urlscan.io logo urlscan.io
SecurityTrails logo

www.wired.com Open in urlscan Pro
151.101.194.194  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Effective URL: https://www.wired.com/story/pipedream-ics-malware/
Submission: On April 19 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 128 IPs in 5 countries across 125 domains to perform 547 HTTP transactions. The main IP is 151.101.194.194, located in United States and belongs to FASTLY, US. The main domain is www.wired.com. The Cisco Umbrella rank of the primary domain is 5476.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2020 on July 22nd 2021. Valid for: a year.
This is the only time www.wired.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 2600:1400:b00... 20940 (AKAMAI-ASN1)
8 2600:1400:b00... 20940 (AKAMAI-ASN1)
1 25 151.101.194.194 54113 (FASTLY)
14 151.101.192.239 54113 (FASTLY)
6 2606:4700::68... 13335 (CLOUDFLAR...)
27 142.250.80.2 15169 (GOOGLE)
18 23.52.167.40 16625 (AKAMAI-AS)
5 13.225.222.69 16509 (AMAZON-02)
2 31 23.52.162.21 16625 (AKAMAI-AS)
1 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
1 2a04:4e42:c00... 54113 (FASTLY)
1 50.17.212.240 14618 (AMAZON-AES)
4 151.101.128.239 54113 (FASTLY)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
2 18.220.129.77 16509 (AMAZON-02)
1 13.225.223.34 16509 (AMAZON-02)
1 18.213.144.100 14618 (AMAZON-AES)
1 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
4 2602:803:c002... 26667 (RUBICONPR...)
2 23.78.210.18 16625 (AKAMAI-AS)
9 16 68.67.161.182 29990 (ASN-APPNEX)
4 34.236.83.94 14618 (AMAZON-AES)
3 35.244.159.8 15169 (GOOGLE)
2 34.107.148.139 15169 (GOOGLE)
1 13.35.73.28 16509 (AMAZON-02)
5 151.101.0.239 54113 (FASTLY)
2 151.101.64.239 54113 (FASTLY)
3 18.67.76.84 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
5 2607:f8b0:400... 15169 (GOOGLE)
5 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
12 2607:f8b0:400... 15169 (GOOGLE)
1 5 2607:f8b0:400... 15169 (GOOGLE)
2 15 209.54.180.3 16509 (AMAZON-02)
1 13.225.66.5 16509 (AMAZON-02)
1 23 54.187.199.115 16509 (AMAZON-02)
13 2607:f8b0:400... 15169 (GOOGLE)
1 9 2620:116:800b... 14618 (AMAZON-AES)
4 2a03:2880:f01... 32934 (FACEBOOK)
1 34.120.253.250 15169 (GOOGLE)
1 2620:112:f002... 6336 (TURN-US-ASN)
6 13.225.223.31 16509 (AMAZON-02)
1 146.75.28.157 54113 (FASTLY)
1 2a04:4e42:400... 54113 (FASTLY)
1 99.84.42.77 16509 (AMAZON-02)
1 2600:141b:13:... 20940 (AKAMAI-ASN1)
1 52.26.86.82 16509 (AMAZON-02)
1 13.33.60.49 16509 (AMAZON-02)
1 151.139.128.11 20446 (STACKPATH...)
1 13.225.209.11 16509 (AMAZON-02)
4 23.216.132.73 20940 (AKAMAI-ASN1)
1 2600:9000:220... 16509 (AMAZON-02)
5 12 35.190.60.146 15169 (GOOGLE)
2 2 107.178.254.65 15169 (GOOGLE)
10 15 142.251.40.162 15169 (GOOGLE)
1 1 34.98.67.3 15169 (GOOGLE)
2 4 99.84.118.11 16509 (AMAZON-02)
5 9 107.178.246.49 15169 (GOOGLE)
8 9 3.33.220.150 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
1 99.84.112.62 16509 (AMAZON-02)
3 2607:f8b0:400... 15169 (GOOGLE)
4 13.33.81.81 16509 (AMAZON-02)
8 2607:f8b0:400... 15169 (GOOGLE)
2 54.224.186.170 14618 (AMAZON-AES)
1 1 52.4.86.119 14618 (AMAZON-AES)
1 2600:9000:21e... 16509 (AMAZON-02)
2 34.98.72.95 15169 (GOOGLE)
3 104.244.42.3 13414 (TWITTER)
2 104.244.42.69 13414 (TWITTER)
1 54.230.102.38 16509 (AMAZON-02)
2 52.2.129.5 14618 (AMAZON-AES)
31 3.226.21.92 14618 (AMAZON-AES)
2 35.201.67.47 15169 (GOOGLE)
2 35.190.91.160 15169 (GOOGLE)
1 151.101.129.140 54113 (FASTLY)
1 54.162.166.167 14618 (AMAZON-AES)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
1 1 13.107.42.14 8068 (MICROSOFT...)
1 3 104.18.98.194 13335 (CLOUDFLAR...)
2 75.2.40.13 16509 (AMAZON-02)
2 54.85.177.101 14618 (AMAZON-AES)
1 143.204.146.75 16509 (AMAZON-02)
1 35.190.59.101 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 52.46.141.85 16509 (AMAZON-02)
1 52.205.167.202 14618 (AMAZON-AES)
4 23.78.168.242 16625 (AKAMAI-AS)
4 198.148.27.139 19189 (PULSEPOINT)
2 6 3.218.90.66 14618 (AMAZON-AES)
1 1 199.187.193.197 47043 (SMARTADSE...)
2 2 35.71.139.29 16509 (AMAZON-02)
1 52.25.223.171 16509 (AMAZON-02)
1 15.254.18.59 16509 (AMAZON-02)
1 9 54.148.204.204 16509 (AMAZON-02)
2 3 104.36.115.109 62713 (AS-PUBMATIC)
1 2 199.187.193.192 47043 (SMARTADSE...)
1 1 69.166.1.10 27630 (AS-XFERNET)
2 2 199.127.204.147 26120 (RHYTHMONE)
3 2607:f8b0:400... 15169 (GOOGLE)
3 99.84.120.217 16509 (AMAZON-02)
4 2a03:2880:f11... 32934 (FACEBOOK)
1 142.250.80.38 15169 (GOOGLE)
18 2607:f8b0:400... 15169 (GOOGLE)
1 13.225.223.29 16509 (AMAZON-02)
6 6 2001:438:65:1... 26762 (CNVR-US-EAST)
2 2 207.198.113.177 13768 (COGECO-PEER1)
3 3 50.16.197.56 14618 (AMAZON-AES)
1 1 2600:9000:21e... 16509 (AMAZON-02)
3 2607:f8b0:400... 15169 (GOOGLE)
1 1 18.191.113.36 16509 (AMAZON-02)
1 1 34.202.177.96 14618 (AMAZON-AES)
4 4 18.214.156.126 14618 (AMAZON-AES)
2 2 173.231.178.85 29791 (VOXEL-DOT...)
11 11 151.101.66.49 54113 (FASTLY)
2 6 2600:1f18:4e9... 14618 (AMAZON-AES)
6 15 34.98.64.218 15169 (GOOGLE)
3 3 103.229.206.240 30419 (MEDIAMATH...)
3 2607:f8b0:400... 15169 (GOOGLE)
4 142.250.65.162 15169 (GOOGLE)
1 2a02:6ea0:c40... 60068 (CDN77 ^_^)
1 35.81.107.237 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
1 34.120.155.137 15169 (GOOGLE)
2 151.101.1.108 54113 (FASTLY)
18 23.50.78.169 16625 (AKAMAI-AS)
1 1 104.118.8.151 16625 (AKAMAI-AS)
4 4 34.226.166.7 14618 (AMAZON-AES)
3 3 2620:112:f002... 6336 (TURN-US-ASN)
7 34.111.8.32 15169 (GOOGLE)
4 23.205.72.10 16625 (AKAMAI-AS)
2 2620:100:a001::c 19750 (AS-CRITEO)
2 2 199.38.167.129 54312 (ROCKETFUEL)
2 6 23.54.200.27 16625 (AKAMAI-AS)
2 2 74.119.119.150 19750 (AS-CRITEO)
6 6 35.211.178.172 19527 (GOOGLE-2)
4 4 70.42.32.159 22075 (AS-OUTBRAIN)
3 3 184.85.195.135 16625 (AKAMAI-AS)
2 34.199.73.116 14618 (AMAZON-AES)
4 4 35.207.24.140 15169 (GOOGLE)
6 9 8.43.72.97 26667 (RUBICONPR...)
1 52.95.125.22 16509 (AMAZON-02)
1 2001:4998:14:... 14777 (YAHOO)
2 2 2606:4700:440... 13335 (CLOUDFLAR...)
1 1 54.81.207.173 14618 (AMAZON-AES)
2 2 34.232.7.173 14618 (AMAZON-AES)
1 1 34.111.151.213 15169 (GOOGLE)
3 3 23.4.227.170 16625 (AKAMAI-AS)
2 3 18.207.82.126 14618 (AMAZON-AES)
1 1 67.202.105.22 32748 (STEADFAST)
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
1 13.225.223.20 16509 (AMAZON-02)
2 13.225.209.110 16509 (AMAZON-02)
2 2 35.190.52.204 15169 (GOOGLE)
1 1 2600:1901:0:8... 15169 (GOOGLE)
1 1 13.225.223.81 16509 (AMAZON-02)
1 1 4.78.226.224 3356 (LEVEL3)
1 1 34.202.58.161 14618 (AMAZON-AES)
1 1 34.231.116.207 14618 (AMAZON-AES)
1 52.0.204.120 14618 (AMAZON-AES)
1 2600:1f18:659... 14618 (AMAZON-AES)
1 2 192.35.249.120 11742 (SPOTX-IAD)
1 1 51.79.83.225 16276 (OVH)
2 2 64.58.232.179 13649 (ASN-VINS)
1 2 64.58.232.180 13649 (ASN-VINS)
1 54.90.196.139 14618 (AMAZON-AES)
547 128
3    2600:1400:b000:293::3277 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
apple.news
8    2600:1400:b000:49d::1aca (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
www.apple.com
25    151.101.194.194 (United States)

ASN54113 (FASTLY, US)
www.wired.com
14    151.101.192.239 (United States)

ASN54113 (FASTLY, US)
media.wired.com
www.bonappetit.com
www.cntraveler.com
www.newyorker.com
pitchfork.com
www.self.com
www.them.us
www.vogue.com
6    2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
27    142.250.80.2 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s33-in-f2.1e100.net
securepubads.g.doubleclick.net
pubads.g.doubleclick.net
18    23.52.167.40 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-167-40.deploy.static.akamaitechnologies.com
z.moatads.com
px.moatads.com
5    13.225.222.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-222-69.jfk51.r.cloudfront.net
c.amazon-adsystem.com
31    23.52.162.21 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-21.deploy.static.akamaitechnologies.com
js-sec.indexww.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
as-sec.casalemedia.com
1    2607:f8b0:4006:809::200e (United States)

ASN15169 (GOOGLE, US)
apis.google.com
3    2607:f8b0:4006:820::200e (United States)

ASN15169 (GOOGLE, US)
news.google.com
ampcid.google.com
1    2a04:4e42:c00::282 (United States)

ASN54113 (FASTLY, US)
polyfill.io
1    50.17.212.240 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-17-212-240.compute-1.amazonaws.com
segment-data.zqtk.net
4    151.101.128.239 (United States)

ASN54113 (FASTLY, US)
journey.wired.com
www.glamour.com
www.gq.com
api.condenast.io
2    2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
2    18.220.129.77 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-220-129-77.us-east-2.compute.amazonaws.com
mb.moatads.com
1    13.225.223.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-34.jfk51.r.cloudfront.net
ats.rlcdn.com
1    18.213.144.100 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-213-144-100.compute-1.amazonaws.com
infinityid.condenastdigital.com
1    2607:f8b0:4006:80b::2002 (United States)

ASN15169 (GOOGLE, US)
adservice.google.ca
4    2607:f8b0:4006:807::2002 (United States)

ASN15169 (GOOGLE, US)
adservice.google.com
2    2607:f8b0:4006:80d::2001 (United States)

ASN15169 (GOOGLE, US)
0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com
4    2602:803:c002:200::42 (United States)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
2    23.78.210.18 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-78-210-18.deploy.static.akamaitechnologies.com
htlb.casalemedia.com
16    68.67.161.182 (Brooklyn, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
secure.adnxs.com
4    34.236.83.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-83-94.compute-1.amazonaws.com
c2shb.ssp.yahoo.com
3    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
condenastus-d.openx.net
u.openx.net
us-u.openx.net
2    34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
1    13.35.73.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-73-28.bos50.r.cloudfront.net
geo.privacymanager.io
5    151.101.0.239 (United States)

ASN54113 (FASTLY, US)
www.allure.com
www.architecturaldigest.com
www.epicurious.com
pixel.condenastdigital.com
2    151.101.64.239 (United States)

ASN54113 (FASTLY, US)
www.teenvogue.com
www.vanityfair.com
3    18.67.76.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-76-84.iad89.r.cloudfront.net
player.cnevids.com
2    2607:f8b0:4006:822::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
5    2607:f8b0:4006:806::2002 (United States)

ASN15169 (GOOGLE, US)
adservice.google.ca
googleads.g.doubleclick.net
5    2607:f8b0:4006:80e::2001 (United States)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
2    2607:f8b0:4006:822::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
12    2607:f8b0:4006:81c::2001 (United States)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
5    2607:f8b0:4006:80e::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
15    209.54.180.3 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    13.225.66.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-66-5.ewr53.r.cloudfront.net
d1z2jf7jlzjs58.cloudfront.net
23    54.187.199.115 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-187-199-115.us-west-2.compute.amazonaws.com
dpm.demdex.net
13    2607:f8b0:4006:822::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
9    2620:116:800b:21:44af:4f54:8af4:5563 (United States)

ASN14618 (AMAZON-AES, US)
secure.quantserve.com
pixel.quantserve.com
4    2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    34.120.253.250 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.bounceexchange.com
1    2620:112:f002:bbbb::23 (United States)

ASN6336 (TURN-US-ASN, US)
d.turn.com
6    13.225.223.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-31.jfk51.r.cloudfront.net
cdn.memo.co
dp8hsntg6do36.cloudfront.net
1    146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
1    99.84.42.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-42-77.ewr52.r.cloudfront.net
ak.sail-horizon.com
1    2600:141b:13::17d7:825a (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    52.26.86.82 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-26-86-82.us-west-2.compute.amazonaws.com
a.ad.gt
1    13.33.60.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-60-49.ewr52.r.cloudfront.net
z-na.associates-amazon.com
1    151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)
s.skimresources.com
1    13.225.209.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-209-11.ewr50.r.cloudfront.net
static.hotjar.com
4    23.216.132.73 (Piscataway, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-216-132-73.deploy.static.akamaitechnologies.com
analytics.tiktok.com
1    2600:9000:2209:de00:1d:8c8c:47c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn-magiclinks.trackonomics.net
12    35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com
idsync.rlcdn.com
id.rlcdn.com
2    107.178.254.65 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com
pippio.com
15    142.251.40.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f2.1e100.net
cm.g.doubleclick.net
1    34.98.67.3 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 3.67.98.34.bc.googleusercontent.com
tags.rd.linksynergy.com
4    99.84.118.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-118-11.ewr52.r.cloudfront.net
sb.scorecardresearch.com
9    107.178.246.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com
pixel.tapad.com
9    3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
2    2607:f8b0:4006:824::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    99.84.112.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-112-62.ewr52.r.cloudfront.net
cdn.parsely.com
3    2607:f8b0:4006:81e::200a (United States)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
4    13.33.81.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-81-81.ewr52.r.cloudfront.net
d2c8v52ll5s99u.cloudfront.net
8    2607:f8b0:4006:81f::2002 (United States)

ASN15169 (GOOGLE, US)
www.googletagservices.com
2    54.224.186.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-224-186-170.compute-1.amazonaws.com
condenast.demdex.net
1    52.4.86.119 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-86-119.compute-1.amazonaws.com
cm.everesttech.net
1    2600:9000:21ec:3e00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
2    34.98.72.95 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
3    104.244.42.3 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
2    104.244.42.69 (United States)

ASN13414 (TWITTER, US)
t.co
1    54.230.102.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-102-38.ewr53.r.cloudfront.net
script.hotjar.com
2    52.2.129.5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-129-5.compute-1.amazonaws.com
4d.condenastdigital.com
31    3.226.21.92 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-21-92.compute-1.amazonaws.com
capture.condenastdigital.com
2    35.201.67.47 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 47.67.201.35.bc.googleusercontent.com
t.skimresources.com
2    35.190.91.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 160.91.190.35.bc.googleusercontent.com
p.skimresources.com
1    151.101.129.140 (United States)

ASN54113 (FASTLY, US)
alb.reddit.com
1    54.162.166.167 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-162-166-167.compute-1.amazonaws.com
pbs.getpublica.com
4    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
3    104.18.98.194 (None, )

ASN13335 (CLOUDFLARENET, US)
p.adsymptotic.com
2    75.2.40.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa7557bb34ea5624b.awsglobalaccelerator.com
api.sail-personalize.com
2    54.85.177.101 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-85-177-101.compute-1.amazonaws.com
elsa.memoinsights.com
1    143.204.146.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-146-75.ewr52.r.cloudfront.net
vars.hotjar.com
1    35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com
r.skimresources.com
1    2607:f8b0:4006:821::200e (United States)

ASN15169 (GOOGLE, US)
ampcid.google.ca
2    52.46.141.85 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
assoc-na.associates-amazon.com
1    52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com
p1.parsely.com
4    23.78.168.242 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-78-168-242.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
4    198.148.27.139 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
6    3.218.90.66 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-218-90-66.compute-1.amazonaws.com
ups.analytics.yahoo.com
1    199.187.193.197 (Canada)

ASN47043 (SMARTADSERVER, CA)
ssbsync-us.smartadserver.com
2    35.71.139.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
1    52.25.223.171 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-223-171.us-west-2.compute.amazonaws.com
id.halo.ad.gt
1    15.254.18.59 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-254-18-59.us-west-2.compute.amazonaws.com
p.ad.gt
9    54.148.204.204 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-148-204-204.us-west-2.compute.amazonaws.com
ids.ad.gt
3    104.36.115.109 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
2    199.187.193.192 (Canada)

ASN47043 (SMARTADSERVER, CA)
sync.smartadserver.com
1    69.166.1.10 (United States)

ASN27630 (AS-XFERNET, US)
sync.go.sonobi.com
2    199.127.204.147 (United States)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
3    2607:f8b0:4006:824::2006 (United States)

ASN15169 (GOOGLE, US)
s0.2mdn.net
3    99.84.120.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-120-217.ewr52.r.cloudfront.net
dwgyu36up6iuz.cloudfront.net
4    2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    142.250.80.38 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f6.1e100.net
ad.doubleclick.net
18    2607:f8b0:4006:808::2002 (United States)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    13.225.223.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-29.jfk51.r.cloudfront.net
check.analytics.rlcdn.com
6    2001:438:65:13::2360 (United States)

ASN26762 (CNVR-US-EAST, US)
pulsepoint-match.dotomi.com
medianet-match.dotomi.com
2    207.198.113.177 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
3    50.16.197.56 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-197-56.compute-1.amazonaws.com
loadm.exelator.com
1    2600:9000:21ec:a600:1a:609a:6780:93a1 (United States)

ASN16509 (AMAZON-02, US)
aa.agkn.com
3    2607:f8b0:4004:c09::9d (Ashburn, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    18.191.113.36 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-191-113-36.us-east-2.compute.amazonaws.com
sync.adotmob.com
1    34.202.177.96 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-177-96.compute-1.amazonaws.com
d.adroll.com
4    18.214.156.126 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-156-126.compute-1.amazonaws.com
pm.w55c.net
2    173.231.178.85 (United States)

ASN29791 (VOXEL-DOT-NET, US)
cm.adgrx.com
11    151.101.66.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
6    2600:1f18:4e9:5a07:3856:31e7:dd7:3c3d (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
pr-bh.ybp.yahoo.com
15    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
u.openx.net
3    103.229.206.240 (Singapore)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
3    2607:f8b0:4006:822::2003 (United States)

ASN15169 (GOOGLE, US)
www.google.ca
4    142.250.65.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f2.1e100.net
googleads4.g.doubleclick.net
1    2a02:6ea0:c400::11 (New York, United States)

ASN60068 (CDN77 ^_^, GB)
load77.exelator.com
1    35.81.107.237 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-107-237.us-west-2.compute.amazonaws.com
pixels.ad.gt
2    2607:f8b0:4006:816::200e (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
1    34.120.155.137 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 137.155.120.34.bc.googleusercontent.com
api.rlcdn.com
2    151.101.1.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
18    23.50.78.169 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-50-78-169.deploy.static.akamaitechnologies.com
contextual.media.net
1    104.118.8.151 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-118-8-151.deploy.static.akamaitechnologies.com
su.addthis.com
4    34.226.166.7 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-166-7.compute-1.amazonaws.com
pixel.advertising.com
3    2620:112:f002:bbbb::21 (United States)

ASN6336 (TURN-US-ASN, US)
ad.turn.com
7    34.111.8.32 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
events.bouncex.net
dfp.bouncex.net
4    23.205.72.10 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-72-10.deploy.static.akamaitechnologies.com
hbx.media.net
c21lg-d.media.net
2    2620:100:a001::c (United States)

ASN19750 (AS-CRITEO, US)
gum.criteo.com
2    199.38.167.129 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
6    23.54.200.27 (Atlanta, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-54-200-27.deploy.static.akamaitechnologies.com
cs.media.net
2    74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)
dis.criteo.com
6    35.211.178.172 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
4    70.42.32.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
3    184.85.195.135 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-85-195-135.deploy.static.akamaitechnologies.com
stags.bluekai.com
x.dlx.addthis.com
2    34.199.73.116 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-73-116.compute-1.amazonaws.com
dmp.adblade.com
4    35.207.24.140 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com
rtb.mfadsrvr.com
9    8.43.72.97 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
token.rubiconproject.com
1    52.95.125.22 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
1    2001:4998:14:800::1001 (United States)

ASN14777 (YAHOO, US)
ads.yahoo.com
2    2606:4700:4400::6812:230b (United States)

