urlscan.io logo urlscan.io
SecurityTrails logo

vxcube.com Open in urlscan Pro
107.150.103.7  Public Scan

Go To Rescan Add Verdict Report
URL: https://vxcube.com/recent-threats-ioc/
Submission: On June 11 via manual from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 2 countries across 11 domains to perform 25 HTTP transactions. The main IP is 107.150.103.7, located in Los Angeles, United States and belongs to ZNET - Zenlayer Inc, US. The main domain is vxcube.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 6th 2018. Valid for: 3 months.
This is the only time vxcube.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 107.150.103.7 21859 (ZNET)
1 209.197.3.15 20446 (HIGHWINDS3)
1 216.58.214.72 15169 (GOOGLE)
6 172.217.22.98 15169 (GOOGLE)
1 172.217.17.42 15169 (GOOGLE)
3 103.235.46.191 55967 (CNNIC-BAI...)
3 172.217.18.3 15169 (GOOGLE)
2 172.217.16.194 15169 (GOOGLE)
1 2 172.217.20.78 15169 (GOOGLE)
1 74.125.71.154 15169 (GOOGLE)
25 10
6    107.150.103.7 (Los Angeles, United States)

ASN21859 (ZNET - Zenlayer Inc, US)
vxcube.com
1    209.197.3.15 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net
maxcdn.bootstrapcdn.com
1    216.58.214.72 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s10-in-f72.1e100.net
www.googletagmanager.com
6    172.217.22.98 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s18-in-f2.1e100.net
pagead2.googlesyndication.com
adservice.google.de
adservice.google.com
1    172.217.17.42 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: ams16s29-in-f42.1e100.net
fonts.googleapis.com
3    103.235.46.191 (Central District, Hong Kong)

ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
hm.baidu.com
3    172.217.18.3 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra02s19-in-f3.1e100.net
fonts.gstatic.com
2    172.217.16.194 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s08-in-f2.1e100.net
googleads.g.doubleclick.net
2    172.217.20.78 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: ams15s33-in-f14.1e100.net
www.google-analytics.com
1    74.125.71.154 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: wn-in-f154.1e100.net
stats.g.doubleclick.net
Domain Requested by
6 vxcube.com vxcube.com
4 pagead2.googlesyndication.com vxcube.com
pagead2.googlesyndication.com
3 fonts.gstatic.com vxcube.com
3 hm.baidu.com vxcube.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 stats.g.doubleclick.net vxcube.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 fonts.googleapis.com vxcube.com
1 www.googletagmanager.com vxcube.com
1 maxcdn.bootstrapcdn.com vxcube.com
25 12

This site contains links to these domains. Also see Links.

Domain
github.com
www.welivesecurity.com
metadefender.opswat.com
Subject Issuer Validity Valid
vxcube.com
Let's Encrypt Authority X3		 2018-05-06 -
2018-08-04		 3 months crt.sh
*.g.doubleclick.net
Google Internet Authority G3		 2018-05-15 -
2018-08-07		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://vxcube.com/recent-threats-ioc/
Frame ID: 49327408A4362D70257168CEB67C0836
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20180606/r20180604/zrt_lookup.html
Frame ID: 969528F97867B854E5F00BA9230A8387
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20180606/r20180604/show_ads_impl.js
Frame ID: 7E9D5561CA60E170EA262DFC644ACDFC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7239252167465096&output=html&adk=1812271804&adf=3025194257&lmt=1528675462&plat=1%3A32776%2C2%3A16809992%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C26%3A32768%2C30%3A1081344&guci=1.2.0.0.2.2.0&format=0x0&url=https%3A%2F%2Fvxcube.com%2Frecent-threats-ioc%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1528675461984&bpp=38&bdt=561&fdt=39&idt=140&shv=r20180606&cbv=r20180604&saldr=aa&abxe=1&correlator=1833469005861&frm=20&pv=2&ga_vid=1065502728.1528675462&ga_sid=1528675462&ga_hid=1021745816&ga_fc=0&iag=0&icsg=150207&dssz=14&mdo=0&mso=8&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21061122%2C368226401&oid=3&rx=0&eae=2&fc=1808&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cnr%7C&abl=CS&ppjl=u&fu=16&bc=7&ifi=0&dtd=165
Frame ID: A802EE202315F1F858BFA7837D366A8B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i
  • env /^google_ad_/i
  • env /^__google_ad_/i
  • env /^Goog_AdSense_/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i
Overall confidence: 100%
Detected patterns
  • env /^moment$/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

