

Verdicts & Comments Add Verdict or Comment

304 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.twitter.com/	1970-01-20 13:20:06	Name: personalization_id Value: "v1_EJOMapOOB2MjQHNs274oIA=="
.threatpost.com/	1970-01-19 19:48:54	Name: _gat_UA-35676203-21 Value: 1
.threatpost.com/	1970-01-19 19:50:20	Name: _gid Value: GA1.2.167293688.1626534433
.threatpost.com/	1970-01-20 13:20:06	Name: _ga Value: GA1.2.1093366451.1626534433

613 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 403) Message: gBrowserWidth =1600
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 428) Message: OpenX Slot defined for /21707124336/ThreatPost-970x250-ATF div-gpt-ad-6794670-2
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 428) Message: OpenX Slot defined for /21707124336/ThreatPost-300x250-ATF div-gpt-ad-6794670-3
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 428) Message: OpenX Slot defined for /21707124336/ThreatPost-300x600-ATF div-gpt-ad-6794670-5
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 428) Message: OpenX Slot defined for /21707124336/ThreatPost-2x2-Skin div-gpt-ad-6794670-1
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: %cCMP: Startup v308 color: #555599
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: uspapi: uspapi_init() - v0.105
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: USP: Locale=en-us gdpr= false
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: gAMPidentityLinkID not present, prebid configured without identyLink
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: gSChainNodes found, prebid configured with 1 supply chain object(s)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: final pbjs config
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: [object Object]
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: gAMPidentityLinkID not present, prebid configured without ATS Analytics
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: Initial Ad Load
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021071401.js?31061813(Line 6) Message: [GPT] Error in googletag.display: could not find div with id "div-gpt-ad-6794670-2" in DOM for slot: /21707124336/ThreatPost-970x250-ATF.
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: %cCMP: GVL version is 92 color: #555599
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: CPJfXVDPJfXVDBNADBENBcCgAAAAAAAAACiQAAAAAAAA.YAAAAAAAAAAA
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: __uspLaunch begin
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://secure.quantserve.com/quant.js(Line 2) Message: ERROR Sat Jul 17 2021 17:07:13 GMT+0200 (Central European Summer Time) [USPAPI] unsuccessful: TypeError: Cannot read property 'getItem' of null
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.5.8.js(Line 32) Message: a: 0.0029296875 ms
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	(Line 7) Message: CNX-ad-imp
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ade.googlesyndication.com
adservice.google.com
analytics.twitter.com
assets.threatpost.com
bid.g.doubleclick.net
c.amazon-adsystem.com
capi.connatix.com
cd.connatix.com
cdn.syndication.twimg.com
cds.connatix.com
cm.g.doubleclick.net
csi.gstatic.com
dsp.adfarm1.adition.com
dt.adsafeprotected.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
imasdk.googleapis.com
img.connatix.com
kasperskycontenthub.com
lit.connatix.com
match.adsrvr.org
media.threatpost.com
pagead2.googlesyndication.com
pbs.twimg.com
pixel.adsafeprotected.com
platform.twitter.com
pubads.g.doubleclick.net
qd.admetricspro.com
quantcount.com
r2---sn-4g5e6nsk.c.2mdn.net
r2---sn-4g5ednsl.c.2mdn.net
red.vtracy.de
rules.quantcount.com
s0.2mdn.net
secure-gg.imrworldwide.com
secure.quantserve.com
securepubads.g.doubleclick.net
ssp.lkqd.net
static.ads-twitter.com
static.adsafeprotected.com
stats.g.doubleclick.net
syndication.twitter.com
t.co
tagan.adlightning.com
threatpost.com
tpc.googlesyndication.com
unified.adsafeprotected.com
vid.connatix.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
quantcount.com
104.244.42.131
104.244.42.136
104.244.42.5
13.224.90.44
13.224.96.23
142.250.110.154
142.250.185.98
142.250.186.130
142.250.186.98
142.250.74.194