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
1    54.81.207.173 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-81-207-173.compute-1.amazonaws.com
sync.srv.stackadapt.com
2    34.232.7.173 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-7-173.compute-1.amazonaws.com
match.prod.bidr.io
1    34.111.151.213 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 213.151.111.34.bc.googleusercontent.com
dmp.brand-display.com
3    23.4.227.170 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-4-227-170.deploy.static.akamaitechnologies.com
px.owneriq.net
3    18.207.82.126 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-207-82-126.compute-1.amazonaws.com
sync.crwdcntrl.net
1    67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net
dp2.33across.com
1    2606:4700::6812:b4f (United States)

ASN13335 (CLOUDFLARENET, US)
idpix.media6degrees.com
1    13.225.223.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-20.jfk51.r.cloudfront.net
fr-actions.trackonomics.net
2    13.225.209.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-209-110.ewr50.r.cloudfront.net
trx-hub.com
2    35.190.52.204 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 204.52.190.35.bc.googleusercontent.com
tag.yieldoptimizer.com
1    2600:1901:0:8eee:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
fei.pro-market.net
1    13.225.223.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-81.jfk51.r.cloudfront.net
ads.scorecardresearch.com
1    4.78.226.224 (Mobile, United States)

ASN3356 (LEVEL3, US)
abp.mxptint.net
1    34.202.58.161 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-58-161.compute-1.amazonaws.com
aorta.clickagy.com
1    34.231.116.207 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-116-207.compute-1.amazonaws.com
usermatch.krxd.net
1    52.0.204.120 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-204-120.compute-1.amazonaws.com
beacon.krxd.net
1    2600:1f18:6593:f606:ee73:d59a:4018:6dc2 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dmp.v.fwmrm.net
2    192.35.249.120 (Ashburn, United States)

ASN11742 (SPOTX-IAD, US)
sync.search.spotxchange.com
1    51.79.83.225 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: pikafka-us-2.cloudy.ovh
pixel.onaudience.com
2    64.58.232.179 (United States)

ASN13649 (ASN-VINS, US)
global.ib-ibi.com
2    64.58.232.180 (United States)

ASN13649 (ASN-VINS, US)
ib.mookie1.com
1    54.90.196.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-196-139.compute-1.amazonaws.com
id.sv.rkdms.com
Apex Domain
Subdomains		 Transfer
53 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193
cm.g.doubleclick.net — Cisco Umbrella Rank: 211
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
ad.doubleclick.net — Cisco Umbrella Rank: 196
stats.g.doubleclick.net — Cisco Umbrella Rank: 95
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 293
pubads.g.doubleclick.net — Cisco Umbrella Rank: 487
627 KB
36 condenastdigital.com
infinityid.condenastdigital.com — Cisco Umbrella Rank: 25800
pixel.condenastdigital.com — Cisco Umbrella Rank: 19793
4d.condenastdigital.com — Cisco Umbrella Rank: 19145
capture.condenastdigital.com — Cisco Umbrella Rank: 15098
20 KB
33 wired.com
www.wired.com — Cisco Umbrella Rank: 5476
media.wired.com — Cisco Umbrella Rank: 37682
journey.wired.com — Cisco Umbrella Rank: 86422
2 MB
32 googlesyndication.com
0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 128
pagead2.googlesyndication.com — Cisco Umbrella Rank: 98
195 KB
30 media.net
prebid.media.net — Cisco Umbrella Rank: 1206
contextual.media.net — Cisco Umbrella Rank: 527
hbx.media.net — Cisco Umbrella Rank: 1409
cs.media.net — Cisco Umbrella Rank: 1824
c21lg-d.media.net — Cisco Umbrella Rank: 1760
74 KB
28 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 463
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 556
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 575
dsum.casalemedia.com — Cisco Umbrella Rank: 1317
as-sec.casalemedia.com — Cisco Umbrella Rank: 1329
43 KB
25 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 216
condenast.demdex.net — Cisco Umbrella Rank: 21441
30 KB
21 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 302
s.amazon-adsystem.com — Cisco Umbrella Rank: 281
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1212
60 KB
20 moatads.com
z.moatads.com — Cisco Umbrella Rank: 390
mb.moatads.com — Cisco Umbrella Rank: 626
px.moatads.com — Cisco Umbrella Rank: 419
407 KB
18 openx.net
condenastus-d.openx.net — Cisco Umbrella Rank: 25574
u.openx.net — Cisco Umbrella Rank: 709
us-u.openx.net — Cisco Umbrella Rank: 411
3 KB
18 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 248
secure.adnxs.com — Cisco Umbrella Rank: 438
acdn.adnxs.com — Cisco Umbrella Rank: 597
49 KB
17 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 846
ups.analytics.yahoo.com — Cisco Umbrella Rank: 300
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474
ads.yahoo.com — Cisco Umbrella Rank: 1132
9 KB
17 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 458
eus.rubiconproject.com — Cisco Umbrella Rank: 567
pixel.rubiconproject.com — Cisco Umbrella Rank: 350
token.rubiconproject.com — Cisco Umbrella Rank: 675
31 KB
15 rlcdn.com
ats.rlcdn.com — Cisco Umbrella Rank: 1312
idsync.rlcdn.com — Cisco Umbrella Rank: 327
check.analytics.rlcdn.com — Cisco Umbrella Rank: 3301
api.rlcdn.com — Cisco Umbrella Rank: 821
id.rlcdn.com — Cisco Umbrella Rank: 601
113 KB
15 google.com
apis.google.com — Cisco Umbrella Rank: 102
news.google.com — Cisco Umbrella Rank: 4741
adservice.google.com — Cisco Umbrella Rank: 77
www.google.com — Cisco Umbrella Rank: 4
ampcid.google.com — Cisco Umbrella Rank: 1782
analytics.google.com — Cisco Umbrella Rank: 724
75 KB
13 ad.gt
a.ad.gt — Cisco Umbrella Rank: 4688
id.halo.ad.gt — Cisco Umbrella Rank: 5894
p.ad.gt — Cisco Umbrella Rank: 5334
ids.ad.gt — Cisco Umbrella Rank: 4265
pixels.ad.gt — Cisco Umbrella Rank: 5222
19 KB
13 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
23 KB
13 cloudfront.net
d1z2jf7jlzjs58.cloudfront.net
d2c8v52ll5s99u.cloudfront.net
dwgyu36up6iuz.cloudfront.net
dp8hsntg6do36.cloudfront.net
1 MB
12 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1009
sync-tm.everesttech.net — Cisco Umbrella Rank: 576
2 KB
9 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 355
5 KB
9 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 434
4 KB
9 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 975
pixel.quantserve.com — Cisco Umbrella Rank: 423
12 KB
8 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 176
248 KB
8 apple.com
www.apple.com — Cisco Umbrella Rank: 214
792 KB
7 google.ca
adservice.google.ca — Cisco Umbrella Rank: 12925
ampcid.google.ca — Cisco Umbrella Rank: 80247
www.google.ca — Cisco Umbrella Rank: 8069
2 KB
6 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 289
4 KB
6 dotomi.com
pulsepoint-match.dotomi.com — Cisco Umbrella Rank: 3714
medianet-match.dotomi.com — Cisco Umbrella Rank: 9688
2 KB
6 skimresources.com
s.skimresources.com — Cisco Umbrella Rank: 2989
t.skimresources.com — Cisco Umbrella Rank: 3002
p.skimresources.com — Cisco Umbrella Rank: 4088
r.skimresources.com — Cisco Umbrella Rank: 2852
15 KB
6 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 497
119 KB
5 bouncex.net
events.bouncex.net — Cisco Umbrella Rank: 1982
dfp.bouncex.net — Cisco Umbrella Rank: 3779
665 B
5 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 482
www.linkedin.com — Cisco Umbrella Rank: 603
px4.ads.linkedin.com — Cisco Umbrella Rank: 4702
4 KB
5 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 137
ads.scorecardresearch.com — Cisco Umbrella Rank: 2310
2 KB
5 bounceexchange.com
tag.bounceexchange.com — Cisco Umbrella Rank: 2447
assets.bounceexchange.com — Cisco Umbrella Rank: 2197
api.bounceexchange.com — Cisco Umbrella Rank: 2458
259 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
imasdk.googleapis.com — Cisco Umbrella Rank: 417
364 KB
5 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 343
112 KB
5 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 723
19 KB
4 mfadsrvr.com
rtb.mfadsrvr.com — Cisco Umbrella Rank: 866
1 KB
4 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 593
3 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 383
dis.criteo.com — Cisco Umbrella Rank: 706
2 KB
4 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 371
1 KB
4 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 884
3 KB
4 exelator.com
loadm.exelator.com — Cisco Umbrella Rank: 1158
load77.exelator.com — Cisco Umbrella Rank: 3356
3 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
582 B
4 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 578
4 KB
4 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 1184
69 KB
4 turn.com
d.turn.com — Cisco Umbrella Rank: 814
ad.turn.com — Cisco Umbrella Rank: 769
1 KB
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 138
228 KB
3 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 662
1 KB
3 owneriq.net
px.owneriq.net — Cisco Umbrella Rank: 1082
2 KB
3 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 445
2 KB
3 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 262
261 KB
3 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 898
1 KB
3 smartadserver.com
ssbsync-us.smartadserver.com — Cisco Umbrella Rank: 7606
sync.smartadserver.com — Cisco Umbrella Rank: 1463
1 KB
3 adsymptotic.com
p.adsymptotic.com — Cisco Umbrella Rank: 555
561 B
3 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 524
789 B
3 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 621
script.hotjar.com — Cisco Umbrella Rank: 818
vars.hotjar.com — Cisco Umbrella Rank: 999
70 KB
3 associates-amazon.com
z-na.associates-amazon.com — Cisco Umbrella Rank: 5616
assoc-na.associates-amazon.com — Cisco Umbrella Rank: 3097
4 KB
3 cnevids.com
player.cnevids.com — Cisco Umbrella Rank: 17927
37 KB
3 apple.news
apple.news — Cisco Umbrella Rank: 183
17 KB
2 mookie1.com
ib.mookie1.com — Cisco Umbrella Rank: 2116
2 KB
2 ib-ibi.com
global.ib-ibi.com — Cisco Umbrella Rank: 1641
940 B
2 spotxchange.com
sync.search.spotxchange.com — Cisco Umbrella Rank: 531
1 KB
2 krxd.net
usermatch.krxd.net — Cisco Umbrella Rank: 1217
beacon.krxd.net — Cisco Umbrella Rank: 440
529 B
2 yieldoptimizer.com
tag.yieldoptimizer.com — Cisco Umbrella Rank: 4692
972 B
2 trx-hub.com
trx-hub.com — Cisco Umbrella Rank: 6852
891 B
2 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 503
1 KB
2 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 824
s.tribalfusion.com — Cisco Umbrella Rank: 2497
1 KB
2 adblade.com
dmp.adblade.com — Cisco Umbrella Rank: 6425
458 B
2 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 481
2 KB
2 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 718
1 KB
2 addthis.com
su.addthis.com — Cisco Umbrella Rank: 2502
x.dlx.addthis.com — Cisco Umbrella Rank: 1140
693 B
2 adgrx.com
cm.adgrx.com — Cisco Umbrella Rank: 1504
1 KB
2 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 602
1 KB
2 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 542
1 KB
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 400
736 B
2 memoinsights.com
elsa.memoinsights.com — Cisco Umbrella Rank: 28575
1 KB
2 sail-personalize.com
api.sail-personalize.com — Cisco Umbrella Rank: 2715
497 B
2 t.co
t.co — Cisco Umbrella Rank: 476
543 B
2 parsely.com
cdn.parsely.com — Cisco Umbrella Rank: 2749
p1.parsely.com — Cisco Umbrella Rank: 2214
21 KB
2 gstatic.com
fonts.gstatic.com
32 KB
2 pippio.com
pippio.com — Cisco Umbrella Rank: 732
849 B
2 trackonomics.net
cdn-magiclinks.trackonomics.net — Cisco Umbrella Rank: 6030
fr-actions.trackonomics.net — Cisco Umbrella Rank: 11420
28 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
210 KB
2 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 809
808 B
1 rkdms.com
id.sv.rkdms.com — Cisco Umbrella Rank: 4475
348 B
1 onaudience.com
pixel.onaudience.com — Cisco Umbrella Rank: 2962
248 B
1 fwmrm.net
dmp.v.fwmrm.net — Cisco Umbrella Rank: 12014
411 B
1 clickagy.com
aorta.clickagy.com — Cisco Umbrella Rank: 2202
664 B
1 mxptint.net
abp.mxptint.net — Cisco Umbrella Rank: 18720
675 B
1 pro-market.net
fei.pro-market.net — Cisco Umbrella Rank: 2745
320 B
1 media6degrees.com
idpix.media6degrees.com — Cisco Umbrella Rank: 2390
627 B
1 33across.com
dp2.33across.com — Cisco Umbrella Rank: 8763
496 B
1 brand-display.com
dmp.brand-display.com — Cisco Umbrella Rank: 2020
334 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 835
576 B
1 adroll.com
d.adroll.com — Cisco Umbrella Rank: 1594
112 B
1 adotmob.com
sync.adotmob.com — Cisco Umbrella Rank: 1441
706 B
1 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 431
631 B
1 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 868
777 B
1 getpublica.com
pbs.getpublica.com — Cisco Umbrella Rank: 8967
388 B
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1549
157 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 903
2 KB
1 linksynergy.com
tags.rd.linksynergy.com — Cisco Umbrella Rank: 4000
358 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 913
3 KB
1 sail-horizon.com
ak.sail-horizon.com — Cisco Umbrella Rank: 2830
43 KB
1 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1378
7 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 619
6 KB
1 memo.co
cdn.memo.co — Cisco Umbrella Rank: 35420
5 KB
1 condenast.io
api.condenast.io — Cisco Umbrella Rank: 21959
7 KB
1 vogue.com
www.vogue.com — Cisco Umbrella Rank: 28753
1 KB
1 vanityfair.com
www.vanityfair.com — Cisco Umbrella Rank: 26896
1 KB
1 them.us
www.them.us — Cisco Umbrella Rank: 37277
706 B
1 teenvogue.com
www.teenvogue.com — Cisco Umbrella Rank: 33783
1 KB
1 self.com
www.self.com — Cisco Umbrella Rank: 33141
1 KB
1 pitchfork.com
pitchfork.com — Cisco Umbrella Rank: 25296
1 KB
1 newyorker.com
www.newyorker.com — Cisco Umbrella Rank: 3935
1 KB
1 gq.com
www.gq.com — Cisco Umbrella Rank: 19772
1 KB
1 glamour.com
www.glamour.com — Cisco Umbrella Rank: 32301
1 KB
1 epicurious.com
www.epicurious.com — Cisco Umbrella Rank: 33056
1 KB
1 cntraveler.com
www.cntraveler.com — Cisco Umbrella Rank: 18464
1 KB
1 bonappetit.com
www.bonappetit.com — Cisco Umbrella Rank: 28678
1 KB
1 architecturaldigest.com
www.architecturaldigest.com — Cisco Umbrella Rank: 32275
1 KB
1 allure.com
www.allure.com — Cisco Umbrella Rank: 32632
1 KB
1 privacymanager.io
geo.privacymanager.io — Cisco Umbrella Rank: 1433
593 B
1 zqtk.net
segment-data.zqtk.net — Cisco Umbrella Rank: 9236
556 B
1 polyfill.io
polyfill.io — Cisco Umbrella Rank: 1381
397 B
547 125
Domain Requested by
31 capture.condenastdigital.com www.wired.com
25 securepubads.g.doubleclick.net www.wired.com
securepubads.g.doubleclick.net
apple.news
www.googletagservices.com
25 www.wired.com 1 redirects apple.news
www.wired.com
23 dpm.demdex.net 1 redirects apple.news
www.wired.com
18 contextual.media.net www.wired.com
contextual.media.net
18 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
www.wired.com
18 pagead2.googlesyndication.com srcdoc
ad.doubleclick.net
0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
www.wired.com
securepubads.g.doubleclick.net
15 us-u.openx.net 6 redirects u.openx.net
www.wired.com
us-u.openx.net
15 cm.g.doubleclick.net 10 redirects www.wired.com
u.openx.net
15 s.amazon-adsystem.com 2 redirects c.amazon-adsystem.com
s.amazon-adsystem.com
bh.contextweb.com
ssum-sec.casalemedia.com
u.openx.net
us-u.openx.net
www.wired.com
14 px.moatads.com www.wired.com
13 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
13 ib.adnxs.com 6 redirects www.wired.com
acdn.adnxs.com
12 tpc.googlesyndication.com www.wired.com
ad.doubleclick.net
0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
securepubads.g.doubleclick.net
11 sync-tm.everesttech.net 11 redirects
9 ids.ad.gt 1 redirects www.wired.com
9 match.adsrvr.org 8 redirects www.wired.com
9 pixel.tapad.com 5 redirects www.wired.com
us-u.openx.net
u.openx.net
8 pixel.quantserve.com 1 redirects www.wired.com
8 www.googletagservices.com securepubads.g.doubleclick.net
www.googletagservices.com
0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com
8 www.apple.com apple.news
www.apple.com
7 idsync.rlcdn.com 3 redirects www.wired.com
us-u.openx.net
u.openx.net
condenast.demdex.net
7 media.wired.com www.wired.com
securepubads.g.doubleclick.net
6 x.bidswitch.net 6 redirects
6 cs.media.net 2 redirects contextual.media.net
6 pr-bh.ybp.yahoo.com 2 redirects u.openx.net
ssum-sec.casalemedia.com
6 ups.analytics.yahoo.com 2 redirects us-u.openx.net
u.openx.net
contextual.media.net
6 cdn.cookielaw.org www.wired.com
cdn.cookielaw.org
5 token.rubiconproject.com 5 redirects
5 id.rlcdn.com 2 redirects contextual.media.net
www.wired.com
5 dp8hsntg6do36.cloudfront.net www.wired.com
d2c8v52ll5s99u.cloudfront.net
5 ssum-sec.casalemedia.com 1 redirects s.amazon-adsystem.com
ssum-sec.casalemedia.com
js-sec.indexww.com
5 www.google.com 1 redirects www.wired.com
tpc.googlesyndication.com
5 cdn.ampproject.org securepubads.g.doubleclick.net
5 js-sec.indexww.com www.wired.com
ssum-sec.casalemedia.com
5 c.amazon-adsystem.com www.wired.com
c.amazon-adsystem.com
4 pixel.rubiconproject.com 1 redirects www.wired.com
4 events.bouncex.net www.wired.com
4 rtb.mfadsrvr.com 4 redirects
4 b1sync.zemanta.com 4 redirects
4 medianet-match.dotomi.com 4 redirects
4 pixel.advertising.com 4 redirects
4 googleads4.g.doubleclick.net ad.doubleclick.net
googleads.g.doubleclick.net
4 pm.w55c.net 4 redirects
4 www.facebook.com www.wired.com
4 bh.contextweb.com s.amazon-adsystem.com
bh.contextweb.com
4 eus.rubiconproject.com s.amazon-adsystem.com
eus.rubiconproject.com
www.wired.com
4 d2c8v52ll5s99u.cloudfront.net player.cnevids.com
d2c8v52ll5s99u.cloudfront.net
4 sb.scorecardresearch.com 2 redirects www.wired.com
4 analytics.tiktok.com apple.news
analytics.tiktok.com
4 connect.facebook.net apple.news
connect.facebook.net
d2c8v52ll5s99u.cloudfront.net
4 c2shb.ssp.yahoo.com www.wired.com
4 fastlane.rubiconproject.com www.wired.com
4 adservice.google.com securepubads.g.doubleclick.net
imasdk.googleapis.com
4 z.moatads.com www.wired.com
securepubads.g.doubleclick.net
ad.doubleclick.net
d2c8v52ll5s99u.cloudfront.net
3 sync.crwdcntrl.net 2 redirects ssum-sec.casalemedia.com
3 px.owneriq.net 3 redirects
3 ad.turn.com 3 redirects
3 www.google.ca www.wired.com
3 sync.mathtag.com 3 redirects
3 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
3 loadm.exelator.com 3 redirects
3 dwgyu36up6iuz.cloudfront.net www.wired.com
d2c8v52ll5s99u.cloudfront.net
3 s0.2mdn.net imasdk.googleapis.com
www.wired.com
googleads.g.doubleclick.net
3 image2.pubmatic.com 2 redirects www.wired.com
3 secure.adnxs.com 3 redirects
3 p.adsymptotic.com 1 redirects www.wired.com
3 px.ads.linkedin.com 3 redirects
3 analytics.twitter.com static.ads-twitter.com
www.wired.com
3 imasdk.googleapis.com player.cnevids.com
imasdk.googleapis.com
3 googleads.g.doubleclick.net www.wired.com
0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com
apple.news
3 player.cnevids.com www.wired.com
player.cnevids.com
3 adservice.google.ca securepubads.g.doubleclick.net
3 apple.news apple.news
2 ib.mookie1.com 1 redirects
2 global.ib-ibi.com 2 redirects
2 sync.search.spotxchange.com 1 redirects www.wired.com
2 tag.yieldoptimizer.com 2 redirects
2 trx-hub.com www.wired.com
2 c21lg-d.media.net contextual.media.net
2 match.prod.bidr.io 2 redirects
2 dsum.casalemedia.com ssum-sec.casalemedia.com
2 dmp.adblade.com contextual.media.net
2 stags.bluekai.com 2 redirects
2 dis.criteo.com 2 redirects
2 p.rfihub.com 2 redirects
2 gum.criteo.com contextual.media.net
2 hbx.media.net contextual.media.net
2 api.bounceexchange.com assets.bounceexchange.com
2 acdn.adnxs.com www.wired.com
2 analytics.google.com www.googletagmanager.com
2 pubads.g.doubleclick.net d2c8v52ll5s99u.cloudfront.net
imasdk.googleapis.com
2 cm.adgrx.com 2 redirects
2 pixel-sync.sitescout.com 2 redirects
2 pulsepoint-match.dotomi.com 2 redirects
2 sync.1rx.io 2 redirects
2 sync.smartadserver.com 1 redirects www.wired.com
2 eb2.3lift.com 2 redirects
2 u.openx.net s.amazon-adsystem.com
www.wired.com
2 assoc-na.associates-amazon.com z-na.associates-amazon.com
2 elsa.memoinsights.com cdn.memo.co
2 api.sail-personalize.com ak.sail-horizon.com
2 p.skimresources.com www.wired.com
2 t.skimresources.com www.wired.com
s.skimresources.com
2 4d.condenastdigital.com pixel.condenastdigital.com
2 t.co www.wired.com
2 assets.bounceexchange.com tag.bounceexchange.com
assets.bounceexchange.com
2 condenast.demdex.net apple.news
2 fonts.gstatic.com fonts.googleapis.com
2 pippio.com 2 redirects
2 pixel.condenastdigital.com www.wired.com
2 fonts.googleapis.com securepubads.g.doubleclick.net
2 www.googletagmanager.com www.wired.com
www.googletagmanager.com
2 prebid.media.net www.wired.com
2 htlb.casalemedia.com www.wired.com
2 0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 mb.moatads.com z.moatads.com
2 geolocation.onetrust.com cdn.cookielaw.org
2 news.google.com www.wired.com
news.google.com
1 as-sec.casalemedia.com js-sec.indexww.com
1 id.sv.rkdms.com js-sec.indexww.com
1 pixel.onaudience.com 1 redirects
1 dmp.v.fwmrm.net www.wired.com
1 beacon.krxd.net www.wired.com
1 usermatch.krxd.net 1 redirects
1 aorta.clickagy.com 1 redirects
1 abp.mxptint.net 1 redirects
1 ads.scorecardresearch.com 1 redirects
1 fei.pro-market.net 1 redirects
1 fr-actions.trackonomics.net cdn-magiclinks.trackonomics.net
1 idpix.media6degrees.com 1 redirects
1 dfp.bouncex.net api.bounceexchange.com
1 dp2.33across.com 1 redirects
1 x.dlx.addthis.com 1 redirects
1 dmp.brand-display.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 s.tribalfusion.com 1 redirects
1 a.tribalfusion.com 1 redirects
1 ads.yahoo.com www.wired.com
1 aax-eu.amazon-adsystem.com www.wired.com
1 su.addthis.com 1 redirects
1 api.rlcdn.com www.wired.com
1 pixels.ad.gt p.ad.gt
1 load77.exelator.com www.wired.com
1 d.adroll.com 1 redirects
1 sync.adotmob.com 1 redirects
1 aa.agkn.com 1 redirects
1 check.analytics.rlcdn.com www.wired.com
1 ad.doubleclick.net www.googletagservices.com
1 sync.go.sonobi.com 1 redirects
1 p.ad.gt a.ad.gt
1 id.halo.ad.gt a.ad.gt
1 ssbsync-us.smartadserver.com 1 redirects
1 p1.parsely.com www.wired.com
1 ampcid.google.ca www.google-analytics.com
1 r.skimresources.com s.skimresources.com
1 vars.hotjar.com static.hotjar.com
1 px4.ads.linkedin.com 1 redirects
1 www.linkedin.com 1 redirects
1 pbs.getpublica.com player.cnevids.com
1 alb.reddit.com www.wired.com
1 script.hotjar.com static.hotjar.com
1 rules.quantcount.com secure.quantserve.com
1 ampcid.google.com www.google-analytics.com
1 cm.everesttech.net 1 redirects
1 cdn.parsely.com d1z2jf7jlzjs58.cloudfront.net
1 tags.rd.linksynergy.com 1 redirects
1 cdn-magiclinks.trackonomics.net apple.news
1 static.hotjar.com apple.news
1 s.skimresources.com apple.news
1 z-na.associates-amazon.com apple.news
1 a.ad.gt www.googletagmanager.com
1 snap.licdn.com apple.news
1 ak.sail-horizon.com www.googletagmanager.com
1 www.redditstatic.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 cdn.memo.co apple.news
1 d.turn.com apple.news
1 tag.bounceexchange.com apple.news
1 secure.quantserve.com www.googletagmanager.com
1 d1z2jf7jlzjs58.cloudfront.net www.wired.com
1 api.condenast.io www.wired.com
1 www.vogue.com www.wired.com
1 www.vanityfair.com www.wired.com
1 www.them.us www.wired.com
1 www.teenvogue.com www.wired.com
1 www.self.com www.wired.com
1 pitchfork.com www.wired.com
1 www.newyorker.com www.wired.com
1 www.gq.com www.wired.com
1 www.glamour.com www.wired.com
1 www.epicurious.com www.wired.com
1 www.cntraveler.com www.wired.com
1 www.bonappetit.com www.wired.com
1 www.architecturaldigest.com www.wired.com
1 www.allure.com www.wired.com
1 geo.privacymanager.io ats.rlcdn.com
1 condenastus-d.openx.net www.wired.com
1 infinityid.condenastdigital.com www.wired.com
1 ats.rlcdn.com apple.news
1 journey.wired.com www.wired.com
1 segment-data.zqtk.net www.wired.com
1 polyfill.io www.wired.com
1 apis.google.com www.wired.com
547 204
Subject Issuer Validity Valid
c.apple.news
Apple Public Server RSA CA 12 - G1		 2022-02-10 -
2023-03-12		 a year crt.sh
www.apple.com
Apple Public EV Server RSA CA 2 - G1		 2022-04-19 -
2023-05-19		 a year crt.sh
*.admagazine.fr
GlobalSign Atlas R3 DV TLS CA 2020		 2021-07-22 -
2022-08-23		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2021-06-01 -
2022-05-31		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2021-11-27 -
2022-11-29		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
*.apis.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
*.news.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
polyfill.io
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-03-08 -
2023-04-09		 a year crt.sh
*.zqtk.net
Amazon		 2021-08-17 -
2022-09-15		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2022-01-12 -
2023-01-12		 a year crt.sh
*.moatads.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-25 -
2022-06-25		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
conde.io
Amazon		 2021-06-30 -
2022-07-29		 a year crt.sh
*.google.ca
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-03-08 -
2022-08-31		 6 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.media.net
Sectigo RSA Domain Validation Secure Server CA		 2021-04-12 -
2022-05-05		 a year crt.sh
*.privacymanager.io
Amazon		 2021-09-25 -
2022-10-24		 a year crt.sh
*.cnevids.com
Amazon		 2021-09-18 -
2022-10-17		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
s.amazon-adsystem.com
Amazon		 2021-07-14 -
2022-06-27		 a year crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-01-27 -
2022-04-27		 3 months crt.sh
tag.bounceexchange.com
R3		 2022-03-23 -
2022-06-21		 3 months crt.sh
*.turn.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-02 -
2023-04-01		 a year crt.sh
memo.co
Amazon		 2021-05-27 -
2022-06-25		 a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-21 -
2022-07-26		 a year crt.sh
www.redditstatic.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2022-08-16		 6 months crt.sh
ak.sail-horizon.com
Amazon		 2022-01-06 -
2023-02-02		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2023-03-01		 a year crt.sh
*.ad.gt
Amazon		 2021-06-09 -
2022-07-08		 a year crt.sh
z-na.associates-amazon.com
Amazon		 2021-05-21 -
2022-06-19		 a year crt.sh
*.skimresources.com
DigiCert SHA2 Secure Server CA		 2021-09-27 -
2022-10-28		 a year crt.sh
*.hotjar.com
Amazon		 2021-11-25 -
2022-12-23		 a year crt.sh
*.tiktok.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2021-12-13 -
2023-01-13		 a year crt.sh
*.trackonomics.net
Go Daddy Secure Certificate Authority - G2		 2021-12-22 -
2023-01-23		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.parsely.com
Amazon		 2021-07-05 -
2022-08-03		 a year crt.sh
assets.bounceexchange.com
GTS CA 1D4		 2022-04-14 -
2022-07-13		 3 months crt.sh
*.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-22 -
2023-02-22		 a year crt.sh
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-22 -
2023-02-22		 a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2022-08-16		 6 months crt.sh
*.getpublica.com
Amazon		 2021-07-01 -
2022-07-30		 a year crt.sh
api.sail-personalize.com
Amazon		 2021-06-24 -
2022-07-23		 a year crt.sh
memoinsights.com
Amazon		 2021-05-27 -
2022-06-25		 a year crt.sh
assoc-na.associates-amazon.com
Amazon		 2021-10-25 -
2022-09-30		 a year crt.sh
*.contextweb.com
DigiCert SHA2 Secure Server CA		 2020-05-07 -
2022-05-12		 2 years crt.sh
halo.ad.gt
Amazon		 2022-04-04 -
2023-05-03		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
analytics.rlcdn.com
Amazon		 2021-08-26 -
2022-09-24		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-01-18 -
2022-07-13		 6 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1		 2022-03-11 -
2023-04-11		 a year crt.sh
*.tapad.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-13 -
2022-10-14		 a year crt.sh
*.wunderkind.co
R3		 2022-04-15 -
2022-07-14		 3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-11 -
2022-07-07		 3 months crt.sh
dmp.adblade.com
R3		 2022-03-06 -
2022-06-04		 3 months crt.sh
aax-eu.amazon-adsystem.com
Amazon		 2022-01-30 -
2022-12-31		 a year crt.sh
*.trx-hub.com
Amazon		 2022-02-20 -
2023-03-21		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-12 -
2022-07-11		 a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-29 -
2022-12-30		 a year crt.sh
securedvisit.com
Amazon		 2021-11-30 -
2022-12-27		 a year crt.sh