25
Requests

32 %
HTTPS

0 %
IPv6

11
Domains

12
Subdomains

10
IPs

2
Countries

496 kB
Transfer

1513 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21
  • https://www.google-analytics.com/r/collect?v=1&_v=j68&a=1021745816&t=pageview&_s=1&dl=https%3A%2F%2Fvxcube.com%2Frecent-threats-ioc%2F&ul=en-us&de=UTF-8&dt=Recent%20Threats%20-%20VxCube&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IAhAAUAB~&jid=1684209674&gjid=1168797435&cid=1065502728.1528675462&tid=UA-105146122-1&_gid=492422380.1528675462&_r=1&gtm=u64&z=1944211719 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-105146122-1&cid=1065502728.1528675462&jid=1684209674&_gid=492422380.1528675462&gjid=1168797435&_v=j68&z=1944211719

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
vxcube.com/recent-threats-ioc/ 		224 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vxcube.com/recent-threats-ioc/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.150.103.7 Los Angeles, United States, ASN21859 (ZNET - Zenlayer Inc, US),
Reverse DNS
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
b59e2b1d0315b6af3592c002b5589e9f8117647ad3a1bdf8983ebee00656f9d3

Request headers

Host
vxcube.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
49327408A4362D70257168CEB67C0836

Response headers

Server
nginx/1.4.6 (Ubuntu)
Date
Mon, 11 Jun 2018 00:04:21 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip
main_css.d28693b4bf31af49a3cd.css
vxcube.com/static/build/ 		162 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://vxcube.com/static/build/main_css.d28693b4bf31af49a3cd.css
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.150.103.7 Los Angeles, United States, ASN21859 (ZNET - Zenlayer Inc, US),
Reverse DNS
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
195992498161a28ce94fcce01f994b3a65938a2d4312699acbd223f9af243d82

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
vxcube.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://vxcube.com/recent-threats-ioc/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Mon, 11 Jun 2018 00:04:21 GMT
Content-Encoding
gzip
Last-Modified
Mon, 23 Apr 2018 08:22:37 GMT
Server
nginx/1.4.6 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
text/css; charset=utf-8
Cache-Control
public, max-age=43200
Connection
keep-alive
Expires
Mon, 11 Jun 2018 12:04:21 GMT
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootswatch/3.3.7/yeti/ 		125 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootswatch/3.3.7/yeti/bootstrap.min.css
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
HTTP/1.1
Server
209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip0x00f.map2.ssl.hwcdn.net
Software
/
Resource Hash
d575e28229af2f31dbecd7842481bbe83443993a54b55cb03fa07e8efa3f6bb4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://vxcube.com/recent-threats-ioc/
Origin
https://vxcube.com

Response headers

Date
Mon, 11 Jun 2018 00:04:21 GMT
Content-Encoding
gzip
Last-Modified
Tue, 20 Feb 2018 05:51:54 GMT
Connection
Keep-Alive
ETag
"1519105914"
Vary
Accept-Encoding
X-Cache
HIT
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
X-Hello-Human
Say hello back! @getBootstrapCDN on Twitter
Accept-Ranges
bytes
Content-Length
20893
js
www.googletagmanager.com/gtag/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-105146122-1
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
SPDY
Server
216.58.214.72 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s10-in-f72.1e100.net
Software
Google Tag Manager (scaffolding) /
Resource Hash
b26fdf024e79102b5e765ade64fe74c4d86f453354be83026405cb0f5f42882c
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 11 Jun 2018 00:04:21 GMT
content-encoding
gzip
server
Google Tag Manager (scaffolding)
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
24691
x-xss-protection
1; mode=block
expires
Mon, 11 Jun 2018 00:04:21 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		72 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
cafe /
Resource Hash
1de6869366acfb4fda2da2dd9ef085d2a5c375657344d4395726fbe2524f4bfb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 11 Jun 2018 00:04:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
27059
x-xss-protection
1; mode=block
server
cafe
etag
9647518572458795769
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 11 Jun 2018 00:04:21 GMT
jquery.min.js
vxcube.com/static/js/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vxcube.com/static/js/jquery.min.js
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.150.103.7 Los Angeles, United States, ASN21859 (ZNET - Zenlayer Inc, US),
Reverse DNS
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
27d92130c0321dad5a03760fd5ac98a3d04ed4c94d88418fe6d50da1f7fc5cbe