146.20.128.174
151.101.12.157
151.101.14.137
151.101.2.137
172.217.18.98
18.156.48.56
2404:6800:4006:810::2003
2600:9000:2190:1800:0:5c46:4f40:93a1
2600:9000:2190:1a00:6:44e3:f8c0:93a1
2600:9000:2190:ce00:2:9275:3d40:93a1
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700:3031::6815:456d
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:62::7
2a00:1450:4001:6a::7
2a00:1450:4001:800::200e
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2001
2a00:1450:4001:810::2002
2a00:1450:4001:810::2003
2a00:1450:4001:810::200a
2a00:1450:4001:810::200e
2a00:1450:4001:827::2002
2a00:1450:4001:828::2006
2a00:1450:4001:828::200e
2a00:1450:4001:829::2002
2a00:1450:4001:829::2008
2a00:1450:4001:82f::2004
2a00:1450:400c:c08::9d
3.142.110.20
3.250.250.79
34.246.26.134
34.249.223.127
34.253.15.48
35.169.133.103
35.173.160.135
76.223.111.131
85.114.159.93
01864580e1f385dc4512aed0de4b324cc1a04812709e7020e857612fc0ce9f4c
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
0863882f1d6ce836e3dcf7123e95e2c188fd7d4eda775c696ded7e1d82c61080
08e7370971dc99dde77852601b25e52e7c870df4af7165cf529d82ef3b7896df
0e765d3c7a5688e557cb9224f35a940bb233178decdec0c197a7ae9cab1f02da
0f67365284786cb59e22aaeaa0a18e83c52db358dba869084a95525cb7f38cb6
172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
17c95dda6af1a7e1e5cf6d3f17df342ab4a3136715e9d470b9285889009c475f
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2
1be2b1f7a9e55ef22a384a5182612e5031174c30ca5cc4f032d45adcaf7f6712
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1ce5f600746a117c916637c6d27f8fe09fb7e0c915ff3e89dda27818519a3a1b
1d5a65e5129df0b4c89e73f205c6cb89cba0cd1d8e21a1512ca76b769634052d
1dbd8a3e5323c66c5636caba2bc0175d24be56e9ef9c05050968d5f7e6d57ae8
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
218e05d485c264de86e6458d2ccf256d5e3e214b7a95639d9341b412f32eb51e
2405bd02584cae91a0a4c434fec3e72f392d07e1bedc993c3b16baa7800bbdfd
24aade2676fdb029a60acf8e0baa4c90895213374833948e910d97860fbcf252
263627ec362c25037d69022de008fad33cf85ec7267604a5ae5c8e6fe4ad9e38
27b705297955597e3b4e3bc99ae77f8a13bf03eb18fcb9b00d21023ec07537c0
28dddfbabcdfcd8cb87c318f9711178d16b16e3f6cc73b1f42385c82c2da06f1
2a58e25d839949dd623c8e56ddb50461307e569a0ff116f099e3cf197e03bb20
2aad1dea74398906714d858498fcf050795f15a08fac55ce829a107393b5cfa6
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d853d5c205e6bc73c9928255af1ea931f948c6f46f607eeef92935f37f72f5a
2d8ec18a4288dbc3438cca4a20aa09805cc63b6143711315970818aae4776c84
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
307249eba418a11fb0682c8a9b0c6db6e0a4bd12b4f1307b069ae88f0ba7699d
3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838
32c9e47652eef12c886bfa49fcbd9d27bf122d77ed77bc38601a2bdec1bb377d
37aa3970b6801c9d286464f7d86e50bf41c88e54c7b4d08f3ff61935b3f59c3c
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3ff5695eb428fb5333956f38650af27c8b6017ae19e0daf220383d2c4fd2638e
404c99a291c53119a6bc17d791918a0c258daa0b2ff5740d8387da180085cc35
40ca98c145bf27de21e87e43748da8e926d8986e851f3e6747cafc4da373bca2
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
42cb4521d16916f351c353568ff388c3527541d7c78f6f2e78461b946c187a36
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
458ec6bf86adec408af1104a278c83a02a2d396d247e3813cd7d89995f0ec7ce
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398
4901bcd683c63a97591b6de7fe16fd7cd848d660e11e40143278933d9aaf731f
4adaeccb264cbd8319080fd9f61eb769ff6f8aa1a02ab3408430b2b853d9cbe8
4c3bb0cf1307b258f7610c14aeddc97d17fcb96910f0182f0cff68df687d449e
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2
51d36a3a2d7849d66382de22ad923303cd83baf7107f8c5110b2d8f4076c633f
52dd9255bbfc1067f03f2b5fd55c6145395ef01f7595b3c03e62ba9b62bce970
53af3add3060c7908cc26e0cfca3a16636e685c263e108a2f13dca97dfcd654e
53c8c3a952a872f6b8375d5363997aae15d849cff5a3e086d2b8074dd1d1ad37
5741be6b72688b3214f976204cfc20318cad398025dd67f3899de16e52d09f3c
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5c7e70f4aa71367e5eb0af4a3ba785dae484c125229885f0d940be035da02aa0
5d3666336eef9c0816bdd1735211d0ff1017e9c5ae3ebf90ebb73577aa35b491
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
5fae5dfe73bb1807b890ff7dff72ff10a0dce2b66f9f91458b33cd48c4e36981