This page contains 45 frames:

Primary Page: https://www.wired.com/story/pipedream-ics-malware/
Frame ID: F8A7C2F70C9EE913627629447316A357
Requests: 279 HTTP requests in this frame

Frame: https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 36DE149991A2865E3177A2BBC8777D0A
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs
Frame ID: B97E33A414B8986007BB27E8C6C863D8
Requests: 16 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&dcc=t
Frame ID: AA36EAE1ECE53B2B43C96DE2AE993DE1
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: BFCE5560C6E6273681A22202C6F927C4
Requests: 26 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssg0qt_vqNM8gEpCGENDI6Re2AlqhE0g4EGQFgtTSzrwD6QwQ2KsQwH8_L9cuJfSAC8SwQFFp_wfxZvyTgV8uPabi_t9oUwRuIojYCZQQfF3xa5vYv0KV2D5DBGklasxm9y5WnzWc4LvIu_PGmRHRqaQMEJM0n1PjE1o0eR6mZFhjVgrs4H5lj2K40r9d9zn2AjXZ6byGWSYMF4Qa4GSWCpvI8XPLdHLIRTsthPhDHySISM2r0l3IRqI9JKng8KT3aYEkQVM34RjrjHFx-r_ODVt8fjg4QsGsGd94-aZV9_dNRFPrl7PwfouI1eIXdLQsPD7NSOSrPKILcBXQ&sai=AMfl-YRf2Y3-VsPAK1fHZ5yFLaxo5u1ZpM3A0IeHajAKLztRiSjEqNmfb9p5AL6zJwZPAN0E7yEU2fRfMansfUbtdJqxuzuE0rte6m_CDNf09wDLVrLY8Xp_JPrkQYJToI0bEA1G7qszrwADBg-yzo-g&sig=Cg0ArKJSzBeYsmLdwQ9aEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 3DF10EF55A4A5BC9CA13E24361520FCE
Requests: 16 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Frame ID: 4EF306FDD75F86F201A720B0868C9052
Requests: 1 HTTP requests in this frame

Frame: https://condenast.demdex.net/dest5.html?d_nsid=0
Frame ID: D96FF4D42D8FA2653223D490AA502F4A
Requests: 36 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.030162419296318577
Frame ID: 26BA60ABA23F0817D4003EBE2D244B47
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Frame ID: 8896A47C11B2080D006FF217A7832B32
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Frame ID: 25FFD2945A5A36954F544F445B8272C5
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Frame ID: 7CDC7704ACC375C207396E9A2B7C224E
Requests: 2 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint
Frame ID: 6FCD3A4FFB3D94667E371507FD09304D
Requests: 5 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS03QUdkLnBORTJ1SW1wNE15blgxWFZFRHVJOFVfSlJWbn5B
Frame ID: 93166A5F12156F9C82B0F182194F9485
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Frame ID: 78C70EDBE3E6301D71B4D396706A0243
Requests: 7 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=7635925066268763285&gdpr=0&gdpr_consent=
Frame ID: 2F8626791F50885771DADF5E055C5EB7
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?id=5068312605290501509&ex=appnexus.com
Frame ID: B68D8847CAA8B4EF9E24C53F7F08109E
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=279427031869946490122
Frame ID: 5ABF64908F84DA13441D5635D1CFE21E
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstkgWupKTXJWQGHXHNrdMOOKZDkbIeW4SWflP-5h0LwgWjLXZMBrQk1gW4WKnMkkhpoRMX7P_M2W4-H878_6hCpIyXEOszQggh1KcLwS-ypS58VDW-_tV8GGwblNlmkfiS6pfkNGg32GW20T34EtAvt0SWlbBqhy4qV4Tkh5LmFBOc6t3VKyQtHWNH9w6QMocfvrbA-l74i9oG-hZnPW9qxTQ6KlWLe5dwzqDjy5fFDN2Rpt-K41mf2dJUGR5uWe2qrTA_2BHNWdl919LT0GCFmj2MkOdYDy_Sxc_EstMf7udAHkXJg019Nd1WTk_DrFvg0prHFVD6hgZx7ZDiU1w&sai=AMfl-YQ4nmYzurS385OZ5lumPo4CMkY_EzGo7I7-WX5G9c3RsrD47Rll5FCpI-s2Kfi4EQjVeWTOSV2XYo_iXr4EQtxPD5v5VNovTKKECE84qgDrTdK2BxMECDgeV6ebM4Y4-cywiBgcv5jJ9Md_wR8-&sig=Cg0ArKJSzI-myX3dFhmwEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: E9EF203FA37798BA2035CA4C3821327A
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvY-7vNNU6JJDT2yGFdrtvOfePV7-U0x6IqTaGPD4XVEYvgpCoJRz7LfYFULONBCyutz87lDYuIw0BFzZnI-1abLcfZIwUW67Wm9-cCbzwSF7-yEXgSBBpr1tlnPjvRQR9nNdBpe5xSoUUZue8sOIWDToK2THPCPef3A6h86oRFBNgO9X2kFYdgM2NNvz1RwMMziQd5tlv1pmjI8lhb8JuY-ejQDgxGC7bbygQ7sGKEpSTLlL_K3nDbrOUrncIn9sHwAYc02IjIGu-ffCgIzW7NZvCCqao3cEW6yNiuoY843uy-6N48TeIMp4_cxYmcfKqnUHSGPat71g0LbxYiAXAi&sai=AMfl-YTqrgIAtyk2V-zcGAZs7N1j9EUHxnbyTI5H0zBfhmjWyoZ-cYKwWgTByy7dtZtEpTK-e-hcUkU8Wp5df7ot7TaM2_2Obk4gfzE-5_NIWYVvGlPeLz6FXbyaGVdodmKlUSqFwZ3iD9w0OFsLV46A&sig=Cg0ArKJSzJyFWiQai5d4EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 34197F89F558DA31BCFEC322FC181435
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuZ4fDctexw8FvTP6VaYiqV1UaOzpMBlcMx0DjszBX0WGwoI6eqycew2RyEMKjoB7PP0eI0WI2Z0cGfeF7ERu8KvDL_5dHLJo6klnjaxMTIcMLbXtWhP_7gQobvRLzv3NtrfNLc4ZpFHA1nlt-CfMUUMxzaRSmXCwXREiwXsjDWpdVowS8CBsBpqsG6oSmwkobJJB6nYIDZFva7QsauplvVd-v125Pt3RhV6crVt7qIOliIg1Im4nOSPKnVZIMJbDQj-gs7VkqMJvJiiXdvQPFkcTa7804brBhpjiKd3Ber7pOXL8vRrndnf_RqDucnrFqqVgVo-_ukaolRC6-OCihNmGPv&sai=AMfl-YTAeDYuLORErpXcrldCW3zy5oIqGKCLwMyy0sIzzIfaNhXgOl6pVY_72PvReEJzsjpIqpnlZh3CANRSRk-RlnJZzPJKDdH4SpML70QuDWEaRbASnmLzmhPmTYZRWFyJbAfKvTc9wy1LEZkXDy9L&sig=Cg0ArKJSzB16bkyPDVSUEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 89185897681AAB48CD59A72D6FB15373
Requests: 8 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html
Frame ID: FFC42FEAD1A9E59FE26D4E388A210698
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuHleYT6N6YeIDr1ykDDp2R2ypcoKfIrVOlEOeJJzXcLjdSiXBj9e3LDUnRattmj37EoR8TzVLrqz-qQA1xzdE5YtdI4bQtO6Wk3VKbNNcK2Mn368LageAAMIwx2VbkkjXhv2dTUTR1bvNeTkDXLsk0MbjeVIaNBB1WeeBBrih_CpNfhy-YHbsqHaymEzZr80Qc9Z4wS3_0mFAFwgftdkKn_y3QcodXgbWtRYGNAqeapF2paUB1Y9N44A9Zc69mX8veocrRc8TqBbUp6Bgv1QqV-p2EmnEN9EGoGOQUMLIzrOdIhif5rOyO9xb850S6_SBChZLPzQpa9OAtn1mWhzfR&sai=AMfl-YSoicwyoM6kFXjv3TMf6-RJedFWl-FabWc9ZPbAh3pHZamLY5TYy0RQD3L54USSOqAHGVsYc5JLQFAAoOY1eUspAx7Ouk1f33dwdJjoiGqfkKFtWFsGYsKHpfpSHTitLzy3BCXcwFHBzxdjSQJg&sig=Cg0ArKJSzA-axu7g_230EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: B77329A7533B89AB6760293412EDD63F
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 11E31B4C1913C90C83AE8ACC21FF1F6B
Requests: 1 HTTP requests in this frame

Frame: https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 96491475839E5CAECAA2760E883EF3C0
Requests: 13 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Frame ID: CC2368C8EC63C053AC5435842F265168
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNix6QEQmf2z2wIYqeTMxQEwAQ&v=APEucNW7yR6QRRRQqxz-zaUunCP7Ubr9DyX3l2NuEx0IS9e3yjBB6yAVd3Atvd1SSpkjGQuyjxnnBN4I8FtXxdOrIcRT04RabA
Frame ID: C454D0AF1E80B28AE75F6588852CDEEF
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 7963C8C8658293D0BD6DF56C5F8890AA
Requests: 1 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/pd?plm=6&ph=92a42b2b-081a-4be8-96bc-8a959e4a3060&gdpr=0&us_privacy=1---
Frame ID: F9D4BB1F6DD0813E7C57A673B5E818F6
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: FE3706838F86FBE7D11CE00293DB9F5B
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: C9B64BB793707A55499BB387B8411EDC
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?us_privacy=1---
Frame ID: F481DF476E4EAFE3656DAD86EEACE7A6
Requests: 10 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?us_privacy=1---
Frame ID: 1151A1A4670118B4C70074CC036F21E1
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: FBF673DE23A126F2B51F116CE13BFE6D
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 248CCD7EB9380CED1267180B5C8FA264
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Frame ID: A94A0CF43363D9898241D29B1839A442
Requests: 16 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Frame ID: 76F884D7D586349625ED2B2CB0AACB8D
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FC78ED5ED13ACC5E933553274FE45F26
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/cksync.html?cs=8&vsid=2933896971455429000V10&type=rkt&refUrl=&vid=03880980842933896971455429000V10&ovsid=2810316552999491622
Frame ID: AEB57BD9F6C9CAE48B4C44972B3A2BB2
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/cksync.html?cs=8&vsid=2933896971455429000V10&type=rkt&refUrl=&vid=03880981242933896971455429000V10&ovsid=1783777312386555910
Frame ID: B31527049B9038891A4854D84530D8CB
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: F831C8916BF42914D716EEA13DFFD374
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 2062A0FCF9DEE86E19CC67AFA7DEBDBB
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2123143708CF840773702A929FBCDA67
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 72C5A49A2DE439E96E7D2F4C89D0D028
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DBEBE4A2D840C6FD3AD3EABCA0169441
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIREDMenuStory SavedCloseStory SavedCloseSearchFacebookTwitterEmailSave StoryFacebookTwitterEmailSave StoryTwitterFacebookTwitterPinterestYouTubeInstagramTiktok

Page URL History Show full URLs

  1. https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ Page URL
  2. https://www.wired.com/story/pipedream-ics-malware HTTP 301
    https://www.wired.com/story/pipedream-ics-malware/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/platform\.js
Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • moatads\.com
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