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
vxcube.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://vxcube.com/recent-threats-ioc/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Mon, 11 Jun 2018 00:04:21 GMT
Content-Encoding
gzip
Last-Modified
Mon, 23 Apr 2018 08:21:02 GMT
Server
nginx/1.4.6 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
public, max-age=43200
Connection
keep-alive
Expires
Mon, 11 Jun 2018 12:04:21 GMT
moment.min.js
vxcube.com/static/js/ 		50 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vxcube.com/static/js/moment.min.js
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.150.103.7 Los Angeles, United States, ASN21859 (ZNET - Zenlayer Inc, US),
Reverse DNS
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
5251631d756dac0ed74a7892e651437c0f8840e552f9e245c731860ab1a89581

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
vxcube.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://vxcube.com/recent-threats-ioc/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Mon, 11 Jun 2018 00:04:21 GMT
Content-Encoding
gzip
Last-Modified
Mon, 23 Apr 2018 08:21:02 GMT
Server
nginx/1.4.6 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
public, max-age=43200
Connection
keep-alive
Expires
Mon, 11 Jun 2018 12:04:21 GMT
main_js.d28693b4bf31af49a3cd.js
vxcube.com/static/build/ 		243 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vxcube.com/static/build/main_js.d28693b4bf31af49a3cd.js
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.150.103.7 Los Angeles, United States, ASN21859 (ZNET - Zenlayer Inc, US),
Reverse DNS
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
8230ab65282c35c404bcae01445e71fb60d95f5acaf29ba73b588083e5f77d14

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
vxcube.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://vxcube.com/recent-threats-ioc/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Mon, 11 Jun 2018 00:04:21 GMT
Content-Encoding
gzip
Last-Modified
Mon, 23 Apr 2018 08:22:37 GMT
Server
nginx/1.4.6 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
public, max-age=43200
Connection
keep-alive
Expires
Mon, 11 Jun 2018 12:04:21 GMT
css
fonts.googleapis.com/ 		1 KB
575 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,700italic,400,300,700
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
SPDY
Server
172.217.17.42 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
ams16s29-in-f42.1e100.net
Software
ESF /
Resource Hash
84325b5f3ac0113097d730f90818788ad8a1db8eb223481178aab998e4ec2586
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 11 Jun 2018 00:04:21 GMT
content-encoding
gzip
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection
1; mode=block
expires
Mon, 11 Jun 2018 00:04:21 GMT
hm.js
hm.baidu.com/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hm.baidu.com/hm.js?5319fec78daf0201f39cbaa00b9e06f1
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
HTTP/1.1
Server
103.235.46.191 Central District, Hong Kong, ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
ff2bdcc281f7cdd04d202a4aff16ac947434741915ec1bb2d654a81a8ed0e02a
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Mon, 11 Jun 2018 00:04:22 GMT
Content-Encoding
gzip
Server
apache
Etag
defc18135b1c0099f3877d3cdfa48dcd
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
9031
mem5YaGs126MiZpBA-UN7rgOUuhs.ttf
fonts.gstatic.com/s/opensans/v15/ 		28 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhs.ttf
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
SPDY
Server
172.217.18.3 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra02s19-in-f3.1e100.net
Software
sffe /
Resource Hash
0782a52179d0e25f19c39b43253795b25787d65abdbd8bfa38be0f21a4512748
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,700italic,400,300,700
Origin
https://vxcube.com

Response headers

date
Thu, 24 May 2018 16:36:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1495674
status
200
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
18670
x-xss-protection
1; mode=block
last-modified
Wed, 11 Oct 2017 21:49:43 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 24 May 2019 16:36:27 GMT
mem8YaGs126MiZpBA-UFVZ0e.ttf
fonts.gstatic.com/s/opensans/v15/ 		26 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0e.ttf
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
SPDY
Server
172.217.18.3 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra02s19-in-f3.1e100.net
Software
sffe /
Resource Hash
927658fe940c899225567ad7885c40a7871dee09c2b9f00d31f7ca62d1f424fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,700italic,400,300,700
Origin
https://vxcube.com