651e04b0e5647f9e2913196fa892689f13772efe4636cc1bbdad48868f67e1ce
65506c87a4e71875a107df7ca37f45ccfd40688cf8e01f65c7e71792dbd6818c
6755ea4d19f3574dd89ccec79b8a8815f2f59107ee84eb0b00051ce21bd5814b
68ed88fff5fdcc41bce2603a72fb2fa7235d6634fe2508bbad02a38206491e8d
69e9bdd28733875c70f92161d75a5bd685d054f86e8d3fa78222812c8cd69b7a
6a108e0af8fe6848b275a2827822879e528159c28a6f189f18288ab169abad78
6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
7446ce6e9a19121a0b02fd65fd58ca9c825aecf6a23d0eeb55444aa814c0a2d4
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
77a328b3ec0bf931a19c692f7f14e117fd4c299c781561e02b679aae5d377620
7b612ff529725ae692fe908ca7abab4d85d2cf65d40a0490185df84bc1bf5654
814221921d936293a6dcceebe84bea01d2a40a18be1072d4b216914014532e2a
82b879cecc94dd8ae083ebfe40c3b8b93c3ac29092f7d129c945d978af2d57d7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83c6bdb6c54b2fb90a204cf0279e2d868513572d0963ec534083902c1307844b
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
866c91b5d9e409558fa275dfbfc6965d103827c34b8d2566f0c70b6bcdaa3c9c
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8ea9df9aa296a2eac3fe1a8b6972fecea49c7295f723cf9c93356ff9301a09ec
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854
9262a81e3d9b60c02da67b2af339cb7306ba7986594c0e11cf4c68e8b21a2af9
932da60c35768cdd109c7361be41eba1a055942888f455927375479e314665ae
96360cdfad170cb263cb44fcb39b29be40de62551769b40250ec754805bd096e
a103be6f279cae8485833488abe0ba61ec1ee6754a4f35df960fd970a480647f
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad39dc5407316ddc102a245bf79aec9ade38d52c7ed3fa5219fc57bc931e3380
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55
b28bba15bc42fcd809e29f9bd2f9297503211d295f0adf70190e9a5be87caa86
b3e384e3a727917185428a38afcce19eac731bcf1599e2c6ea693bda664c3f28
b813e47b551a74f55e504ad2e4a7fdb97ee55a9497486ffa61f4dfc34e6fd338
b8b19af75b77e8d96706f9c314513e0a15cd1093c3c59a0bb99c8ba2839ffebf
b97b92827808a9f1f2c39a95970569f0df05c32b46a1f0cd695ece2eb6fcec24
b9c047619443ea3a47ff7fa0c67551103cdf6c4030c4b5ea69765fadffd0f8c6
ba0a839c92a3c068379d0a2057cc166ca5f9084f0297acbcaf64b8dd165e0db8
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
bcce16468496437c5089ea25ac4a21df4b96043deb2220bda588d72283991fff
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c1e1b14a3f3e54a42db1eebf9bc6e8c9bcb4c84db8d0718c34cd2939b66db3df
c84737ed98fba5d40474804773fa4a889faad2a9f5a7f049c1d850494e9b5f39
c9b86fb3ddf4db048fcdb86ae7b80be5565a239669b67652a8ae1398e487edbe
ce2c83aa57d73b90ff0266ebe6d8631a0a090a0406e1108a36056a28b7128a61
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d04f6744c40f6e55a29eb854b41ae936d98474edec14efa6bfd76fc79217d125
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de6bfdf9ff0a2da5cf6e7f959ff0298d69a2eba4d4fafc5a457dd9513e2147b6
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e05edf2ae58e3a9f1d2a84d32a8b216fd0aece46f527b58dcbce75255989ea88
e15422f05cbcde9d0d0753658f6e095c40ca06db76f84e74ab191c4d6f8fa560
e161fc2236af47e2fe2dc323c09bd73bc24fc2b7b6467a8b94a3f95b02cbe32f
e1b2833041de1561cb7c581248ef8e325f3318a24be95a3886fae8b398fda123
e3624d84d52ff6a3de2486c46e8da313233b427f98949457e9260fdce7840042
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e6022f9910b4d6c566895293c5cdb07e5cda45a6bb5e6c2d480baf15dacbe4f9
e7a1375f883984026b922acfbe7cbc0bd02effdbfbfdde9354922a6055502624
ea735b046d315558426ae2710a8850ad4241c7fd1f4859b2684d4cc874a98b1e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
f9393b6086ef517df2d5d88caa8c1c77a309124b3739befc23d4403f232a6be1
fa1925dbad2ce2e35b9feb402612339abc8de3b8cbe8b1efd3a0482491fad473
fa62ab7470e4189b49540a2b0288f88bb294dc695f2b757f9d94f00de4ac3eee
ffdbea2a5a9959ea5f9809139a0178c725fa9474a88f1cfe10f702bdb35c3cc0

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

221 Requests

98 %HTTPS

49 %IPv6

28 Domains

55 Subdomains

45 IPs

5 Countries

6488 kBTransfer

13226 kBSize

4 Cookies

17 Outgoing links

Redirected requests

221 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

221
Requests

98 %
HTTPS

49 %
IPv6

28
Domains

55
Subdomains

45
IPs

5
Countries

6488 kB
Transfer

13226 kB
Size

4
Cookies

221 HTTP transactions
-2 data transactions