547
Requests

78 %
HTTPS

28 %
IPv6

125
Domains

204
Subdomains

128
IPs

5
Countries

8288 kB
Transfer

21115 kB
Size

240
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ Page URL
  2. https://www.wired.com/story/pipedream-ics-malware HTTP 301
    https://www.wired.com/story/pipedream-ics-malware/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 114
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&dcc=t
Request Chain 136
  • https://idsync.rlcdn.com/709387.gif?partner_uid=c0aa10cc-32ef-4371-a838-e477580f9efd&gtmcb=1557741609 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CIumKxIwCiwIARCFvQkaJGMwYWExMGNjLTMyZWYtNDM3MS1hODM4LWU0Nzc1ODBmOWVmZBAAGg0I_9j7kgYSBQjoBxAAQgBKAA HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=dee4cec5695533a96e094997567f47770ff5dc7071da7822acd02a2242c4e8e1791426b5417dce21&_=2 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlBkZWU0Y2VjNTY5NTUzM2E5NmUwOTQ5OTc1NjdmNDc3NzBmZjVkYzcwNzFkYTc4MjJhY2QwMmEyMjQyYzRlOGUxNzkxNDI2YjU0MTdkY2UyMRAAGgwI_9j7kgYSBAgCEABCAEoA HTTP 302
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlBkZWU0Y2VjNTY5NTUzM2E5NmUwOTQ5OTc1NjdmNDc3NzBmZjVkYzcwNzFkYTc4MjJhY2QwMmEyMjQyYzRlOGUxNzkxNDI2YjU0MTdkY2UyMRAAGgwI_9j7kgYSBAgCEABCAEoA&google_gid=CAESEK8dCIZ_pB94J6I-vaYRQOA&google_cver=1 HTTP 307
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
  • https://idsync.rlcdn.com/458249.gif?partner_uid=bcd8c4b4-2bf0-4e12-8e50-b05d750e7085
Request Chain 137
  • https://sb.scorecardresearch.com/b?c1=2&c2=6035094&ns__t=1650388094826&ns_c=UTF-8&c8=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking%20%7C%20WIRED&c7=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&c9=https%3A%2F%2Fapple.news%2F HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=6035094&ns__t=1650388094826&ns_c=UTF-8&c8=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking%20%7C%20WIRED&c7=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&c9=https%3A%2F%2Fapple.news%2F
Request Chain 138
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_device_id=undefined HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=ADB&partner_device_id=undefined
Request Chain 139
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=648&partner_device_id=c0aa10cc-32ef-4371-a838-e477580f9efd HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=648&partner_device_id=c0aa10cc-32ef-4371-a838-e477580f9efd HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=2fd282df-41d0-44d6-9e93-1cf49faa06bc%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=2fd282df-41d0-44d6-9e93-1cf49faa06bc%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=5c721061-149d-4078-895c-afabf1a9fca0&ttd_puid=2fd282df-41d0-44d6-9e93-1cf49faa06bc%2C
Request Chain 143
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 162
  • https://cm.everesttech.net/cm/dd?d_uuid=51128452588216843153317871896908876551 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl7sfwAAAHRrhARA
Request Chain 192
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1650388095567&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1650388095567&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D434737%26time%3D1650388095567%26url%3Dhttps%253A%252F%252Fwww.wired.com%252Fstory%252Fpipedream-ics-malware%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1650388095567&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1650388095567&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&cookiesTest=true&liSync=true&e_ipv6=AQJWEvTiIkrcCwAAAYBCy9iDWrpjPsciZcsShatWPFm8o3qQlwq4fo8GEPgAoHwbaNEupcYGNA HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=0302ae64-220c-44e7-90c8-11aca3d9147c HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=0302ae64-220c-44e7-90c8-11aca3d9147c&_expected_cookie=edac0a428f128e924c46fa2f1448938d
Request Chain 213
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Request Chain 216
  • https://ups.analytics.yahoo.com/ups/58251/sync?redir=true HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS03QUdkLnBORTJ1SW1wNE15blgxWFZFRHVJOFVfSlJWbn5B
Request Chain 218
  • https://ssbsync-us.smartadserver.com/api/sync?callerId=2 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=7635925066268763285&gdpr=0&gdpr_consent=
Request Chain 219
  • https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=5068312605290501509&ex=appnexus.com
Request Chain 220
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=279427031869946490122
Request Chain 225
  • https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&adnxs_id=$UID HTTP 302
  • https://ids.ad.gt/api/v1/match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&adnxs_id=5068312605290501509
Request Chain 226
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=709de7b3-ad72-41b0-a5a3-bee226fa562e HTTP 302
  • https://ids.ad.gt/api/v1/t_match?tdid=5c721061-149d-4078-895c-afabf1a9fca0&id=709de7b3-ad72-41b0-a5a3-bee226fa562e
Request Chain 227
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D709de7b3-ad72-41b0-a5a3-bee226fa562e HTTP 302
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D709de7b3-ad72-41b0-a5a3-bee226fa562e HTTP 302
  • https://ids.ad.gt/api/v1/pbm_match?pbm=399F1BBB-5F36-413A-B5AF-6A196DD6CC89&id=709de7b3-ad72-41b0-a5a3-bee226fa562e
Request Chain 228
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=709de7b3-ad72-41b0-a5a3-bee226fa562e HTTP 302
  • https://ids.ad.gt/api/v1/g_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&google_gid=CAESEJ-eJlmWTcGWLt9oCtJ_p8k&google_cver=1&google_ula=450542624,0
Request Chain 229
  • https://ids.ad.gt/api/v1/g_hosted?id=709de7b3-ad72-41b0-a5a3-bee226fa562e HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=NzA5ZGU3YjMtYWQ3Mi00MWIwLWE1YTMtYmVlMjI2ZmE1NjJl
Request Chain 230
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fsmart_match%3Fid%3D709de7b3-ad72-41b0-a5a3-bee226fa562e%26sas_uid%3D%5bsas_uid%5d HTTP 302
  • https://sync.smartadserver.com/getuid?url=https://ids.ad.gt/api/v1/smart_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&sas_uid=[sas_uid]&cklb=1
Request Chain 231
  • https://sync.go.sonobi.com/us?https://ids.ad.gt/api/v1/son_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&uid=[UID] HTTP 302
  • https://ids.ad.gt/api/v1/son_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&uid=25def852-866c-4d5c-9ec5-2d11780385bc
Request Chain 232
  • https://sync.1rx.io/usersync/audigent/0?dspret=1&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Funruly%3Fid%3D709de7b3-ad72-41b0-a5a3-bee226fa562e%26unruly_id%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync/audigent/0?zcc=1&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Funruly%3Fid%3D709de7b3-ad72-41b0-a5a3-bee226fa562e%26unruly_id%3D%5BRX_UUID%5D&cb=1650388096468 HTTP 302
  • https://ids.ad.gt/api/v1/unruly?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&unruly_id=OPTOUT
Request Chain 288
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=Zk5mZ2p4VnlZeHhtaGRLUlVHUFJDUQ&gdpr=0&gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEH_Rtpn8G6A04fttShO-asU&google_cver=1
Request Chain 289
  • https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid= HTTP 302
  • https://pulsepoint-match.dotomi.com/match/bounce/current?DotomiTest=5d058224bd791235&is_secure=true&networkId=14200&version=1&nuid= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AAAGeExTYbUELQNScM2JAAAAAAA&expiration=1650474497&nuid=&is_secure=true
Request Chain 290
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=95&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=95&gdpr=0&gdpr_consent= HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=db199c4e-400a-4380-a79d-834916fac0f2-625eec81-4341&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Ddb199c4e-400a-4380-a79d-834916fac0f2-625eec81-4341%26partner_url%3Dhttps%253A%252F%252Fbh.contextweb.com%252Fbh%252Frtset%253Fdo%253Dadd%2526pid%253D543793%2526ev%253Ddb199c4e-400a-4380-a79d-834916fac0f2-625eec81-4341%2526gdpr_in_effect%253D%2526gdpr_consent%253D HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=db199c4e-400a-4380-a79d-834916fac0f2-625eec81-4341&partner_url=https%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D543793%26ev%3Ddb199c4e-400a-4380-a79d-834916fac0f2-625eec81-4341%26gdpr_in_effect%3D%26gdpr_consent%3D HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=543793&ev=db199c4e-400a-4380-a79d-834916fac0f2-625eec81-4341&gdpr_in_effect=&gdpr_consent=
Request Chain 292
  • https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=51128452588216843153317871896908876551 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=21&dpuuid=214130604126013088042
Request Chain 304
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEOhaeTL8HnuykEAoLS28FoI&google_cver=1
Request Chain 305
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yl7sgEQk4ZWFQV1vkhZJgwAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDA4BxdpldxAClHHFETnhn4&google_cver=1
Request Chain 307
  • https://match.adsrvr.org/track/cmf/casale HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=5c721061-149d-4078-895c-afabf1a9fca0&expiration=1652980097&gdpr=0&gdpr_consent=
Request Chain 308
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=078e2204070ab2f529ea18b1&expiration=[EXPIRATION]
Request Chain 309
  • https://d.adroll.com/cm/index/ssp HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
Request Chain 310
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=EJllit1C1NGRkR5
Request Chain 311
  • https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE HTTP 302
  • https://cm.adgrx.com/bridge.gif?AG_PID=casale HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=41&external_user_id=4e490e58-c003-11ec-a2c2-79feb162e037
Request Chain 314
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yl7sfwAAAHRrhARA
Request Chain 316
  • https://match.adsrvr.org/track/cmf/openx?oxid=b1944e73-ba3d-7d5c-cac5-76825ab21a83&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=5c721061-149d-4078-895c-afabf1a9fca0&ttd_puid=b1944e73-ba3d-7d5c-cac5-76825ab21a83&gdpr=0&gdpr_consent=
Request Chain 318
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGd3srMTzjcNvYTo5gTnRrg&google_cver=1
Request Chain 320
  • https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=51128452588216843153317871896908876551&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d51128452588216843153317871896908876551 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=269&dpuuid=a88a625e-ec82-4200-85f8-81b527965aae&ddsuuid=51128452588216843153317871896908876551
Request Chain 345
  • https://loadm.exelator.com/load/?p=204&g=091&j=0&bi=51128452588216843153317871896908876551 HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=091&j=0&bi=51128452588216843153317871896908876551&xl8blockcheck=1 HTTP 302
  • https://load77.exelator.com/pixel.gif
Request Chain 377
  • https://su.addthis.com/red/usync?pid=16&puid=51128452588216843153317871896908876551&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D420%26dpuuid%3D%7B%7Buid%7D%7D HTTP 302
  • https://dpm.demdex.net/ibs:dpid=420&dpuuid=625eec81fadc6195
Request Chain 388
  • https://us-u.openx.net/w/1.0/cm?id=9e0a35ea-c8e3-4b1b-9efa-4af6f54a373e&r=https://pixel.advertising.com/ups/58294/sync?_origin=1&uid={OPENX_ID} HTTP 302
  • https://pixel.advertising.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea HTTP 302
  • https://pixel.advertising.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea&apid=UP4ec5bf28-c003-11ec-87cc-0a0ae1b43cb9
Request Chain 389
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D HTTP 302
  • https://id.rlcdn.com/464246.gif?partner_uid=e4523115-777a-4b3c-95bc-f67163297b5b HTTP 307
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
  • https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e4523115-777a-4b3c-95bc-f67163297b5b
Request Chain 390
  • https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072399&val=5068312605290501509
Request Chain 392
  • https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=8304346631304572768&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 394
  • https://us-u.openx.net/w/1.0/cm?id=9e0a35ea-c8e3-4b1b-9efa-4af6f54a373e&r=https://pixel.advertising.com/ups/58294/sync?_origin=1&uid={OPENX_ID} HTTP 302
  • https://pixel.advertising.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea HTTP 302
  • https://pixel.advertising.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea&apid=UP4ec5bf28-c003-11ec-87cc-0a0ae1b43cb9
Request Chain 395
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D HTTP 302
  • https://id.rlcdn.com/464246.gif?partner_uid=e4523115-777a-4b3c-95bc-f67163297b5b HTTP 307
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
  • https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e4523115-777a-4b3c-95bc-f67163297b5b
Request Chain 396
  • https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072399&val=5068312605290501509
Request Chain 398
  • https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=8304346631304572768&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 400
  • https://idsync.rlcdn.com/365868.gif?partner_uid=51128452588216843153317871896908876551 HTTP 307
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=b580c7c021133a9aaa345bc07bf6c4540121ef7fb71b45a07532ec206137d066b0da87c991749652
Request Chain 410
  • https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Drkt%26refUrl%3D%26vid%3D03880980842933896971455429000V10%26ovsid%3D%7Buserid%7D HTTP 302
  • https://contextual.media.net/cksync.html?cs=8&vsid=2933896971455429000V10&type=rkt&refUrl=&vid=03880980842933896971455429000V10&ovsid=2810316552999491622
Request Chain 411
  • https://medianet-match.dotomi.com/match/bounce/current?version=1&networkId=57734&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dcon%26refUrl%3D%26vid%3D03880980842933896971455429000V10%26ovsid%3D%24UID HTTP 302
  • https://medianet-match.dotomi.com/match/bounce/current?DotomiTest=371e953be91e1237&is_secure=true&version=1&networkId=57734&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dcon%26refUrl%3D%26vid%3D03880980842933896971455429000V10%26ovsid%3D%24UID HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=con&refUrl=&vid=03880980842933896971455429000V10&ovsid=AAAGeExTYbUEWQNwZJXpAAAAAAA&expiration=1650474498&is_secure=true
Request Chain 412
  • https://sync.mathtag.com/sync/img?mt_exid=64&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dmma%26refUrl%3D%26vid%3D03880980842933896971455429000V10%26ovsid%3D%5BMM_UUID%5D HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=mma&refUrl=&vid=03880980842933896971455429000V10&ovsid=7638625e-ec82-4e00-a7ba-1a67b2d71719
Request Chain 413
  • https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=MjkzMzg5Njk3MTQ1NTQyOTAwMFYxMA%3D%3D&google_sc=1 HTTP 302
  • https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEFhUEUKrv4bWnjFoSXWNSmE&google_cver=1
Request Chain 414
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Ddxu%26refUrl%3D%26vid%3D03880980842933896971455429000V10%26ovsid%3D_wfivefivec_ HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=dxu&refUrl=&vid=03880980842933896971455429000V10&ovsid=EJllit1C1NGRkR5
Request Chain 415
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40 HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=8bf42e93-8fcc-4a52-8842-f54b6a4099bd
Request Chain 416
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=medianet&ssp_user_id=063a7caa-9fc5-4484-9d5d-a77bb0ad0283&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=74&&user_id=171119416&expires=5&ssp=medianet HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=063a7caa-9fc5-4484-9d5d-a77bb0ad0283&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 417
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dzem%26refUrl%3D%26vid%3D03880980842933896971455429000V10%26ovsid%3D__ZUID__ HTTP 302
  • https://stags.bluekai.com/site/23178?id=9IykJUvQmM6eWtT9fxrc&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPJZJF4WWSSVOZIW2TJWMVLXIVBZMZ4HEYZGOJSWMVLSNQ6SM5DZOBST26TFNUTHM2LEHUYDGOBYGA4TQMBYGQZDSMZTHA4TMOJXGE2DKNJUGI4TAMBQKYYTAJTWONUWIPJSHEZTGOBZGY4TOMJUGU2TIMRZGAYDAVRRGA HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPJZJF4WWSSVOZIW2TJWMVLXIVBZMZ4HEYZGOJSWMVLSNQ6SM5DZOBST26TFNUTHM2LEHUYDGOBYGA4TQMBYGQZDSMZTHA4TMOJXGE2DKNJUGI4TAMBQKYYTAJTWONUWIPJSHEZTGOBZGY4TOMJUGU2TIMRZGAYDAVRRGA HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&ovsid=9IykJUvQmM6eWtT9fxrc&refUrl=&type=zem&vid=03880980842933896971455429000V10&vsid=2933896971455429000V10
Request Chain 419
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=2933896971455429000V10 HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=2933896971455429000V10 HTTP 302
  • https://contextual.media.net/cksync.php?type=mf&ovsid=1ca2402a-447e-42f8-8192-efc498510f38&cs=1
Request Chain 421
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1 HTTP 302
  • https://cs.media.net/cksync?cs=1&type=ttd&ovsid=5c721061-149d-4078-895c-afabf1a9fca0
Request Chain 422
  • https://cs.media.net/scksync?cs=1&type=brx&ovsid=setstatuscode&redirect=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58222%2Fsync%3F_origin%3D1%26uid%3D%3CDSP_USER_ID%3E HTTP 302
  • https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2933896971455429000V10
Request Chain 423
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 302
  • https://dpm.demdex.net/ibs:dpid=358&dpuuid=5068312605290501509
Request Chain 426
  • https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=MjkzMzg5Njk3MTQ1NTQyOTAwMFYxMA%3D%3D&google_sc=1 HTTP 302
  • https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEFhUEUKrv4bWnjFoSXWNSmE&google_cver=1
Request Chain 427
  • https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Drkt%26refUrl%3D%26vid%3D03880981242933896971455429000V10%26ovsid%3D%7Buserid%7D HTTP 302
  • https://contextual.media.net/cksync.html?cs=8&vsid=2933896971455429000V10&type=rkt&refUrl=&vid=03880981242933896971455429000V10&ovsid=1783777312386555910
Request Chain 428
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40 HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=2c93b7ae-5cfe-4e6d-b3c8-e58bb2e82134
Request Chain 429
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=medianet&bsw_param=063a7caa-9fc5-4484-9d5d-a77bb0ad0283&google_hm=MDYzYTdjYWEtOWZjNS00NDg0LTlkNWQtYTc3YmIwYWQwMjgz HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEAET3AleqSZXRb97kjdUQ0k&google_cver=1&ssp=medianet&bsw_param=063a7caa-9fc5-4484-9d5d-a77bb0ad0283 HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=063a7caa-9fc5-4484-9d5d-a77bb0ad0283&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 431
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=2933896971455429000V10 HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=2933896971455429000V10 HTTP 302
  • https://contextual.media.net/cksync.php?type=mf&ovsid=1ca2402a-447e-42f8-8192-efc498510f38&cs=1
Request Chain 433
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1 HTTP 302
  • https://cs.media.net/cksync?cs=1&type=ttd&ovsid=5c721061-149d-4078-895c-afabf1a9fca0
Request Chain 434
  • https://cs.media.net/scksync?cs=1&type=brx&ovsid=setstatuscode&redirect=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58222%2Fsync%3F_origin%3D1%26uid%3D%3CDSP_USER_ID%3E HTTP 302
  • https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2933896971455429000V10
Request Chain 435
  • https://medianet-match.dotomi.com/match/bounce/current?version=1&networkId=57734&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dcon%26refUrl%3D%26vid%3D03880981242933896971455429000V10%26ovsid%3D%24UID HTTP 302
  • https://medianet-match.dotomi.com/match/bounce/current?DotomiTest=2c4cf754f1b11237&is_secure=true&version=1&networkId=57734&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dcon%26refUrl%3D%26vid%3D03880981242933896971455429000V10%26ovsid%3D%24UID HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=con&refUrl=&vid=03880981242933896971455429000V10&ovsid=AAAGd_FgUeIZiQMvtTsDAAAAAAA&expiration=1650474498&is_secure=true
Request Chain 436
  • https://sync.mathtag.com/sync/img?mt_exid=64&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dmma%26refUrl%3D%26vid%3D03880981242933896971455429000V10%26ovsid%3D%5BMM_UUID%5D HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=mma&refUrl=&vid=03880981242933896971455429000V10&ovsid=8328625e-ec82-4100-8d9d-2a3f9ab9d1e0
Request Chain 437
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Ddxu%26refUrl%3D%26vid%3D03880981242933896971455429000V10%26ovsid%3D_wfivefivec_ HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=dxu&refUrl=&vid=03880981242933896971455429000V10&ovsid=EJllit1C1NGRkR5
Request Chain 438
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dzem%26refUrl%3D%26vid%3D03880981242933896971455429000V10%26ovsid%3D__ZUID__ HTTP 302
  • https://stags.bluekai.com/site/23178?id=LSFN4nM5o-e6yiWDFWp8&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKMKNDE4NDOJU2W6LLFGZ4WSV2EIZLXAOBGOJSWMVLSNQ6SM5DZOBST26TFNUTHM2LEHUYDGOBYGA4TQMJSGQZDSMZTHA4TMOJXGE2DKNJUGI4TAMBQKYYTAJTWONUWIPJSHEZTGOBZGY4TOMJUGU2TIMRZGAYDAVRRGA HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKMKNDE4NDOJU2W6LLFGZ4WSV2EIZLXAOBGOJSWMVLSNQ6SM5DZOBST26TFNUTHM2LEHUYDGOBYGA4TQMJSGQZDSMZTHA4TMOJXGE2DKNJUGI4TAMBQKYYTAJTWONUWIPJSHEZTGOBZGY4TOMJUGU2TIMRZGAYDAVRRGA HTTP 302
  • https://contextual.media.net/cksync.php?cs=8&ovsid=LSFN4nM5o-e6yiWDFWp8&refUrl=&type=zem&vid=03880981242933896971455429000V10&vsid=2933896971455429000V10
Request Chain 451
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=erGdqNmFSXyrqyGa_wTDSg&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=erGdqNmFSXyrqyGa_wTDSg
Request Chain 452
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&us_privacy=1--- HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/0guA-N7ElaCAvcVse6GmAcn5EUdSAgOZEtemQ7w0kco?csrc=&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6647128864047092937
Request Chain 453
  • https://token.rubiconproject.com/token?pid=2249&pt=n&us_privacy=1--- HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Mjc4MWQyNjNmMzUzNTcwNTk0YTg0ZGE2ODVlNTY4Yjk5MTI2NDAyYw&us_privacy=1---
Request Chain 455
  • https://token.rubiconproject.com/token?pid=25470&us_privacy=1--- HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDI2RUdKREMtMUstOFRaSQ==&us_privacy=1---
Request Chain 457
  • https://token.rubiconproject.com/token?pid=26594&us_privacy=1--- HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L26EGJDC-1K-8TZI&sigv=1&esig=2~51fe7cad0952da05831a58ff45dc467c18ac36f1&us_privacy=1---
Request Chain 458
  • https://match.adsrvr.org/track/cmf/rubicon?us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=5c721061-149d-4078-895c-afabf1a9fca0&gdpr=0&gdpr_consent=&expires=30
Request Chain 459
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5068312605290501509
Request Chain 461
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/casale/Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB
Request Chain 462
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yl7sfwAAAHRrhARA
Request Chain 463
  • https://a.tribalfusion.com/i.match?p=b20&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=131&cm_user_id=Yl7sgEQk4ZWFQV1vkhZJgwAA HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b20&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=131&cm_user_id=Yl7sgEQk4ZWFQV1vkhZJgwAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=131&external_user_id=18072662286960592625
Request Chain 464
  • https://ad.turn.com/r/cs?pid=21 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8304346631304572768
Request Chain 465
  • https://sync.srv.stackadapt.com/sync?nid=68 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=5to5rgL6Q2h9Yby7FOQQFZU4mbo
Request Chain 466
  • https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID HTTP 302
  • https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=5068312605290501509
Request Chain 471
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5068312605290501509
Request Chain 472
  • https://match.prod.bidr.io/cookie-sync/ie HTTP 303
  • https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1 HTTP 303
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AADaN07EvdkAADk7cukj0Q&expiration=1651597698
Request Chain 473
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yl7sfwAAAHRrhARA
Request Chain 474
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=96de184a-9f77-a3df-5de641ec
Request Chain 475
  • https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID HTTP 302
  • https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=5068312605290501509
Request Chain 476
  • https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ7036744981805404043&uid=Q7036744981805404043&ref=%2Feucm%2Fp%2Fcc HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=31&external_user_id=Q7036744981805404043
Request Chain 477
  • https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=Yl7sgEQk4ZWFQV1vkhZJgwAA%26464&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=Yl7sgEQk4ZWFQV1vkhZJgwAA%26464&gdpr=&gdpr_consent=&us_privacy=&ct=y
Request Chain 484
  • https://token.rubiconproject.com/token?pid=6404&puid=51128452588216843153317871896908876551&gdpr=0&gdpr_consent= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=481&dpuuid=L26EGJDC-1K-8TZI?gdpr=0
Request Chain 486
  • https://x.dlx.addthis.com/e/demdex_sync?na_exid=51128452588216843153317871896908876551&ru=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%3Cna_id%3E%20 HTTP 301
  • https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022041917081800066670765697
Request Chain 490
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D540%26dpuuid%3D%24%7BTA_DEVICE_ID%7D&partner_device_id=51128452588216843153317871896908876551 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=540&dpuuid=2fd282df-41d0-44d6-9e93-1cf49faa06bc
Request Chain 495
  • https://dp2.33across.com/ps/?pid=897&random=1537207210 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=601&dpuuid=2039278594377&random=1650388099
Request Chain 498
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTExMjg0NTI1ODgyMTY4NDMxNTMzMTc4NzE4OTY5MDg4NzY1NTE= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESENQZNKxqoDmOjNd2884tZPg&google_cver=1?gdpr=0&gdpr_consent=
Request Chain 501
  • https://idpix.media6degrees.com/orbserv/hbpix?pixId=16873&pcv=70&ptid=66&tpuv=01&tpu=51128452588216843153317871896908876551 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=992&dpuuid=1qbe7ydb3bzlv
Request Chain 509
  • https://pixel.quantserve.com/pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=1175&gdpr=0&dpuuid=9qH2j6Xw9IztpvPc8qfu0_nw9dLt9aDaovW-YSzf
Request Chain 513
  • https://tag.yieldoptimizer.com/ps/ps?t=i&p=2233 HTTP 302
  • https://tag.yieldoptimizer.com/ps/ps?tc=855847203&t=i&p=2233 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=22069&dpuuid=2026962838431
Request Chain 514
  • https://fei.pro-market.net/engine?site=141472;size=1x1;mimetype=img;du=67;csync=51128452588216843153317871896908876551 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=575&dpuuid=-840862286238626073
Request Chain 515
  • https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID) HTTP 302
  • https://dpm.demdex.net/ibs:dpid=53196&dpuuid=Q7036744981805404043
Request Chain 516
  • https://ads.scorecardresearch.com/p?c1=9&c2=6034944&c3=2&cs_xi=51128452588216843153317871896908876551&rn=1650388095218&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D51128452588216843153317871896908876551 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=73426&dpuuid=51128452588216843153317871896908876551
Request Chain 517
  • https://abp.mxptint.net/sn.ashx HTTP 302
  • https://dpm.demdex.net/ibs:dpid=75557&dpuuid=R1B342_EE958283_44839BCA&redir=https://abp.mxptint.net/sn.ashx?ak=1
Request Chain 520
  • https://aorta.clickagy.com/pixel.gif?ch=124&cm=51128452588216843153317871896908876551&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D79908%26dpuuid%3D%7Bvisitor_id%7D HTTP 302
  • https://dpm.demdex.net/ibs:dpid=79908&dpuuid=c:40346a10a306d38de9ccdb1d292aef26
Request Chain 521
  • https://usermatch.krxd.net/um/v2?partner=adobe&id=51128452588216843153317871896908876551 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=51128452588216843153317871896908876551
Request Chain 522
  • https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=51128452588216843153317871896908876551?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
  • https://dpm.demdex.net/ibs:dpid=121998&dpuuid=47be9ae4901b809e83480da9e85b94fd
Request Chain 525
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWw3c2Z3QUFBSFJyaEFSQQ==
Request Chain 527
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yl7sfwAAAHRrhARA&expires=90
Request Chain 528
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yl7sfwAAAHRrhARA
Request Chain 529
  • https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://ib.adnxs.com/setuid?entity=158&code=Yl7sfwAAAHRrhARA
Request Chain 530
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yl7sfwAAAHRrhARA
Request Chain 531
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yl7sfwAAAHRrhARA
Request Chain 532
  • https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yl7sfwAAAHRrhARA&img=1 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yl7sfwAAAHRrhARA&img=1&__user_check__=1&sync_id=5089fcd8-c003-11ec-ae78-17ac3e130303
Request Chain 533
  • https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
  • https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yl7sfwAAAHRrhARA&t=2592000&o=0
Request Chain 534
  • https://pixel.onaudience.com/?partner=130&mapped=51128452588216843153317871896908876551&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D161033%26dpuuid%3D%25m HTTP 302
  • https://dpm.demdex.net/ibs:dpid=161033&dpuuid=
Request Chain 535
  • https://global.ib-ibi.com/image.sbix?go=244346&pid=268&xid=51128452588216843153317871896908876551 HTTP 302
  • https://ib.mookie1.com/image.sbix?go=244346&pid=268&xid=51128452588216843153317871896908876551 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=285689&dpuuid=51128452588216843153317871896908876551&redir=https%3A%2F%2Fglobal.ib-ibi.com%2Fimage.sbxx%3Fgo%3D244346%26pid%3D268%26xid%3D%24%7BDD_UUID%7D HTTP 302
  • https://global.ib-ibi.com/image.sbxx?go=244346&pid=268&xid=51128452588216843153317871896908876551 HTTP 302
  • https://ib.mookie1.com/image.sbxx?go=244346&pid=268&xid=51128452588216843153317871896908876551
Request Chain 541
  • https://sb.scorecardresearch.com/c2/6035094/cs.js HTTP 302
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js