Response headers

date
Tue, 13 Feb 2018 19:10:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10126446
status
200
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
17857
x-xss-protection
1; mode=block
last-modified
Wed, 11 Oct 2017 21:49:44 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 13 Feb 2019 19:10:15 GMT
af7ae505a9eed503f8b8e6982036873e.woff2
vxcube.com/static/build/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://vxcube.com/static/build/af7ae505a9eed503f8b8e6982036873e.woff2
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.150.103.7 Los Angeles, United States, ASN21859 (ZNET - Zenlayer Inc, US),
Reverse DNS
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Pragma
no-cache
Origin
https://vxcube.com
Accept-Encoding
gzip, deflate
Host
vxcube.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://vxcube.com/static/build/main_css.d28693b4bf31af49a3cd.css
Connection
keep-alive
Cache-Control
no-cache
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://vxcube.com/static/build/main_css.d28693b4bf31af49a3cd.css
Origin
https://vxcube.com

Response headers

Date
Mon, 11 Jun 2018 00:04:22 GMT
Last-Modified
Mon, 23 Apr 2018 08:22:37 GMT
Server
nginx/1.4.6 (Ubuntu)
ETag
"1524471757.44-77160-930684141"
Content-Type
application/octet-stream
Cache-Control
public, max-age=43200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
77160
Expires
Mon, 11 Jun 2018 12:04:22 GMT
mem5YaGs126MiZpBA-UN_r8OUuhs.ttf
fonts.gstatic.com/s/opensans/v15/ 		27 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhs.ttf
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
SPDY
Server
172.217.18.3 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra02s19-in-f3.1e100.net
Software
sffe /
Resource Hash
2289b94b0f245d3078128fbdd2a5c59648ddd94ac1a7dd749b2375596ac8d562
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,700italic,400,300,700
Origin
https://vxcube.com

Response headers

date
Thu, 08 Feb 2018 18:08:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10562179
status
200
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
18450
x-xss-protection
1; mode=block
last-modified
Wed, 11 Oct 2017 21:49:34 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 08 Feb 2019 18:08:02 GMT
integrator.js
adservice.google.de/adsid/ 		109 B
494 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=vxcube.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 11 Jun 2018 00:04:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
104
x-xss-protection
1; mode=block
integrator.js
adservice.google.com/adsid/ 		109 B
494 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=vxcube.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 11 Jun 2018 00:04:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
104
x-xss-protection
1; mode=block
ca-pub-7239252167465096.js
pagead2.googlesyndication.com/pub-config/r20160913/ 		68 B
209 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-7239252167465096.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
sffe /
Resource Hash
8ba131a677ea1357ae7fdc95d6a5c67c3b02d171bb286f6c9ec6bce3cef5c211
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Sun, 10 Jun 2018 18:11:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
age
21163
content-type
text/javascript
status
200
cache-control
public, max-age=43200
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
88
x-xss-protection
1; mode=block
expires
Mon, 11 Jun 2018 06:11:39 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20180606/r20180604/ Frame 9695 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20180606/r20180604/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.16.194 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20180606/r20180604/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://vxcube.com/recent-threats-ioc/
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
49327408A4362D70257168CEB67C0836
Referer
https://vxcube.com/recent-threats-ioc/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Wed, 06 Jun 2018 14:46:42 GMT
expires
Wed, 20 Jun 2018 14:46:42 GMT
content-type
text/html; charset=UTF-8
etag
8341461738443483577
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
6979
x-xss-protection
1; mode=block
cache-control
public, max-age=1209600
age
379060
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20180606/r20180604/ Frame 7E9D 		185 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20180606/r20180604/show_ads_impl.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
cafe /
Resource Hash
f9741b66aa221bcff2c8901dfd50a449c564405f970fb269c3412bf9619d2a2d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 11 Jun 2018 00:04:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
70460
x-xss-protection
1; mode=block
server
cafe
etag
4276430851371973721
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 11 Jun 2018 00:04:22 GMT
analytics.js
www.google-analytics.com/ 		34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-105146122-1
Protocol
SPDY
Server
172.217.20.78 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
ams15s33-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 18 May 2018 01:10:24 GMT
server
Golfe2
age
130
date
Mon, 11 Jun 2018 00:02:12 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
14386
expires
Mon, 11 Jun 2018 02:02:12 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame A802 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7239252167465096&output=html&adk=1812271804&adf=3025194257&lmt=1528675462&plat=1%3A32776%2C2%3A16809992%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C26%3A32768%2C30%3A1081344&guci=1.2.0.0.2.2.0&format=0x0&url=https%3A%2F%2Fvxcube.com%2Frecent-threats-ioc%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1528675461984&bpp=38&bdt=561&fdt=39&idt=140&shv=r20180606&cbv=r20180604&saldr=aa&abxe=1&correlator=1833469005861&frm=20&pv=2&ga_vid=1065502728.1528675462&ga_sid=1528675462&ga_hid=1021745816&ga_fc=0&iag=0&icsg=150207&dssz=14&mdo=0&mso=8&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21061122%2C368226401&oid=3&rx=0&eae=2&fc=1808&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cnr%7C&abl=CS&ppjl=u&fu=16&bc=7&ifi=0&dtd=165
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180606/r20180604/show_ads_impl.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.16.194 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-7239252167465096&output=html&adk=1812271804&adf=3025194257&lmt=1528675462&plat=1%3A32776%2C2%3A16809992%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C26%3A32768%2C30%3A1081344&guci=1.2.0.0.2.2.0&format=0x0&url=https%3A%2F%2Fvxcube.com%2Frecent-threats-ioc%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1528675461984&bpp=38&bdt=561&fdt=39&idt=140&shv=r20180606&cbv=r20180604&saldr=aa&abxe=1&correlator=1833469005861&frm=20&pv=2&ga_vid=1065502728.1528675462&ga_sid=1528675462&ga_hid=1021745816&ga_fc=0&iag=0&icsg=150207&dssz=14&mdo=0&mso=8&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21061122%2C368226401&oid=3&rx=0&eae=2&fc=1808&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cnr%7C&abl=CS&ppjl=u&fu=16&bc=7&ifi=0&dtd=165
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://vxcube.com/recent-threats-ioc/
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
49327408A4362D70257168CEB67C0836
Referer
https://vxcube.com/recent-threats-ioc/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Mon, 11 Jun 2018 00:04:22 GMT
server
cafe
cache-control
private
content-length
82
x-xss-protection
1; mode=block
set-cookie
test_cookie=CheckForPermission; expires=Mon, 11-Jun-2018 00:19:22 GMT; path=/; domain=.doubleclick.net
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
expires
Mon, 11 Jun 2018 00:04:22 GMT
osd.js
pagead2.googlesyndication.com/pagead/js/r20180606/r20180604/ 		71 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20180606/r20180604/osd.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180606/r20180604/show_ads_impl.js
Protocol
SPDY
Server
172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f2.1e100.net
Software
cafe /
Resource Hash
a390cf62fca4217670690ed84dcb7f8d569348f6ef9ef61b3ea4bc15c4548561
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 06 Jun 2018 16:01:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
374549
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
26505
x-xss-protection
1; mode=block
server
cafe
etag
18183909933677749988
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 20 Jun 2018 16:01:53 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j68&a=1021745816&t=pageview&_s=1&dl=https%3A%2F%2Fvxcube.com%2Frecent-threats-ioc%2F&ul=en-us&de=UTF-8&dt=Recent%20Threats%20-%20VxCube&sd=24-bit&s...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-105146122-1&cid=1065502728.1528675462&jid=1684209674&_gid=492422380.1528675462&gjid=1168797435&_v=j68&z=1944211719
35 B
307 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-105146122-1&cid=1065502728.1528675462&jid=1684209674&_gid=492422380.1528675462&gjid=1168797435&_v=j68&z=1944211719
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
SPDY
Server
74.125.71.154 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
wn-in-f154.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 11 Jun 2018 00:04:22 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 11 Jun 2018 00:04:22 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-105146122-1&cid=1065502728.1528675462&jid=1684209674&_gid=492422380.1528675462&gjid=1168797435&_v=j68&z=1944211719
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
420
expires
Fri, 01 Jan 1990 00:00:00 GMT
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=2414534&si=5319fec78daf0201f39cbaa00b9e06f1&v=1.2.30&lv=1&ct=!!&tt=Recent%20Threats%20-%20VxCube&sn=6053
Requested by
Host: vxcube.com
URL: https://vxcube.com/recent-threats-ioc/
Protocol
HTTP/1.1
Server
103.235.46.191 Central District, Hong Kong, ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 11 Jun 2018 00:04:23 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1600x1200&vl=1200&ep=%7B%22netAll%22%3A504%2C%22netDns%22%3A3%2C%22netTcp%22%3A500%2C%22srv%22%3A2016%2C%22dom%22%3A3310%2C%22loadEvent%22%3A4282%7D&et=87&ja=0&ln=en-us&lo=0&rnd=1709130811&si=5319fec78daf0201f39cbaa00b9e06f1&v=1.2.30&lv=1
Protocol
HTTP/1.1
Server
103.235.46.191 Central District, Hong Kong, ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Referer
https://vxcube.com/recent-threats-ioc/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 11 Jun 2018 00:04:23 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| gtag object| dataLayer object| adsbygoogle object| _hmt object| google_js_reporting_queue object| google_ad_modifications boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state function| google_spfd object| google_sv_map object| google_t12n_vars object| google_jobrunner object| google_iframe_oncopy object| google_tag_manager string| GoogleAnalyticsObject function| ga function| $ function| jQuery function| moment function| flask_moment_render function| flask_moment_render_all object| google_persistent_state_async object| google_pub_config object| __google_ad_urls number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages function| Goog_AdSense_getAdAdapterInstance boolean| google_osd_loaded boolean| google_onload_fired object| gaplugins object| gaData function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure boolean| _bdhm_loaded_5319fec78daf0201f39cbaa00b9e06f1 object| mini_tangram_log_dl8jgn function| google_osd_amcb object| mini_tangram_log_qk1tgh