547 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
AV7wePdNjTPeFy5q5BdpmIQ
apple.news/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2600:1400:b000:293::3277 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AppleHttpServer/4905dd6a74e86780bd2b9a5db14faea3299f58e4 /
Resource Hash
d2a43e0001de17a45576e28c0907b0e2fc768317bb0a0ec6354d3151e2a31150
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
public, no-transform, max-age=265
Connection
keep-alive
Content-Encoding
gzip
Content-Length
2391
Content-Type
text/html
Date
Tue, 19 Apr 2022 17:08:12 GMT
Server
AppleHttpServer/4905dd6a74e86780bd2b9a5db14faea3299f58e4
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000
Vary
Accept-Encoding
X-B3-TraceId
f1d000d8307fb47f
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block
fonts
www.apple.com/wss/ 		15 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:b000:49d::1aca New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apple /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://apple.news/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
content-encoding
gzip
x-content-type-options
nosniff
x-cache
TCP_MEM_HIT from a104-114-73-79.deploy.akamaitechnologies.com (AkamaiGHost/10.7.4-40388856) (-)
vary
Accept-Encoding
content-length
913
x-xss-protection
1; mode=block
cteonnt-length
15185
server
Apple
x-frame-options
SAMEORIGIN
date
Tue, 19 Apr 2022 17:08:12 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-type
text/css;charset=UTF-8
cache-control
max-age=2672
etag
433ba35f0585ad9b09e08d422a99881fd47f621650587251e7f59555131d5ef9
expires
Tue, 19 Apr 2022 17:52:44 GMT
index.css
apple.news/css/ 		7 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://apple.news/css/index.css
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2600:1400:b000:293::3277 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AppleHttpServer/21d85a9b022c382b518860f75a6adf819895c154 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 25 Feb 2022 17:20:40 GMT
Server
AppleHttpServer/21d85a9b022c382b518860f75a6adf819895c154
X-B3-TraceId
a0176abb9d8e9914
Date
Tue, 19 Apr 2022 17:08:12 GMT
X-Frame-Options
DENY
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
2100
X-XSS-Protection
1; mode=block
Expires
Tue, 19 Apr 2022 17:08:12 GMT
Appicon_v6.png
apple.news/images/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apple.news/images/Appicon_v6.png
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2600:1400:b000:293::3277 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AppleHttpServer/4905dd6a74e86780bd2b9a5db14faea3299f58e4 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Last-Modified
Fri, 25 Feb 2022 17:20:40 GMT
Server
AppleHttpServer/4905dd6a74e86780bd2b9a5db14faea3299f58e4
X-B3-TraceId
1290c4573349e5ac
Date
Tue, 19 Apr 2022 17:08:12 GMT
X-Frame-Options
DENY
Content-Type
image/png
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11329
X-XSS-Protection
1; mode=block
Expires
Tue, 19 Apr 2022 17:08:12 GMT
Primary Request /
www.wired.com/story/pipedream-ics-malware/
Redirect Chain
  • https://www.wired.com/story/pipedream-ics-malware
  • https://www.wired.com/story/pipedream-ics-malware/
611 KB
152 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/story/pipedream-ics-malware/
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c8d5eefc0046206f830c9a60661346aecd276b77f2a6a1849bd08c9fd4ab45d9
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
none
age
0
apple-news-services-handled
false
apple-news-services-host
www.wired.com
apple-news-services-parsed-url
/story/pipedream-ics-malware/
apple-news-services-request-url
/story/pipedream-ics-malware/
cache-control
no-cache
content-encoding
gzip
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Tue, 19 Apr 2022 17:08:13 GMT
payment
sample
strict-transport-security
max-age=31536000; preload
vary
accept-encoding, Accept-Encoding, X-UA-Device, Verso, bypass-verso-payment, accept-payment
verso
true
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-esi
on
x-served-by
cache-yul12829-YUL
x-timer
S1650388093.654030,VS0,VE435
x-ua-device
desktop

Redirect headers

accept-ranges
bytes
age
0
apple-news-services-handled
false
apple-news-services-host
www.wired.com
apple-news-services-parsed-url
/story/pipedream-ics-malware
apple-news-services-request-url
/story/pipedream-ics-malware
cache-control
no-cache
content-length
0
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Tue, 19 Apr 2022 17:08:12 GMT
location
https://www.wired.com/story/pipedream-ics-malware/
strict-transport-security
max-age=31536000; preload
vary
X-UA-Device, Verso, bypass-verso-payment, accept-payment
verso
true
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-esi
on
x-served-by
cache-yul12829-YUL
x-timer
S1650388093.593317,VS0,VE46
x-ua-device
desktop
sf-pro-display_heavy.woff2
www.apple.com/wss/fonts/SF-Pro-Display/v1/ 		159 KB
160 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.apple.com/wss/fonts/SF-Pro-Display/v1/sf-pro-display_heavy.woff2
Requested by
Host: www.apple.com
URL: https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:b000:49d::1aca New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apple /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Origin
https://apple.news
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
last-modified
Tue, 01 Feb 2022 17:48:31 GMT
server
Apple
date
Tue, 19 Apr 2022 17:08:12 GMT
x-frame-options
SAMEORIGIN
x-cache
TCP_HIT from a104-114-73-47.deploy.akamaitechnologies.com (AkamaiGHost/10.7.4-40388856) (-)
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=538
content-security-policy
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
content-length
162416
x-xss-protection
1; mode=block
expires
Tue, 19 Apr 2022 17:17:10 GMT
sf-pro-display_bold.woff2
www.apple.com/wss/fonts/SF-Pro-Display/v1/ 		150 KB
151 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.apple.com/wss/fonts/SF-Pro-Display/v1/sf-pro-display_bold.woff2
Requested by
Host: www.apple.com
URL: https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:b000:49d::1aca New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apple /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Origin
https://apple.news
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
last-modified
Tue, 01 Feb 2022 17:48:31 GMT
server
Apple
date
Tue, 19 Apr 2022 17:08:12 GMT
x-frame-options
SAMEORIGIN
x-cache
TCP_HIT from a104-114-73-47.deploy.akamaitechnologies.com (AkamaiGHost/10.7.4-40388856) (-)
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=1461
content-security-policy
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
content-length
153880
x-xss-protection
1; mode=block
expires
Tue, 19 Apr 2022 17:32:33 GMT
sf-pro-display_regular.woff2
www.apple.com/wss/fonts/SF-Pro-Display/v1/ 		138 KB
139 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.apple.com/wss/fonts/SF-Pro-Display/v1/sf-pro-display_regular.woff2
Requested by
Host: www.apple.com
URL: https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:b000:49d::1aca New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apple /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Origin
https://apple.news
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
last-modified
Tue, 01 Feb 2022 17:48:31 GMT
server
Apple
date
Tue, 19 Apr 2022 17:08:12 GMT
x-frame-options
SAMEORIGIN
x-cache
TCP_HIT from a104-114-73-47.deploy.akamaitechnologies.com (AkamaiGHost/10.7.4-40388856) (-)
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=911
content-security-policy
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
content-length
141324
x-xss-protection
1; mode=block
expires
Tue, 19 Apr 2022 17:23:23 GMT
SFProIcons_semibold.woff
www.apple.com/wss/fonts/SF-Pro-Icons/v1/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.apple.com/wss/fonts/SF-Pro-Icons/v1/SFProIcons_semibold.woff
Requested by
Host: www.apple.com
URL: https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:b000:49d::1aca New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apple /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Origin
https://apple.news
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
last-modified
Tue, 01 Feb 2022 17:48:37 GMT
server
Apple
date
Tue, 19 Apr 2022 17:08:12 GMT
x-frame-options
SAMEORIGIN
x-cache
TCP_MEM_HIT from a104-114-73-47.deploy.akamaitechnologies.com (AkamaiGHost/10.7.4-40388856) (-)
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=425
content-security-policy
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
content-length
8868
x-xss-protection
1; mode=block
expires
Tue, 19 Apr 2022 17:15:17 GMT
SFProIcons_regular.woff
www.apple.com/wss/fonts/SF-Pro-Icons/v1/ 		10 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.apple.com/wss/fonts/SF-Pro-Icons/v1/SFProIcons_regular.woff
Requested by
Host: www.apple.com
URL: https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:b000:49d::1aca New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apple /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Origin
https://apple.news
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
last-modified
Tue, 01 Feb 2022 17:48:37 GMT
server
Apple
date
Tue, 19 Apr 2022 17:08:12 GMT
x-frame-options
SAMEORIGIN
x-cache
TCP_MEM_HIT from a104-114-73-47.deploy.akamaitechnologies.com (AkamaiGHost/10.7.4-40388856) (-)
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=3151
content-security-policy
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
content-length
10380
x-xss-protection
1; mode=block
expires
Tue, 19 Apr 2022 18:00:43 GMT
sf-pro-text_semibold.woff2
www.apple.com/wss/fonts/SF-Pro-Text/v1/ 		166 KB
167 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.apple.com/wss/fonts/SF-Pro-Text/v1/sf-pro-text_semibold.woff2
Requested by
Host: www.apple.com
URL: https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:b000:49d::1aca New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apple /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Origin
https://apple.news
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
last-modified
Tue, 01 Feb 2022 17:48:50 GMT
server
Apple
date
Tue, 19 Apr 2022 17:08:12 GMT
x-frame-options
SAMEORIGIN
x-cache
TCP_HIT from a104-114-73-47.deploy.akamaitechnologies.com (AkamaiGHost/10.7.4-40388856) (-)
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=3362
content-security-policy
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
content-length
169880
x-xss-protection
1; mode=block
expires
Tue, 19 Apr 2022 18:04:14 GMT
sf-pro-text_regular.woff2
www.apple.com/wss/fonts/SF-Pro-Text/v1/ 		152 KB
153 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.apple.com/wss/fonts/SF-Pro-Text/v1/sf-pro-text_regular.woff2
Requested by
Host: www.apple.com
URL: https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:b000:49d::1aca New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apple /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.apple.com/wss/fonts?families=SF+Pro,v1|SF+Pro+Icons,v1
Origin
https://apple.news
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
last-modified
Tue, 01 Feb 2022 17:48:50 GMT
server
Apple
date
Tue, 19 Apr 2022 17:08:12 GMT
x-frame-options
SAMEORIGIN
x-cache
TCP_HIT from a104-114-73-47.deploy.akamaitechnologies.com (AkamaiGHost/10.7.4-40388856) (-)
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=1117
content-security-policy
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com
content-length
155504
x-xss-protection
1; mode=block
expires
Tue, 19 Apr 2022 17:26:49 GMT
SE_Sec_GettyImages-1233498272.jpg
media.wired.com/photos/62587794ad866a4c55b7922c/master/w_1600,c_limit/ 		184 KB
184 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.wired.com/photos/62587794ad866a4c55b7922c/master/w_1600,c_limit/SE_Sec_GettyImages-1233498272.jpg
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
97d681380d93583684454c61c0d461ce4e696abbafbba40a95ce51cf1f67bf12

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Connection
keep-alive
Age
423067
X-Cache
HIT, HIT
Fastly-Io-Info
ifsz=740701 idim=2400x1600 ifmt=jpeg ofsz=188200 odim=1600x1067 ofmt=webp
server-timing
geo;desc="continent=NA;country=CA;pop=YUL"
Fastly-Restarts
1
X-Served-By
cache-iad-kcgs7200117-IAD, cache-yul12828-YUL
experience
katra
Accept-Ranges
bytes
X-Timer
S1650388093.183948,VS0,VE2
Etag
"mJQtr1pqFIxF8u6NzcZZzoMiD8OqccCt+1YDQsA6uK0"
vary
accept
Content-Type
image/webp
Fastly-Stats
io=1
cache-control
max-age=31536, must-revalidate, public
Content-Length
188200
timing-allow-origin
*
X-Cache-Hits
1, 1
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03aa6fcac2902227e1b66a01b87824692f708bbf9bfe441784f8ed22d677f6de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
+q2Bd0SvXowDeesSOf+0yw==
age
14308
vary
Accept-Encoding
content-length
6782
x-ms-lease-status
unlocked
last-modified
Mon, 18 Apr 2022 19:19:42 GMT
server
cloudflare
etag
0x8DA21706401C273
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
e84be735-501e-00c6-6074-53a5da000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6fe73dae4d974bb8-YUL
otCCPAiab.js
cdn.cookielaw.org/opt-out/ 		22 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/opt-out/otCCPAiab.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7b7120dffd25546c93c1367b9c86a3dc87e71d2c89ebb39163a71eb3b659f01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ERttG9+iQk1LCPjR495NRw==
age
12035
vary
Accept-Encoding
x-ms-lease-status
unlocked
last-modified
Tue, 22 Feb 2022 22:01:18 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
fdfee482-401e-011a-4343-28b1dc000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
cf-ray
6fe73dae4d9a4bb8-YUL
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
sffe /
Resource Hash
b9961779d3dab159c8dc17c52e69ea11bcd1efacf76667207287b0fbcd7cb59a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28467
x-xss-protection
0
server
sffe
etag
"1190 / 599 of 1000 / last-modified: 1650366416"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 19 Apr 2022 17:08:13 GMT
moatheader.js
z.moatads.com/condenastprebidheader987326845656/ 		213 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/condenastprebidheader987326845656/moatheader.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
9a0d3a44b11206128856944a60b7a0440f2636422265173b9a99e4950577c301

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
last-modified
Tue, 19 Apr 2022 16:11:04 GMT
server
AmazonS3
x-amz-request-id
KHXYGFSRGBNG541Y
etag
"992defe29cd77ed1770bc9c022605fc7"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=64577
accept-ranges
bytes
content-length
75961
x-amz-id-2
7voes+Pne61xx8znTTvzdorlOYeupKgCAtTGvvwWmFjwiLifZX7au8e7xCKlbG0TLMXaKfcUjwc=
apstag.js
c.amazon-adsystem.com/aax2/ 		135 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.222.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-222-69.jfk51.r.cloudfront.net
Software
Server /
Resource Hash
06dac66f8ccb6659374711acb6acf073511421ff522d519cc1766746330679ad

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 20:21:46 GMT
content-encoding
gzip
age
74786
x-cache
Hit from cloudfront
timing-allow-origin
*
server
Server
x-amz-rid
181TS2MNTG8MR6ZH3EZN
etag
ae8d955adf98458335c127f4461070c2
vary
Accept-Encoding
x-amz-version-id
MlwU5qtOK_PY2ISK2FuGgRhrblC50DXG
via
1.1 74636a0d3b110dc164c7801b27cac3b2.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
JFK51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
z1O_mpeWUW3sN_XNHeqo5tPYJQAdrOdccw89NZqu600ajMUArp3Rzw==
prebid.min.js
www.wired.com/hotzones/esi/wired/ 		273 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/hotzones/esi/wired/prebid.min.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
befa0a7f28e5b50c7af0e063611c12a999d86005f5ab6501f6c623eba45cbac9
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
vary
accept-encoding, Verso, bypass-verso-payment, accept-payment
age
5244
x-cache
HIT
hz-zone
1
content-encoding
gzip
content-length
82568
x-served-by
cache-yul12829-YUL
strict-transport-security
max-age=31536000; preload
content-type
application/javascript; charset=utf-8
cache-control
no-cache
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
apple-news-services-host
www.wired.com
x-cache-hits
46
183973-93942139695505.js
js-sec.indexww.com/ht/p/ 		43 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/183973-93942139695505.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
88082e2436305c53b9849eab602898e4d5b728b68c2439cbfad581846fd32cdf

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Content-Encoding
gzip
Last-Modified
Tue, 19 Apr 2022 16:31:34 GMT
Server
Apache
ETag
"da2d5e-ada8-5dd0469000072"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=1463
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
14812
Expires
Tue, 19 Apr 2022 17:32:36 GMT
platform.js
apis.google.com/js/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/platform.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb05bc3976691db38d1c403ede59d1d2181fb64a6227b6ee1d849beba8f8c35d
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20362
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
date
Tue, 19 Apr 2022 17:08:13 GMT
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
etag
"9fd532fc5ee3ba82"
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 19 Apr 2022 17:08:13 GMT
swg.js
news.google.com/swg/js/v1/ 		145 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/js/v1/swg.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
420cf4b339a69a9a3ffafbebd48db71dcdaf2ce3f74cadc2351ebc899e9b5f46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 16:21:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2831
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45620
x-xss-protection
0
last-modified
Wed, 13 Apr 2022 19:24:28 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="news-frontend"
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
text/javascript
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Tue, 19 Apr 2022 17:11:02 GMT
logo-header.a7598835a549cb7d5ce024ef0710935927a034f9.svg
www.wired.com/verso/static/wired/assets/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.wired.com/verso/static/wired/assets/logo-header.a7598835a549cb7d5ce024ef0710935927a034f9.svg
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1d097e69ff47df9414a0ec07dfc70401084f4599617045a3a3edc7661ff76f3f
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
age
1246279
via
1.1 varnish
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/wired/assets/logo-header.a7598835a549cb7d5ce024ef0710935927a034f9.svg
last-modified
Tue, 05 Apr 2022 06:53:23 GMT
verso
true
content-length
600
x-amz-id-2
fJQn+7mrK6KoXMIDoF7n74IrlnM36S5QWs3+6IIF8DOhWbeHO52FQ/GKSwGnqmbX5O/g8P3FwD0=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.141674,VS0,VE1
apple-news-services-request-url
/verso/static/wired/assets/logo-header.a7598835a549cb7d5ce024ef0710935927a034f9.svg
etag
W/"ce65105f89c50c0f92e35be389684c24"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
CJKS3SZQYXYV6WTM
access-control-allow-origin
*
expires
Wed, 05 Apr 2023 06:56:54 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
image/svg+xml
apple-news-services-host
www.wired.com
x-cache-hits
243
andy_greenberg.jpg
media.wired.com/photos/590a54de9f8d2e342d8e7760/1:1/w_240,c_limit/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.wired.com/photos/590a54de9f8d2e342d8e7760/1:1/w_240,c_limit/andy_greenberg.jpg
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9cd1665949a38300762ed6f4358cd5e621ef5b86a928cb193745576694ea2913

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Connection
keep-alive
Age
550221
X-Cache
HIT, HIT
Fastly-Io-Info
ifsz=170970 idim=468x468 ifmt=jpeg ofsz=5084 odim=240x240 ofmt=webp
server-timing
geo;desc="continent=NA;country=CA;pop=YUL"
Fastly-Restarts
1
X-Served-By
cache-iad-kjyo7100101-IAD, cache-yul12821-YUL
experience
katra
Accept-Ranges
bytes
X-Timer
S1650388093.182826,VS0,VE1
Etag
"4Ti3qaDfURpZd/9yUPcroH28nuws4rP/z6SqxAO5ckE"
vary
accept
Content-Type
image/webp
Fastly-Stats
io=1
cache-control
max-age=31536, must-revalidate, public
Content-Length
5084
timing-allow-origin
*
X-Cache-Hits
1, 2
logo-reverse.548f3a7478ee71f618044082aa222dd05f31249c.svg
www.wired.com/verso/static/wired/assets/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.wired.com/verso/static/wired/assets/logo-reverse.548f3a7478ee71f618044082aa222dd05f31249c.svg
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
af29cacfb5125f85da0f1557bb56456abcc1556dbd3094bb56e569890348c984
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
age
2973068
via
1.1 varnish
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/wired/assets/logo-reverse.548f3a7478ee71f618044082aa222dd05f31249c.svg
last-modified
Wed, 16 Mar 2022 07:16:42 GMT
verso
true
content-length
610
x-amz-id-2
nQwJA6gtLrck9oeCrePY8puihdEUInHGZYzp9JoMatVbM+cy1o6g2hUJDznYbNn+f7iNs9UzGAU=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.141671,VS0,VE1
apple-news-services-request-url
/verso/static/wired/assets/logo-reverse.548f3a7478ee71f618044082aa222dd05f31249c.svg
etag
W/"2cba2fa9380ed2b50927ed9d520aaa3c"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
CNYDFDJ3NMJ1PQ4T
access-control-allow-origin
*
expires
Thu, 16 Mar 2023 07:17:05 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
image/svg+xml
apple-news-services-host
www.wired.com
x-cache-hits
246
BreveText-Book.woff
www.wired.com/verso/static/assets/fonts/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/assets/fonts/BreveText-Book.woff
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b9daef61d4b711f1d28c3eef6bd8d522b8df518e833767512ad79502cc605dbd
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
age
2970739
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/assets/fonts/BreveText-Book.woff
last-modified
Wed, 16 Mar 2022 07:54:34 GMT
verso
true
content-length
35492
x-amz-id-2
av6pFKv/JXpWY+LjeHzKc7euUXn6B0rCDSBFYJCk6YPTaZ+LTCbPA5NDIVqW2RctUY+N2q17GiM=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.143393,VS0,VE0
apple-news-services-request-url
/verso/static/assets/fonts/BreveText-Book.woff
etag
"97629378bc029d817ccbb382c7245bd6"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
4QZ2ZSPTATPYPRW9
access-control-allow-origin
*
expires
Thu, 16 Mar 2023 07:55:54 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff
apple-news-services-host
www.wired.com
x-cache-hits
234
WiredMono-Bold.woff
www.wired.com/verso/static/assets/fonts/ 		21 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/assets/fonts/WiredMono-Bold.woff
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
26ed5f6aa822d65b6ea7df8d13f1a217d7a933376a824b7ef52af0e6f64f1a44
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
age
5844660
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/assets/fonts/WiredMono-Bold.woff
last-modified
Fri, 11 Feb 2022 01:26:57 GMT
verso
true
content-length
21196
x-amz-id-2
OlUxvl6aDNmo3dNEFszsWSxnLroq4uNWVUPM/e3dfyQzOHO63jPDT7hSkPuDRAYvONCicy1r+VQ=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.143497,VS0,VE0
apple-news-services-request-url
/verso/static/assets/fonts/WiredMono-Bold.woff
etag
"9bae9bc16cf9e407e25b7c9c4ae30e1f"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
HMBE66YAVQTVZ9NS
access-control-allow-origin
*
expires
Sat, 11 Feb 2023 01:37:12 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff
apple-news-services-host
www.wired.com
x-cache-hits
226
LabGrotesque-Black.woff2
www.wired.com/verso/static/assets/fonts/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/assets/fonts/LabGrotesque-Black.woff2
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c41dc37fea212372d1f53109304ebae695e644f9ce083dcab08d5978c8c3020f
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
age
2970220
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/assets/fonts/LabGrotesque-Black.woff2
last-modified
Wed, 16 Mar 2022 08:04:25 GMT
verso
true
content-length
47924
x-amz-id-2
CMlS30Bjo0NaFLEyXLhnIMEZiLtvov4B3n0DqA/6nxOy/BpZaimsbPzTtJpciyj6F8WhpSIu3Go=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.143867,VS0,VE1
apple-news-services-request-url
/verso/static/assets/fonts/LabGrotesque-Black.woff2
etag
"44b6bf0cd9f1d027a6ca723b2024925c"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
0CP5B44HT0W84WCR
access-control-allow-origin
*
expires
Thu, 16 Mar 2023 08:04:33 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff2
apple-news-services-host
www.wired.com
x-cache-hits
231
WiredMono-Regular.woff2
www.wired.com/verso/static/assets/fonts/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/assets/fonts/WiredMono-Regular.woff2
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c8c9128b649afff93f89f77eb2aa5a4bbbb1443bebc5156d0f697780c8beaa26
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
age
4267965
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/assets/fonts/WiredMono-Regular.woff2
last-modified
Tue, 01 Mar 2022 07:30:48 GMT
verso
true
content-length
18912
x-amz-id-2
SRUi+0gGbwyoIcKyyOFL6rZcQjMWtTAqgqJGkp5Zby5UR4KhC24mkJIO2HPEaidqvmtVG+mTM7A=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.143987,VS0,VE0
apple-news-services-request-url
/verso/static/assets/fonts/WiredMono-Regular.woff2
etag
"e755d282ae1120887b3b1d207bb930ce"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
40M656QTDTVPEPYZ
access-control-allow-origin
*
expires
Wed, 01 Mar 2023 07:35:28 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff2
apple-news-services-host
www.wired.com
x-cache-hits
227
LabGrotesque-Bold.woff2
www.wired.com/verso/static/assets/fonts/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/assets/fonts/LabGrotesque-Bold.woff2
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2c667cdbe90922576bac69bbd0fa8f61d0c410748bf29b5bccea09b21123f1a0
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
age
468239
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/assets/fonts/LabGrotesque-Bold.woff2
last-modified
Thu, 14 Apr 2022 06:57:52 GMT
verso
true
content-length
47856
x-amz-id-2
69cQ/txH1KDLwWg8aqt8A0IH0A677G897asihX8FFsL84Cv6ouCyHrb3ljOR3BTjYM92TstATG4=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.199607,VS0,VE0
apple-news-services-request-url
/verso/static/assets/fonts/LabGrotesque-Bold.woff2
etag
"181b7a06e7a0586c230d9b6282d73532"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
BTSG3Y2K16VH90XT
access-control-allow-origin
*
expires
Fri, 14 Apr 2023 07:04:13 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff2
apple-news-services-host
www.wired.com
x-cache-hits
148
ProximaNova-Regular.woff
www.wired.com/verso/static/assets/fonts/ 		27 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/assets/fonts/ProximaNova-Regular.woff
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9e0843dbf1dc0d65a75182a82b945a9373557932e61934c27679c357f20c33a9
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
age
1850740
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/assets/fonts/ProximaNova-Regular.woff
last-modified
Tue, 29 Mar 2022 07:00:29 GMT
verso
true
content-length
27408
x-amz-id-2
f2CaJsR0tD6R1Mu3owsLb0owrSItXpRdLrLdMGAXvg91eKv//oe7n0OVAfj8SHwyS9VlOXtl8MU=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.199893,VS0,VE0
apple-news-services-request-url
/verso/static/assets/fonts/ProximaNova-Regular.woff
etag
"57acd3677d276ad405bb6838d2b120d5"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
442BZBHARKQ3DW0T
access-control-allow-origin
*
expires
Wed, 29 Mar 2023 07:02:33 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff
apple-news-services-host
www.wired.com
x-cache-hits
231
ProximaNova-Bold.woff2
www.wired.com/verso/static/assets/fonts/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/assets/fonts/ProximaNova-Bold.woff2
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6a4dac260dffc284594d633859fb508b2fcfade38b61c8af9cd55eb23adf9e89
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
age
2970738
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/assets/fonts/ProximaNova-Bold.woff2
last-modified
Wed, 16 Mar 2022 07:54:41 GMT
verso
true
content-length
22500
x-amz-id-2
rzV3GG9mysJl5YNzhv+MCYwDDZUtOrY+bJmW5sVBXSxPJyLMh+aGxSYHkqrRYrftWV9Y2OIY8J8=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.199988,VS0,VE1
apple-news-services-request-url
/verso/static/assets/fonts/ProximaNova-Bold.woff2
etag
"2ee806e52a1e28138bd67a5113c99949"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
4QZDQJ333YBW0Z00
access-control-allow-origin
*
expires
Thu, 16 Mar 2023 07:55:54 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff2
apple-news-services-host
www.wired.com
x-cache-hits
223
polyfill.min.js
polyfill.io/v3/ 		72 B
397 B 		Script
General
Check archive.org
Download Go to
Full URL
https://polyfill.io/v3/polyfill.min.js?version=3.103.0&features=Object.assign%2CIntersectionObserver%2CPromise%2Cfetch%2CIntl.Locale%2CIntl.getCanonicalLocales%2CIntl.ListFormat%2CIntl.ListFormat.%7Elocale.en-GB%2CIntl.ListFormat.%7Elocale.en-US%2CIntl.ListFormat.%7Elocale.en-IN%2CIntl.ListFormat.%7Elocale.fr%2CIntl.ListFormat.%7Elocale.es
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:c00::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
br
last-modified
Mon, 04 Apr 2022 12:06:09 GMT
age
0
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
useragent_normaliser
chrome/100.0.0
server-timing
cache-akl10328, PASS, fastly;desc="Edge time";dur=11
accept-ranges
bytes
content-length
74
chunk.vendors~presenter-account-bookmarks~presenter-account-linking~presenter-account-sign-in-help~present~4127f67a.88fcf9b39b2f14986840.js
www.wired.com/verso/static/ 		977 KB
331 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/chunk.vendors~presenter-account-bookmarks~presenter-account-linking~presenter-account-sign-in-help~present~4127f67a.88fcf9b39b2f14986840.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1ab780a5a7a67934d276c54a74e0b47eae635eeb99a027366fb470fcb97dd5d2
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
age
29494
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/chunk.vendors~presenter-account-bookmarks~presenter-account-linking~presenter-account-sign-in-help~present~4127f67a.88fcf9b39b2f14986840.js
last-modified
Tue, 19 Apr 2022 08:29:31 GMT
verso
true
content-length
337856
x-amz-id-2
T5+sYvRjeZSZ+5Ymgq2kvQy9qn+Uj/kqsWPcqhKuKnGd0XfpPRPYqDmvzSW2fCJ0aS2C//gdVYU=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.236513,VS0,VE1
apple-news-services-request-url
/verso/static/chunk.vendors~presenter-account-bookmarks~presenter-account-linking~presenter-account-sign-in-help~present~4127f67a.88fcf9b39b2f14986840.js
etag
W/"bafee370848f09a805fc809760b0607a"
vary
Verso, bypass-verso-payment
strict-transport-security
max-age=31536000; preload
x-amz-request-id
HSVB7QEX7Y6YZZP2
via
1.1 varnish
expires
Wed, 19 Apr 2023 08:56:38 GMT
cache-control
max-age=86400
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/javascript
apple-news-services-host
www.wired.com
x-cache-hits
3
chunk.vendors~presenter-account-bookmarks~presenter-account-linking~presenter-account-sign-in-help~present~c3d18dd1.93bd6efd616cc67231c7.js
www.wired.com/verso/static/ 		679 KB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/chunk.vendors~presenter-account-bookmarks~presenter-account-linking~presenter-account-sign-in-help~present~c3d18dd1.93bd6efd616cc67231c7.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f29eae053454c02f54144ad545af767e34bfc334b3ad5a6c73655e479dec3fc2
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
age
29494
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/chunk.vendors~presenter-account-bookmarks~presenter-account-linking~presenter-account-sign-in-help~present~c3d18dd1.93bd6efd616cc67231c7.js
last-modified
Tue, 19 Apr 2022 08:52:53 GMT
verso
true
content-length
154247
x-amz-id-2
O1ot3q1OZT5VehoxPUwqtobugmFx3lx37imZzGrC4Ov7PR/nEF83WaZSN/DOw+s6pm4NCZmqRPA=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.237493,VS0,VE0
apple-news-services-request-url
/verso/static/chunk.vendors~presenter-account-bookmarks~presenter-account-linking~presenter-account-sign-in-help~present~c3d18dd1.93bd6efd616cc67231c7.js
etag
W/"f1c806a50f365b0b317aec22e4a78555"
vary
Verso, bypass-verso-payment
strict-transport-security
max-age=31536000; preload
x-amz-request-id
HSV1D9YK7YNEG6EG
via
1.1 varnish
expires
Wed, 19 Apr 2023 08:56:38 GMT
cache-control
max-age=86400
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/javascript
apple-news-services-host
www.wired.com
x-cache-hits
3
presenter-articles.22d7ad7d77a06f3f1bda.js
www.wired.com/verso/static/ 		2 MB
469 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/presenter-articles.22d7ad7d77a06f3f1bda.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b83917e36f5cebeb0612685abf1cd54f9c3a579dd20c4222c64a1dc8de9aef6d
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
age
26519
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/presenter-articles.22d7ad7d77a06f3f1bda.js
last-modified
Tue, 19 Apr 2022 09:46:10 GMT
verso
true
content-length
479650
x-amz-id-2
OXbzlpBopxpihOGL0bjmWpTHVhzjimCBZMi37XO86TKsDHfQFjVi6dIzv1KW+4zvkdkv7OguKZ8=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.236740,VS0,VE0
apple-news-services-request-url
/verso/static/presenter-articles.22d7ad7d77a06f3f1bda.js
etag
W/"9e84a3b26b611a5491a5441e184aab30"
vary
Verso, bypass-verso-payment
strict-transport-security
max-age=31536000; preload
x-amz-request-id
FV7J30PDGRJQZ55A
via
1.1 varnish
expires
Wed, 19 Apr 2023 09:46:14 GMT
cache-control
max-age=86400
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/javascript
apple-news-services-host
www.wired.com
x-cache-hits
3
condenast-amp
segment-data.zqtk.net/ 		312 B
556 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://segment-data.zqtk.net/condenast-amp?url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.17.212.240 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-17-212-240.compute-1.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
5ad328c8095ecf1a9f317fa9731ff3c01f5649323bba95a638c87e10442b3583

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Content-Encoding
gzip
Server
nginx/1.14.0 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
https://www.wired.com
Cache-Control
max-age=80583
Access-Control-Allow-Credentials
true
Connection
keep-alive
Expires
Wed, 20 Apr 2022 15:31:17 GMT
ads.js
www.wired.com/hotzones/src/ 		0
122 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/hotzones/src/ads.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
age
35037
x-served-by
cache-yul12829-YUL
vary
Verso, bypass-verso-payment, accept-payment
x-cache
HIT
content-type
application/javascript; charset=utf-8
cache-control
no-cache
hz-zone
1
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
strict-transport-security
max-age=31536000; preload
accept-ranges
bytes
apple-news-services-host
www.wired.com
content-length
0
x-cache-hits
277
pixelpropagate.js
www.wired.com/hotzones/src/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/hotzones/src/pixelpropagate.js?cb=10222
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4de3f44f9af02f0a9ac1366998ed8d04b85caee3bccd4552c04edd8dcd926bee
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
vary
accept-encoding, Verso, bypass-verso-payment, accept-payment
age
12837
x-cache
HIT
hz-zone
1
content-encoding
gzip
content-length
1188
x-served-by
cache-yul12829-YUL
strict-transport-security
max-age=31536000; preload
content-type
application/javascript; charset=utf-8
cache-control
no-cache
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
apple-news-services-host
www.wired.com
x-cache-hits
135
user-context
www.wired.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/user-context?referrer=https%3A%2F%2Fapple.news%2F&verso=true&paymentForm=sample&location=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
4ae1793ca2be4f0b6de4c87fdf95743fd05ee5bf2be62c4577dd7a31e86dbcf0
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
x-content-type-options
nosniff
x-cache
MISS
server-timing
geo;desc="continent=NA;country=CA;pop=YUL"
content-encoding
gzip
vary
origin,accept-encoding, Accept-Encoding
x-xss-protection
1; mode=block
x-served-by
cache-yul12829-YUL
expires
0
server
nginx/1.15.8
x-frame-options
DENY
x-download-options
noopen
strict-transport-security
max-age=31536000; preload
content-type
application/javascript; charset=utf-8
access-control-expose-headers
WWW-Authenticate,Server-Authorization
cache-control
no-cache
access-control-allow-credentials
true
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
none
timing-allow-origin
*
apple-news-services-host
user-context.condenastdigital.com
x-cache-hits
0
build-d9a4072056a58a80fbcef9b6d7345750.js
journey.wired.com/ 		218 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://journey.wired.com/build-d9a4072056a58a80fbcef9b6d7345750.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bd34e0bcc48f50d63262a141a3eb7a584336aa8cc1959d7331c1bf002fc18a89

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Content-Encoding
gzip
Age
72060
X-Cache
HIT
server-timing
geo;desc="continent=NA;country=CA;pop=YUL"
Content-Length
41584
x-amz-id-2
bE888pEHukMMGskmAUb5FXvvaiskHky++/b+dVWtmdXdB2F5pT85958n3QeH6w2cBE9AZrxYXtk=
X-Served-By
cache-yul12833-YUL
timing-allow-origin
*
Last-Modified
Mon, 18 Apr 2022 21:05:59 GMT
Server
AmazonS3
Cache-Control
public, max-age=31536000
X-Timer
S1650388093.328612,VS0,VE0
ETag
"d9a4072056a58a80fbcef9b6d7345750"
Vary
Accept-Encoding
x-amz-request-id
P29KP699MYJQTTC1
Via
1.1 varnish
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
X-Cache-Hits
376
ProximaNova-RegularItalic.woff
www.wired.com/verso/static/assets/fonts/ 		27 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/assets/fonts/ProximaNova-RegularItalic.woff
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8392b864ce606bf8ec20cf749f148dd7134d770200dd81df9b7adbc33a88978e
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
age
468239
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/assets/fonts/ProximaNova-RegularItalic.woff
last-modified
Thu, 14 Apr 2022 06:57:54 GMT
verso
true
content-length
27564
x-amz-id-2
bQ4sEGtv3qkCpHPzLeUmjknK9XLFi2pMV/THDXvMVok3bwsDZKK22DvOjLSluXvaCqSkhrzwZIE=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.287071,VS0,VE0
apple-news-services-request-url
/verso/static/assets/fonts/ProximaNova-RegularItalic.woff
etag
"37e0e76d0baa901390de58544942384d"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
BTSG4J61TKRTH4E6
access-control-allow-origin
*
expires
Fri, 14 Apr 2023 07:04:13 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff
apple-news-services-host
www.wired.com
x-cache-hits
220
BreveText-BookItalic.woff
www.wired.com/verso/static/assets/fonts/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/assets/fonts/BreveText-BookItalic.woff
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c34a9420de5b381d4f2459193c70e4d84d5aaa0928a67907a57e2a9e9d3a8852
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
age
2889542
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/assets/fonts/BreveText-BookItalic.woff
last-modified
Thu, 17 Mar 2022 06:24:29 GMT
verso
true
content-length
35744
x-amz-id-2
LgKez7onNmc16aCj5HawvsSyzL49wHNdwv9OsjhF+x8gNlGlfdLUoDBYoKzqteJYauhKhr5pxvI=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.288686,VS0,VE0
apple-news-services-request-url
/verso/static/assets/fonts/BreveText-BookItalic.woff
etag
"f8b4eded3c32119b3384de37a8c158a6"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
885X1M3FKB2FVBAP
access-control-allow-origin
*
expires
Fri, 17 Mar 2023 06:29:10 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff
apple-news-services-host
www.wired.com
x-cache-hits
110
WiredMono-Light.woff
www.wired.com/verso/static/assets/fonts/ 		21 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/assets/fonts/WiredMono-Light.woff
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7ff758ced20d4139eb5f580cfc93d1161ed5e19a4a2d4020728143855d17adeb
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
via
1.1 varnish
age
1849460
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/assets/fonts/WiredMono-Light.woff
last-modified
Tue, 29 Mar 2022 07:19:15 GMT
verso
true
content-length
21256
x-amz-id-2
zBDovfpP9qjcW+eHKmeKSnHnf29ODk50CO34/lo+E8nbE1W765GcAlB/fWytxVXneEViahuDbLk=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388093.288833,VS0,VE0
apple-news-services-request-url
/verso/static/assets/fonts/WiredMono-Light.woff
etag
"86ae3ff7d521e7ad53923c387fddc7b8"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
V0SD3JA8K4Y7QGMN
access-control-allow-origin
*
expires
Wed, 29 Mar 2023 07:23:53 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff
apple-news-services-host
www.wired.com
x-cache-hits
136
93ddfe0c-4b21-4ad5-8191-612d2a67aad3.json
cdn.cookielaw.org/consent/93ddfe0c-4b21-4ad5-8191-612d2a67aad3/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/93ddfe0c-4b21-4ad5-8191-612d2a67aad3/93ddfe0c-4b21-4ad5-8191-612d2a67aad3.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52b99c2223e94ca9e179685679dcb0877b9cb1488bbc4a55e29bb9125862e1d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ZCNmqTGOwbM4fTrmNxgTGw==
age
4692
vary
Accept-Encoding
content-length
1539
x-ms-lease-status
unlocked
last-modified
Tue, 29 Mar 2022 14:41:03 GMT
server
cloudflare
etag
0x8DA1192268A6064
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
12e68642-d01e-005f-247b-432a18000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6fe73dafd8cb7138-YUL
expires
Tue, 19 Apr 2022 21:08:13 GMT
dnsfeed
geolocation.onetrust.com/cookieconsentpub/v1/geo/location/ 		166 B
374 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location/dnsfeed
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/opt-out/otCCPAiab.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a280e864b87587efb0dad5227e1e3c55a72cc15ad6f1aa76766bb6128118ccb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6fe73db01be37156-YUL
v2
mb.moatads.com/yi/ 		457 B
632 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%23Vyt9.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-3gPfcs6wZ10QbMk%2BqjMratT%2F8IKBUGMSV3D%2B4hwCudYVWqlJ9ew2bEg%3D&rs=1-8mrC8H1EcAEJWg%3D%3D&sc=1&os=1-8Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&pcode=condenastprebidheader987326845656&rx=878667589509&callback=MoatNadoAllJsonpRequest_69026041
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/condenastprebidheader987326845656/moatheader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.129.77 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-129-77.us-east-2.compute.amazonaws.com
Software
TornadoServer/5.1.1 /
Resource Hash
25172b594a9d291e085c84cb2af32ebad6a7b8aa6182e436c3bacfa11acd2a04