6 Cookies

Domain/Path Name / Value
.vxcube.com/ Name: Hm_lpvt_5319fec78daf0201f39cbaa00b9e06f1
Value: 1528675463
.vxcube.com/ Name: _ga
Value: GA1.2.1065502728.1528675462
.vxcube.com/ Name: Hm_lvt_5319fec78daf0201f39cbaa00b9e06f1
Value: 1528675463
.vxcube.com/ Name: _gat_gtag_UA_105146122_1
Value: 1
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.vxcube.com/ Name: _gid
Value: GA1.2.492422380.1528675462

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hm.baidu.com
maxcdn.bootstrapcdn.com
pagead2.googlesyndication.com
stats.g.doubleclick.net
vxcube.com
www.google-analytics.com
www.googletagmanager.com
103.235.46.191
107.150.103.7
172.217.16.194
172.217.17.42
172.217.18.3
172.217.20.78
172.217.22.98
209.197.3.15
216.58.214.72
74.125.71.154
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0782a52179d0e25f19c39b43253795b25787d65abdbd8bfa38be0f21a4512748
195992498161a28ce94fcce01f994b3a65938a2d4312699acbd223f9af243d82
1de6869366acfb4fda2da2dd9ef085d2a5c375657344d4395726fbe2524f4bfb
2289b94b0f245d3078128fbdd2a5c59648ddd94ac1a7dd749b2375596ac8d562
27d92130c0321dad5a03760fd5ac98a3d04ed4c94d88418fe6d50da1f7fc5cbe
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
5251631d756dac0ed74a7892e651437c0f8840e552f9e245c731860ab1a89581
8230ab65282c35c404bcae01445e71fb60d95f5acaf29ba73b588083e5f77d14
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84325b5f3ac0113097d730f90818788ad8a1db8eb223481178aab998e4ec2586
8ba131a677ea1357ae7fdc95d6a5c67c3b02d171bb286f6c9ec6bce3cef5c211
927658fe940c899225567ad7885c40a7871dee09c2b9f00d31f7ca62d1f424fc
a390cf62fca4217670690ed84dcb7f8d569348f6ef9ef61b3ea4bc15c4548561
b26fdf024e79102b5e765ade64fe74c4d86f453354be83026405cb0f5f42882c
b59e2b1d0315b6af3592c002b5589e9f8117647ad3a1bdf8983ebee00656f9d3
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d575e28229af2f31dbecd7842481bbe83443993a54b55cb03fa07e8efa3f6bb4
f9741b66aa221bcff2c8901dfd50a449c564405f970fb269c3412bf9619d2a2d
ff2bdcc281f7cdd04d202a4aff16ac947434741915ec1bb2d654a81a8ed0e02a