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
cache-control
max-age=900
server
TornadoServer/5.1.1
timing-allow-origin
*
etag
"820acd614262933e35f50322366844e76c3890a7"
content-length
457
content-type
text/html; charset=UTF-8
config
c.amazon-adsystem.com/cdn/prod/ 		802 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3035&u=https%3A%2F%2Fwww.wired.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.222.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-222-69.jfk51.r.cloudfront.net
Software
Server /
Resource Hash
823e186d74636c4d48883a6badb1fc5399bf9bad10143289d20330cdbf7f4f22

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 11:16:38 GMT
via
1.1 74636a0d3b110dc164c7801b27cac3b2.cloudfront.net (CloudFront)
server
Server
age
21094
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
JFK51-C1
content-length
802
x-amz-cf-id
KIfEnCR0FLztK7Pf-qfw-VxxEVS6wkkrZfoOmJp1Nc1HF8DT8HCfWQ==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.222.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-222-69.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 02:49:19 GMT
via
1.1 f800b68f44c427976fe7546b255b6206.cloudfront.net (CloudFront)
vary
Accept-Encoding,Origin
age
51535
x-cache
Hit from cloudfront
content-length
6482
last-modified
Thu, 17 Mar 2022 02:21:48 GMT
server
AmazonS3
etag
"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
access-control-allow-origin
*
cache-control
public, max-age=86400
x-amz-cf-pop
JFK51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
p5dh6c9TCo_-EQ125kqUsufaK-hEX6K0DzmIonzpt7ijvmu1zHxZdw==
swg-button.css
news.google.com/swg/js/v1/ 		21 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/js/v1/swg-button.css
Requested by
Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bde06a0400c168573473e2de967d842eec383f2f755aef4ec017b2f333e7ff85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 16:29:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2332
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6457
x-xss-protection
0
last-modified
Wed, 12 Jan 2022 22:09:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="news-frontend"
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
text/css
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Tue, 19 Apr 2022 17:19:21 GMT
pubads_impl_2022041301.js
securepubads.g.doubleclick.net/gpt/ 		362 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
sffe /
Resource Hash
638d2f5ba5cf501a58131a42efe30aa2c2154904b0654a517cce4baeef308022
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 16:18:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
521374
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
125956
x-xss-protection
0
last-modified
Wed, 13 Apr 2022 08:34:59 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 13 Apr 2023 16:18:39 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		297 B
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.wired.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
6940ce271a265722ef323d0769b7aec6cebad8d3d1e4bb1607f449671a3dbede
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
143
x-xss-protection
0
expires
Tue, 19 Apr 2022 17:08:13 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		157 B
434 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74b1612d1cb16d432cfd6542a7efe8f9297f1197025e044b9e0d9fa8e54befab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6fe73db10b14ecf6-YUL
access-control-allow-headers
Content-Type
ats.js
ats.rlcdn.com/ 		110 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ats.rlcdn.com/ats.js
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-34.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
07da28929f6d4cb8894de074ff1ae095860bf6686c7bb3024168c6c8e5e65ad8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 00:30:20 GMT
via
1.1 e792582e94d051796ee83e4a94038f8e.cloudfront.net (CloudFront)
age
59873
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:d9620690-a522-4865-bdcf-c40a5e58864a
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
229018ce14d22cf5d355aa4c24ac99ff
content-length
112402
last-modified
Thu, 07 Apr 2022 09:05:05 GMT
server
AmazonS3
etag
"d03ceb6300ba5d767156d2d186bfc621"
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
37cf43d799bffc4fdad3431bef2fdbc097a3382eab6b0735d08d25e96b4565dc
cache-control
must-revalidate,public,max-age=86400
x-amz-version-id
VE.TmwhV1._nzA5UkJnv.qeHE6SJ9zlu
x-amz-cf-pop
JFK51-C1
accept-ranges
bytes
content-type
application/x-javascript
x-amz-cf-id
3zjt9O7raaQ0sSSu_0tJKw2jxVccll2lWGGHE_jVEC71VXYilHtctQ==
beacon
infinityid.condenastdigital.com/infinityid/ 		35 B
934 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://infinityid.condenastdigital.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.144.100 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-144-100.compute-1.amazonaws.com
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Server
nginx/1.15.8
vary
origin
Content-Type
image/gif
cache-control
no-cache, no-store, must-revalidate
Connection
keep-alive
accept-ranges
bytes
Content-Length
35
expires
0
integrator.js
adservice.google.ca/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ca/adsid/integrator.js?domain=www.wired.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.wired.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		537 B
295 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4240033368257457&correlator=1230515925443800&hxva=1&scor=406237631797971&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fifs&us_privacy=1---&iu_parts=3379%2Cconde.wired%2Cinterstitial%2Csecurity%2Carticle%2C1&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=1x1&ifi=1&adks=3614482195&sfv=1-0-38&ecs=20220419&ists=1&fsapi=false&prev_scp=pos%3Dinterstitial%26ctx_slot_type%3Dout_of_page%26ctx_slot_rn%3D0%26pos_instance%3D1%26ctx_slot_instance%3D0%26ctx_slot_name%3Dout_of_page_0%26slot_name%3Dinterstitial_1&eri=1&cust_params=m_data%3Dwaiting%26m_safety%3Dwaiting%26m_categories%3Dwaiting%26m_mv%3Dwaiting%26m_gv%3Dwaiting%26amznbid%3D0%26amznp%3D0%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_platform%3Dverso%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd&ppid=c0aa10cc32ef4371a838e477580f9efd&sc=1&cookie_enabled=1&abxe=1&dt=1650388093742&lmt=1650388093&dlt=1650388093100&idt=528&biw=1600&bih=1200&adxs=0&adys=56&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ref=https%3A%2F%2Fapple.news%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x0&msz=0x0&fws=0&ohw=0&ga_vid=145265742.1650388094&ga_sid=1650388094&ga_hid=1715062932&ga_fc=false&btvi=0&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
dc1c56140be80d545af7ec2fbfb58e058f68db82f18c8d9a0963776421a874c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
265
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		46 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4240033368257457&correlator=1230515925443800&hxva=1&scor=406237631797971&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fifs&us_privacy=1---&iu_parts=3379%2Cconde.wired.native%2Cin-content%2Csecurity%2Carticle%2C1&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=320x50&fluid=height&ifi=2&adks=3600696306&sfv=1-0-38&ecs=20220419&fsapi=false&prev_scp=pos%3Din-content%26ctx_slot_type%3Din_content%26ctx_slot_rn%3D0%26pos_instance%3D1%26ctx_slot_instance%3D0%26ctx_slot_name%3Din_content_0%26slot_name%3Din_content_1&eri=1&cust_params=m_data%3Dwaiting%26m_safety%3Dwaiting%26m_categories%3Dwaiting%26m_mv%3Dwaiting%26m_gv%3Dwaiting%26amznbid%3D0%26amznp%3D0%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_platform%3Dverso%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd&ppid=c0aa10cc32ef4371a838e477580f9efd&sc=1&cookie_enabled=1&abxe=1&dt=1650388093749&lmt=1650388093&dlt=1650388093100&idt=528&biw=1600&bih=1200&adxs=262&adys=2915&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ref=https%3A%2F%2Fapple.news%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=575x0&msz=575x0&fws=0&ohw=0&ga_vid=145265742.1650388094&ga_sid=1650388094&ga_hid=1715062932&ga_fc=false&btvi=1&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
be1ad3ca9e1d91773c5c79ee5a7797efbc409cb783f409bbe168f536c877e5a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11093
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.wired.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 36DE 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 17:08:13 GMT
expires
Wed, 19 Apr 2023 17:08:13 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.32.0/ 		335 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.32.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8bd28fee94c800df636a486d42ed91d2df89db1fd3e223d5e89ce3d9dd107fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ryfZhYsqLisJEnBsOqgVsQ==
age
7084
vary
Accept-Encoding
content-length
81095
x-ms-lease-status
unlocked
last-modified
Fri, 18 Mar 2022 16:29:23 GMT
server
cloudflare
etag
0x8DA08FC76466F7A
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
fb3d0be8-001e-00f7-0afa-3afe0d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6fe73db24b8f4bb8-YUL
bid
c.amazon-adsystem.com/e/dtb/ 		182 B
651 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=3035&u=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&pr=https%3A%2F%2Fapple.news%2F&pid=z2HnUKV1kHXG5&cb=0&ws=1600x1200&v=7.75.0&t=1000&slots=%5B%7B%22sd%22%3A%22hero_0%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22hero%2Fdesktop%22%7D%5D&pj=%7B%22si_section%22%3A%22security%22%2C%22us_privacy%22%3A%221---%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.222.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-222-69.jfk51.r.cloudfront.net
Software
Server /
Resource Hash
2497f94d8a997612d5da2ad1d85dc3e430771037e23c2d9c9a89379686ceccac
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:14 GMT
via
1.1 74636a0d3b110dc164c7801b27cac3b2.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK51-C1
x-amz-rid
2EPFPECA5WND1YYPE4TW
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.wired.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
182
x-amz-cf-id
h4NTPxZnpxp91IwxUh7xjqggHcZb7eX9CZM8x3rZn8cbpufSHprknw==
fastlane.json
fastlane.rubiconproject.com/a/api/ 		350 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&site_id=306872&zone_id=1548440&size_id=2&alt_size_ids=57&us_privacy=1---&eid_pubcid.org=6238712a-13ba-42ab-9013-be6a3e95297e%5E1&rf=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&tg_i.cnt_tags=cybersecurity%2Cmalware%2Chacking%2Crussia%2Ccyberattacks-and-hacks%2Cnational-security&tk_flint=pbjs_lite_v6.15.0&x_source.tid=15fdd1ac-dc7a-40ba-b32e-e58201af475c&p_screen_res=1600x1200&rp_floor=0.05&rp_secure=1&rp_maxbids=1&slots=1&rand=0.005548054712006367
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c002:200::42 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
1db48e74c51d66422c9b050f8d1d6c4207b5441781eb9c57548902c2036c6b93

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:14 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.wired.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
350
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		350 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&site_id=306872&zone_id=1548442&size_id=2&alt_size_ids=57&us_privacy=1---&eid_pubcid.org=6238712a-13ba-42ab-9013-be6a3e95297e%5E1&rf=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&tg_i.cnt_tags=cybersecurity%2Cmalware%2Chacking%2Crussia%2Ccyberattacks-and-hacks%2Cnational-security&tk_flint=pbjs_lite_v6.15.0&x_source.tid=15fdd1ac-dc7a-40ba-b32e-e58201af475c&p_screen_res=1600x1200&rp_floor=0.05&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8790649296707307
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c002:200::42 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
7ab20f1c22ea74e397cb4c436d61c4dc7ae4bf68e73732dcee16432c4bc479d2

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:14 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.wired.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
350
Expires
Wed, 17 Sep 1975 21:32:10 GMT
cygnus
htlb.casalemedia.com/ 		8 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=376149&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2246e95f1f94dcba%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fapple.news%2F%22%2C%22page%22%3A%22https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F%3Fcnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%22%2C%22ext%22%3A%7B%22data%22%3A%7B%22cnt_tags%22%3A%5B%22cybersecurity%22%2C%22malware%22%2C%22hacking%22%2C%22russia%22%2C%22cyberattacks-and-hacks%22%2C%22national-security%22%5D%7D%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22dms%22%3Atrue%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%225b81037cb1be9a%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22376149%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22376148%22%2C%22sid%22%3A%22970x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%226238712a-13ba-42ab-9013-be6a3e95297e%22%7D%5D%7D%5D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%7D
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.78.210.18 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-78-210-18.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
714ded83150137e085a5012d3a2bbcb16db781a8bb1c983df43aa7191558b3bb

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:14 GMT
content-encoding
gzip
x-ak-initial-geo
CC:[CA], RC:[QC], CN:[NA], CIP:[149.56.153.186], XFF:[]
server
Apache
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.wired.com
x-cs-client-geo
19
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
4373
x-ak-client-geo
19
expires
Tue, 19 Apr 2022 17:08:14 GMT
prebid
ib.adnxs.com/ut/v3/ 		257 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.182 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
53176f22e10141608b803669aa7301762968414cc732df78a3f27617eff09aa3
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:14 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
276c9869-fc26-471f-b7d8-a75d63a51e37
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.wired.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
257
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
343 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969ce00175757040bb70b6b4600016&pos=8a9691380175757044fd70c63cbf008a&cmd=bid&secure=1&us_privacy=1---
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
53b462f23b4d7f86e3296a7a38cf730047d871076e148aeddf9c54080d4d4837

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 19 Apr 2022 17:08:14 GMT
server
ATS/9.1.0.33
age
1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.wired.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
543 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969ce00175757040bb70b6b4600016&pos=8a969ce00175757040bb70c63daf0091&cmd=bid&secure=1&us_privacy=1---
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
f6c9669d460dacf7c08e43163f1d9ad1b4d9960dcf1b230d2686951636d8754f

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 19 Apr 2022 17:08:13 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.wired.com
access-control-allow-credentials
true
content-length
62
arj
condenastus-d.openx.net/w/1.0/ 		189 B
602 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://condenastus-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=15fdd1ac-dc7a-40ba-b32e-e58201af475c%2C15fdd1ac-dc7a-40ba-b32e-e58201af475c&nocache=1650388093848&us_privacy=1---&pubcid=6238712a-13ba-42ab-9013-be6a3e95297e&aus=728x90%2C970x250%7C728x90%2C970x250&divids=hero_728x90_970x250%2Chero_728x90_970x250&aucs=%2C&auid=541000862%2C541000867&aumfs=50%2C50
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4c294b4737ac84766f7d28b981cf99b06c9354c930807ea0416df4338d7dcccf

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:14 GMT
content-encoding
gzip
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.wired.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
176
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
896 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CU65UN7R
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
1eb77702002a285768b4552ced0c639dbc8120ad99aa1e66e57661bf67fb3a35

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
/
geo.privacymanager.io/ 		30 B
593 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: ats.rlcdn.com
URL: https://ats.rlcdn.com/ats.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-28.bos50.r.cloudfront.net
Software
/
Resource Hash
70fd869f92915eb3c9f85d2d2b5a473ba45239ae463b35267642335337c46f06

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 05:33:19 GMT
via
1.1 03efa14de61e5d90be5300eba235f560.cloudfront.net (CloudFront), 1.1 adc90318bc35888e7fc939b759b9628a.cloudfront.net (CloudFront)
age
41694
x-amzn-requestid
65593793-84db-4b6d-9d59-541bf5cf87a6
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-625e499f-78eed6a629a6afc343f9f788;Sampled=0
x-cache
Hit from cloudfront
x-amz-cf-pop
IAD79-C3, BOS50-C1
x-amz-apigw-id
Q0Bw5EuYjoEFfIA=
content-length
30
x-amz-cf-id
CB52uaB1qZ-y-Aih0wIPt2camz9_ZR1aHz-GzS0wiP75d0po9P2vsw==
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
bid
c.amazon-adsystem.com/e/dtb/ 		608 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=3035&u=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&pr=https%3A%2F%2Fapple.news%2F&pid=z2HnUKV1kHXG5&cb=1&ws=1600x1200&v=7.75.0&t=1000&slots=%5B%7B%22sd%22%3A%22rail_0%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22rail%2Fdesktop%22%7D%5D&pj=%7B%22si_section%22%3A%22security%22%2C%22us_privacy%22%3A%221---%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.222.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-222-69.jfk51.r.cloudfront.net
Software
Server /
Resource Hash
d2228fd8f1f9bdf2ff73577bf7b443749879f7c587d7d33bb1129741b59158e3
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:14 GMT
via
1.1 74636a0d3b110dc164c7801b27cac3b2.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK51-C1
x-amz-rid
4JYFM0DFK1QMDN2TS4BV
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.wired.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
608
x-amz-cf-id
q0pM_kP8PxJIZxJrl0PR6z2aklYy1mWVYkPV5D_F2VXxrpkJycsjmA==
fastlane.json
fastlane.rubiconproject.com/a/api/ 		351 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&site_id=306872&zone_id=1548468&size_id=15&alt_size_ids=10&us_privacy=1---&eid_pubcid.org=6238712a-13ba-42ab-9013-be6a3e95297e%5E1&rf=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&tg_i.cnt_tags=cybersecurity%2Cmalware%2Chacking%2Crussia%2Ccyberattacks-and-hacks%2Cnational-security&tk_flint=pbjs_lite_v6.15.0&x_source.tid=ffd77d01-7e0d-4c2f-a9b4-9476428ffcad&p_screen_res=1600x1200&rp_floor=0.05&rp_secure=1&rp_maxbids=1&slots=1&rand=0.05294743265676094
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c002:200::42 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
5e71c8a5b47e48da01e36527349e111395da4f03ce196e8cc041883fafafcb1c

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:14 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.wired.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
351
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		351 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11850&site_id=306872&zone_id=1548470&size_id=15&alt_size_ids=10&us_privacy=1---&eid_pubcid.org=6238712a-13ba-42ab-9013-be6a3e95297e%5E1&rf=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&tg_i.cnt_tags=cybersecurity%2Cmalware%2Chacking%2Crussia%2Ccyberattacks-and-hacks%2Cnational-security&tk_flint=pbjs_lite_v6.15.0&x_source.tid=ffd77d01-7e0d-4c2f-a9b4-9476428ffcad&p_screen_res=1600x1200&rp_floor=0.05&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9412878188490807
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c002:200::42 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
944a7690cef689628197db6887b902e9c4c9fdebe014a2a9d5758875b4e33b0a

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:14 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.wired.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
351
Expires
Wed, 17 Sep 1975 21:32:10 GMT
cygnus
htlb.casalemedia.com/ 		14 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=376181&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%222286ad6a443bf33%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fapple.news%2F%22%2C%22page%22%3A%22https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F%3Fcnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%22%2C%22ext%22%3A%7B%22data%22%3A%7B%22cnt_tags%22%3A%5B%22cybersecurity%22%2C%22malware%22%2C%22hacking%22%2C%22russia%22%2C%22cyberattacks-and-hacks%22%2C%22national-security%22%5D%7D%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22dms%22%3Atrue%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22238e70f48f69c72%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22376181%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22376179%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%226238712a-13ba-42ab-9013-be6a3e95297e%22%7D%5D%7D%5D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%7D
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.78.210.18 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-78-210-18.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
888cf2b1de6660f1c4df2513502d5d2b42f9df33418b99d3e30cedcab59424f9

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:14 GMT
content-encoding
gzip
x-ak-initial-geo
CC:[CA], RC:[QC], CN:[NA], CIP:[149.56.153.186], XFF:[]
server
Apache
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.wired.com
x-cs-client-geo
19
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
5501
x-ak-client-geo
19
expires
Tue, 19 Apr 2022 17:08:14 GMT
prebid
ib.adnxs.com/ut/v3/ 		260 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.182 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
d0df3bda85ed5cac35847fe52a8545863175f2872ced018df1e2e2d524c45601
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:14 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
0de4a1f9-9ed9-4cbf-a704-7f77ffe8555c
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.wired.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
260
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
369 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969ce00175757040bb70b6b4600016&pos=8a96958101757570497f70c64b5f008e&cmd=bid&secure=1&us_privacy=1---
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
62258366d30a17bdd8d5c5199c98d594d5e4a8ade0121d549dcd012919d56f54

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 19 Apr 2022 17:08:14 GMT
server
ATS/9.1.0.33
age
1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.wired.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
343 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969ce00175757040bb70b6b4600016&pos=8a9691380175757044fd70c64c5c008f&cmd=bid&secure=1&us_privacy=1---
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
95ea96541ef9c668ded3af14be56348b8d41ee966a18772f2d7a62357296a773

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 19 Apr 2022 17:08:14 GMT
server
ATS/9.1.0.33
age
1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.wired.com
access-control-allow-credentials
true
content-length
62
arj
condenastus-d.openx.net/w/1.0/ 		0
0
prebid
prebid.media.net/rtb/ 		1 KB
727 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CU65UN7R
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
11ccb31c6dcb7e89c99874b1c92c341303e57c575a515dbf5da448ed381501b8

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
beacon
www.allure.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.allure.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security max-age=7776000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Via
1.1 varnish
Vary
origin, Verso
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Content-Length
35
X-Served-By
cache-yul12824-YUL
Server
nginx/1.15.8
X-Timer
S1650388094.942756,VS0,VE17
Strict-Transport-Security
max-age=7776000; preload
Content-Type
image/gif
Cache-Control
no-cache
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
accept-ranges
bytes
expires
0
beacon
www.architecturaldigest.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.architecturaldigest.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security max-age=7776000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Via
1.1 varnish
Server
nginx/1.15.8
Connection
keep-alive
Vary
origin
X-Cache
MISS
Content-Type
image/gif
expires
0
cache-control
no-cache
X-Cache-Hits
0
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security
max-age=7776000; preload
accept-ranges
bytes
Content-Length
35
X-Served-By
cache-yul12831-YUL
beacon
www.bonappetit.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bonappetit.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security max-age=7776000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Via
1.1 varnish
Vary
origin, Verso
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Content-Length
35
X-Served-By
cache-yul12826-YUL
Server
nginx/1.15.8
X-Timer
S1650388094.963580,VS0,VE19
Strict-Transport-Security
max-age=7776000; preload
Content-Type
image/gif
Cache-Control
no-cache
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
accept-ranges
bytes
expires
0
beacon
www.cntraveler.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cntraveler.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security max-age=7776000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Via
1.1 varnish
Vary
origin, Verso
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Content-Length
35
X-Served-By
cache-yul12830-YUL
Server
nginx/1.15.8
X-Timer
S1650388094.954175,VS0,VE17
Strict-Transport-Security
max-age=7776000; preload
Content-Type
image/gif
Cache-Control
no-cache
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
accept-ranges
bytes
expires
0
beacon
www.epicurious.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.epicurious.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security max-age=7776000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Via
1.1 varnish
Vary
origin, Verso
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Content-Length
35
X-Served-By
cache-yul12830-YUL
Server
nginx/1.15.8
X-Timer
S1650388094.960134,VS0,VE18
Strict-Transport-Security
max-age=7776000; preload
Content-Type
image/gif
Cache-Control
no-cache
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
accept-ranges
bytes
expires
0
beacon
www.glamour.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.glamour.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security max-age=7776000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Via
1.1 varnish
Server
nginx/1.15.8
Connection
keep-alive
Vary
origin, Verso
X-Cache
MISS
Content-Type
image/gif
expires
0
Cache-Control
no-cache
X-Cache-Hits
0
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security
max-age=7776000; preload
accept-ranges
bytes
Content-Length
35
X-Served-By
cache-yul12822-YUL
beacon
www.gq.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gq.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security max-age=7776000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Via
1.1 varnish
X-Cache
MISS
X-UA-Device
desktop
X-Cache-Hits
0
Connection
keep-alive
Content-Length
35
X-Served-By
cache-yul12830-YUL
Verso
false
Server
nginx/1.15.8
X-Timer
S1650388094.943973,VS0,VE17
Vary
origin, Verso
Strict-Transport-Security
max-age=7776000; preload
Content-Type
image/gif
Cache-Control
no-cache
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
accept-ranges
bytes
expires
0
beacon
www.newyorker.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.newyorker.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security max-age=86400; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Via
1.1 varnish
Connection
keep-alive
Date
Tue, 19 Apr 2022 17:08:13 GMT
Vary
origin
X-Cache
MISS
Content-Type
image/gif
expires
0
cache-control
no-cache
X-Cache-Hits
0
Strict-Transport-Security
max-age=86400; preload
accept-ranges
bytes
Content-Length
35
X-Served-By
cache-yul12831-YUL
beacon
pitchfork.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pitchfork.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security max-age=7776000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Via
1.1 varnish
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Content-Length
35
X-Served-By
cache-yul12830-YUL
Verso
false
Server
nginx/1.15.8
X-Timer
S1650388094.965546,VS0,VE22
Vary
Accept-Encoding, X-Format, Verso
Strict-Transport-Security
max-age=7776000; preload
Content-Type
image/gif
Cache-Control
no-cache
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
accept-ranges
bytes
expires
0
beacon
www.self.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.self.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security max-age=7776000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:13 GMT
Vary
origin, Verso
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Content-Length
35
X-Served-By
cache-yul12831-YUL
Server
nginx/1.15.8
X-Timer
S1650388094.963558,VS0,VE17
Strict-Transport-Security
max-age=7776000; preload
Content-Type
image/gif
Cache-Control
no-cache
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
accept-ranges
bytes
X-FC-Vary-Parameters
acceptencoding
expires
0
beacon
www.teenvogue.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.teenvogue.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.64.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security max-age=7776000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:14 GMT
Via
1.1 varnish
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Content-Length
35
X-Served-By
cache-yul12825-YUL
X-Fastly-Backend
XID_BEACON
Server
nginx/1.15.8
X-Timer
S1650388094.022671,VS0,VE18
Vary
origin, Verso
Strict-Transport-Security
max-age=7776000; preload
Content-Type
image/gif
Cache-Control
no-cache
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
accept-ranges
bytes
expires
0
beacon
www.them.us/infinityid/ 		35 B
706 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.them.us/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:14 GMT
Via
1.1 varnish
Server
nginx/1.15.8
Vary
origin, Accept-Encoding, Verso
X-Cache
MISS
Content-Type
image/gif
expires
0
Cache-Control
no-cache
transfer-encoding
chunked
X-Cache-Hits
0
Connection
keep-alive
accept-ranges
none
content-encoding
gzip
X-Served-By
cache-yul12827-YUL
beacon
www.vanityfair.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vanityfair.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.64.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
Strict-Transport-Security max-age=7776000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:14 GMT
Via
1.1 varnish
Vary
origin, Accept-Encoding, Verso
transfer-encoding
chunked
X-Cache
MISS
Connection
keep-alive
content-encoding
gzip
X-Served-By
cache-yul12822-YUL
Server
nginx/1.15.8
X-Timer
S1650388094.029181,VS0,VE16
Strict-Transport-Security
max-age=7776000; preload
Content-Type
image/gif
expires
0
cache-control
no-cache
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests
accept-ranges
none
apple-news-services-host
infinityid.condenastdigital.com
X-Cache-Hits
0
beacon
www.vogue.com/infinityid/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vogue.com/infinityid/beacon?id=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; upgrade-insecure-requests
Strict-Transport-Security max-age=7776000; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:14 GMT
Server
nginx/1.15.8
Varnish-X-Cache
MISS
Connection
keep-alive
Vary
origin, Verso
X-Cache
MISS
Content-Type
image/gif
expires
0
Cache-Control
no-cache
X-Cache-Hits
0
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; upgrade-insecure-requests
Strict-Transport-Security
max-age=7776000; preload
accept-ranges
bytes
Content-Length
35
X-Served-By
cache-yul12823-YUL
en.json
cdn.cookielaw.org/consent/93ddfe0c-4b21-4ad5-8191-612d2a67aad3/51981cec-32b8-4f64-b081-4fffb4af3c86/ 		93 KB
19 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/93ddfe0c-4b21-4ad5-8191-612d2a67aad3/51981cec-32b8-4f64-b081-4fffb4af3c86/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.32.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7a446d296886d68ec37c37cd72425ba7aff96b3c5bece94327e7b0afe45679a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 19 Apr 2022 17:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
nHqfhoq9fv2qCwFEy2eTeA==
age
3548
vary
Accept-Encoding
content-length
19717
x-ms-lease-status
unlocked
last-modified
Tue, 29 Mar 2022 14:42:32 GMT
server
cloudflare
etag
0x8DA11925B682971
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
17362dc9-501e-00ef-437b-43d398000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6fe73db30db27138-YUL
expires
Tue, 19 Apr 2022 21:08:13 GMT
wired.js
player.cnevids.com/interlude/ 		37 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.cnevids.com/interlude/wired.js?verso=true&onReady=CNE_onReady_16503880943020&hasExcludedEmbed=false&embeddedVideos=&rightRail=true&interludeOverrideId=6230c6615577c237274617fc
Requested by
Host: www.wired.com
URL: https://www.wired.com/verso/static/presenter-articles.22d7ad7d77a06f3f1bda.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-84.iad89.r.cloudfront.net
Software
nginx/1.18.0 /
Resource Hash
c8a82e175412ed1094600e911d7bd052d347ca36e843dffd58693f5753c847d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:14 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-Amz-Cf-Pop
IAD89-P2
X-Cache
Miss from cloudfront
Status
200 OK
Connection
keep-alive
Content-Length
10284
X-XSS-Protection
1; mode=block
X-Request-Id
35430244-76fc-4a79-9326-a83aa5546bd1
X-Runtime
0.006532
X-Backend-Node
10.110.40.180
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx/1.18.0
ETag
W/"1e5cf6b70a45f69c6bc261aee5c2b1f3"
X-Download-Options
noopen
Vary
Origin,Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Via
1.1 cfb94084ba0615910dd15548de7c4c5e.cloudfront.net (CloudFront)
Cache-Control
max-age=0, private, must-revalidate
X-Amz-Cf-Id
AhA-dKMFIARYRpMBQSUJfBHWxZa-a-Od3OyA6YkfGXHJsg7Y6i9FPw==
gtm.js
www.googletagmanager.com/ 		565 KB
146 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5HBJC2K&l=dataLayer
Requested by
Host: www.wired.com
URL: https://www.wired.com/verso/static/presenter-articles.22d7ad7d77a06f3f1bda.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
33bcc017f235e0db869bf35c97bf14d6cb553e4874af00b62f2e797da27b7c73
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:14 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
149359
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 16:36:03 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 19 Apr 2022 17:08:14 GMT
integrator.js
adservice.google.ca/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ca/adsid/integrator.js?domain=www.wired.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.wired.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		21 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4240033368257457&correlator=1230515925443800&hxva=1&scor=406237631797971&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fifs&rdp=1&us_privacy=1---&iu_parts=3379%2Cconde.wired%2Chero%2Csecurity%2Carticle%2C1&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=728x90%7C970x250%7C970x90%7C9x1%7C10x1&ifi=3&adks=2032318971&sfv=1-0-38&ecs=20220419&fsapi=false&prev_scp=pos%3Dhero%26ctx_slot_type%3Dhero%26ctx_slot_rn%3D0%26feature-flags%3Dsticky-eligible%26pos_instance%3D1%26ctx_slot_instance%3D0%26ctx_slot_name%3Dhero_0%26slot_name%3Dhero_1%26amznbid%3D2%26amznp%3D2%26m_mv%3DslotNoHistData%26m_gv%3DslotNoHistData%26hb_format%3Dbanner%26hb_size%3D970x250%26hb_pb%3D0.55%26hb_adid%3D374953b49bc6d73%26hb_bidder%3Dix&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_platform%3Dverso%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd&ppid=c0aa10cc32ef4371a838e477580f9efd&sc=1&cookie=ID%3Db1d44f49b8b413d5-22a4838c177c009d%3AT%3D1650388093%3AS%3DALNI_MaingWuR3n8vSCBXce-z0ZcHxi8ug&gpic=UID%3D0000044500dc495f%3AT%3D1650388093%3ART%3D1650388093%3AS%3DALNI_Ma7xFosxfQItvzvbmZ7BxNtu-L5jw&abxe=1&dt=1650388094526&lmt=1650388094&dlt=1650388093100&idt=528&biw=1600&bih=1200&adxs=436&adys=56&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ref=https%3A%2F%2Fapple.news%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x0&msz=1600x0&fws=0&ohw=0&ga_vid=145265742.1650388094&ga_sid=1650388094&ga_hid=1715062932&ga_fc=false&btvi=0&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
c3d80ba4c6f5fd459fb016c7e51635357bcf8ecbfab5ffc6c3aeb35a54ccf47e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:14 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9462
x-xss-protection
0
google-lineitem-id
5960647119
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138388844988
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012203150226000/ Frame B97E 		222 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
319107
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62084
x-xss-protection
0
server
sffe
date
Sat, 16 Apr 2022 00:29:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"fa1474a6dd6481f4"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sun, 16 Apr 2023 00:29:47 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame B97E 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
319107
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5728
x-xss-protection
0
server
sffe
date
Sat, 16 Apr 2022 00:29:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"d91e62368f79b48d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sun, 16 Apr 2023 00:29:47 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame B97E 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
319107
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29618
x-xss-protection
0
server
sffe
date
Sat, 16 Apr 2022 00:29:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"9a9baa9802fa29d2"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sun, 16 Apr 2023 00:29:47 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame B97E 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
319107
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1900
x-xss-protection
0
server
sffe
date
Sat, 16 Apr 2022 00:29:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"3393210d007db9ca"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sun, 16 Apr 2023 00:29:47 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012203150226000/v0/ Frame B97E 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012203150226000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
319107
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13669
x-xss-protection
0
server
sffe
date
Sat, 16 Apr 2022 00:29:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"565eca32a909292d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sun, 16 Apr 2023 00:29:47 GMT
css
fonts.googleapis.com/ Frame B97E 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 16:49:18 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 19 Apr 2022 17:08:14 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 19 Apr 2022 17:08:14 GMT
css
fonts.googleapis.com/ Frame B97E 		4 KB
691 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500&text=
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 17:06:47 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 19 Apr 2022 17:08:14 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 19 Apr 2022 17:08:14 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/7078450531912860447/ Frame B97E 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/7078450531912860447/downsize_200k_v1?sqp=4sqPyQR5QncIABIUDc3MzD4VAAAAQB0AAAAAJQAAAAAYACIKDQAAgD8VAACAPypPCFoQAR0AALRCIAEoATAGOANAgMLXL0gAUABYAGBacAJ4AIABAIgBAJABAJ0BAACAP6ABAKgBALABgK3iBLgB____________AcUBLbKdPg&rs=AOga4ql6QulDDZjgzWwUbJlG6g6xxuSZDQ
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a16f632f3b220d8a1e43bef03fb194c17321c7ec214e1ecd1d70cc513f7fea7c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:14 GMT
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40811
x-xss-protection
0
last-modified
Wed, 22 Apr 2020 21:50:47 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 19 Apr 2023 17:08:14 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame B97E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C-NU4fexeYo68MpbenwSn0YugAfPpopBp4tHw6NwMg9X0_QgQASD0g7kbYMmGgIDwpLAQoAHz5NzhA8gBBuACAKgDAcgDCqoEogJP0Nnz44Ie2WawTGVxswWTnki7wsaEZJGyBRzSBsZ5Z3BRy9GwnTRQry7_rUXHjaKIKKJXtSHV4pqzjCGhjjA_HJoYq3EXUe5wIk23f9xKYzsVRhALJTDki6fXU_w1iFVGrUVqlh1CuFT5N76cI--MNTXOuBJ06fbte0fIeMHH6twkzc3hMh5xBLavCZvJDV0zfXCZOzASpmld5FoHEzvRHRebq5kActj8ZoWjx2ulg6OHmYeejaEwDfIxDwEHYXTLFr9FMC5mxip1Zz5ecxUxAFtToQTdd4i5TnFbCin7cXlM7Pm2KU0akfS2oA7Or8MDQRc8GXU3jBHj4W_iY6iMl2LFKWbQNE7iCOifNjaG81ydpLHKPUWALKBhJnSMEX700MAEhvPN2bUD4AQBkgUECAQYAZIFBAgFGASgBjeAB_Waox6oB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCgoBLSCAcIiGEQARhdgAoDyAsB2BMCiBQB0BUBgBcBshceChwIABIUcHViLTM4NDQ4Nzc4NjMzMDM3MzkY36AQ&sigh=geBSv_4x6vk&uach_m=[UACH]&template_id=492
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
l
www.google.com/ads/measurement/ Frame B97E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSL96YbMDJdcdmfivhqUXfpDjrPmkivFScmzhzirtmHPxOrM07ed2fJxPTpxQVpsMeFeXFEqyjSolUyYanu4co-CsFicQ
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B97E 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 17:24:30 GMT
x-content-type-options
nosniff
server
cafe
age
85424
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
14819457070020093239
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Tue, 19 Apr 2022 17:24:30 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B97E 		295 B
399 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 00:17:40 GMT
x-content-type-options
nosniff
server
cafe
age
60634
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
426692510519060060
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Wed, 20 Apr 2022 00:17:40 GMT
truncated
/ Frame B97E 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5041e437e6c5ec9a5a59b53510233ef36cd84d6b60ca009016908a2d21944383

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CONDENAST_PREBID_HEADER1&hp=1&zMoatAdUnit1=conde.wired.native&zMoatAdUnit2=in-content&zMoatAdUnit3=security&zMoatAdUnit4=article&wf=1&ra=3&pxm=3&sgs=3&vb=7&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=https%3A%2F%2Fapple.news&t=1650388093410&de=811794565249&rx=878667589509&m=0&ar=bee2df476bf-clean&iw=5eeb72d&q=1&cb=0&cu=1650388093410&ll=2&lm=0&ln=0&em=0&en=0&d=4660981638%3A2443012271%3A5276770044%3A138301071698&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&bo=conde.wired.native&bd=1&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=condenastprebidheader987326845656&fd=1&ac=1&it=500&pe=1%3A628%3A628%3A0%3A735&fs=198121&na=303703342&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:14 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:14 GMT
recommendations
api.condenast.io/v1/ 		22 KB
7 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.condenast.io/v1/recommendations?applicationID=wired-right-rail&brand=wired&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&exclude%5Bcategory%5D=functional-tags%2Fno-river&filter%5BnumberOfDays%5D=-30&filter%5Bstrategy%5D=POPULAR&filter%5Blanguage%5D=en-US&page%5Bsize%5D=4&xid=c0aa10cc-32ef-4371-a838-e477580f9efd&filter%5BcontentType%5D=ARTICLE&filter%5BcontentType%5D=REVIEW&filter%5BcontentType%5D=GALLERY
Requested by
Host: www.wired.com
URL: https://www.wired.com/verso/static/presenter-articles.22d7ad7d77a06f3f1bda.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.15.8 /
Resource Hash
439a08aa5aac9731452746782ed97126002b35b43bc2ff34a670cd09b0c2a4fa

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:14 GMT
content-encoding
gzip
X-Backend
2SrKDXXFWNz87LdtRpzPzK--F_api_us_east_1_condenast_io
access-control-allow-origin
https://www.wired.com
transfer-encoding
chunked
X-Cache
MISS
Connection
keep-alive
X-Served-By
cache-yul12834-YUL
Server
nginx/1.15.8
X-Timer
S1650388095.667500,VS0,VE164
Vary
origin,accept-encoding, Accept-Encoding, Origin
Content-Type
application/json;charset=utf-8
Via
1.1 varnish
access-control-expose-headers
WWW-Authenticate,Server-Authorization
cache-control
private, max-age=0
access-control-allow-credentials
true
Accept-Ranges
bytes
X-Cache-Hits
0
iu3
s.amazon-adsystem.com/ Frame AA36
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&dcc=t
287 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&dcc=t
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
f7f35f1286d047d1e44b766c33fec42f617acdd424aa203cf0ffe8a791629624
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
287
Content-Type
text/html;charset=ISO-8859-1
Date
Tue, 19 Apr 2022 17:08:14 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Permissions-Policy
interest-cohort=()
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
X8F7N525G0BWD1EC6HEW

Redirect headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Date
Tue, 19 Apr 2022 17:08:14 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&dcc=t
Permissions-Policy
interest-cohort=()
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
DKXGQV2RY1ZDA48VVX4X
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/6.32.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.32.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.32.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8edbd08b9bb87f815ad871e44aae03af609fc44b1961d608e94eff3f4e010375
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 19 Apr 2022 17:08:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
SHFDtZO2nDZuiPDW83p1IQ==
age
2852
vary
Accept-Encoding
x-ms-lease-status
unlocked
last-modified
Fri, 18 Mar 2022 16:29:27 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
18ec9d6b-401e-017c-517b-430386000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
cf-ray
6fe73db78c617138-YUL
p.js
d1z2jf7jlzjs58.cloudfront.net/ 		930 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d1z2jf7jlzjs58.cloudfront.net/p.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/verso/static/presenter-articles.22d7ad7d77a06f3f1bda.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.66.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-66-5.ewr53.r.cloudfront.net
Software
nginx /
Resource Hash
62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 11:54:08 GMT
Via
1.1 3496707421faf86f68ae341aa8b7d1b8.cloudfront.net (CloudFront)
Age
18846
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
930
Pragma
public
Last-Modified
Wed, 06 May 2020 20:19:48 GMT
Server
nginx
ETag
"5eb31be4-3a2"
Content-Type
application/javascript
Cache-Control
max-age=86400, public
X-Amz-Cf-Pop
EWR53-C1
Accept-Ranges
bytes
X-Amz-Cf-Id
x-2x6VP04A1tnoEqSelQ-g0qsNnYl2oCrUPIef6TXUue8_fVe0Uc3Q==
Expires
Wed, 20 Apr 2022 11:54:08 GMT
wired.config.js
pixel.condenastdigital.com/config/v2/production/ 		9 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.condenastdigital.com/config/v2/production/wired.config.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/verso/static/presenter-articles.22d7ad7d77a06f3f1bda.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9112b16c0bd02d574944dbfe8200cda4f233856de27ec693da793a78f656ec6d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:14 GMT
Content-Encoding
gzip
Age
134512
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
1315
x-amz-id-2
ROL/503P9EWaj70Jm78uIpSbnjs1vmmQe/ZT3MRLiOaenlAdjOhPVn9MRXlq7lNneqgHadOYI1M=
X-Served-By
cache-iad-kjyo7100136-IAD, cache-yul12827-YUL
Access-Control-Allow-Origin
*
Last-Modified
Wed, 20 Oct 2021 17:36:03 GMT
Server
AmazonS3
X-Timer
S1650388095.760233,VS0,VE0
ETag
"e77462bd78fdd12c591b2497ab50560f"
Vary
Accept-Encoding
x-amz-request-id
Z1M0KJRBA0HZYGKQ
Via
1.1 varnish, 1.1 varnish
Expires
Tue, 12 Apr 2022 12:23:44 GMT
Cache-Control
no-cache, public, max-age=604800
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Hits
1, 194
6230c6615577c237274617fc.js
player.cnevids.com/script/video/ 		64 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.cnevids.com/script/video/6230c6615577c237274617fc.js?autoplay=1&muted=1&continuousPlay=1&hasCompanion=false&hideHoverTitle=1&hidePosterTitle=1&interludeOverride=true&onReady=setupInterlude1&playerType=interlude&recAlgorithm=copilotIdOverride&recStrategy=copilotIdOverride&showPlaylistBar=false&isRightRail=true&onIframeReady=onIframeReady16503880946570
Requested by
Host: www.wired.com
URL: https://www.wired.com/verso/static/presenter-articles.22d7ad7d77a06f3f1bda.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-84.iad89.r.cloudfront.net
Software
nginx/1.18.0 /
Resource Hash
3c234b9fca4624e9947e53ae30bf1686d01bd24f98458fea0c7b06b507138e73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:14 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-Amz-Cf-Pop
IAD89-P2
X-Cache
Miss from cloudfront
Status
200 OK
Connection
keep-alive
Content-Length
21627
X-XSS-Protection
1; mode=block
X-Request-Id
4f511817-1d67-4e90-8b9e-f1655e8377b9
X-Runtime
0.005204
X-Backend-Node
10.110.13.146
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx/1.18.0
ETag
W/"8903211ff6b61786e07a0d5da1807395"
X-Download-Options
noopen
Vary
Origin,Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Via
1.1 cfb94084ba0615910dd15548de7c4c5e.cloudfront.net (CloudFront)
Cache-Control
max-age=0, private, must-revalidate
X-Amz-Cf-Id
wG5twmr8BJQ-b6IZRE9NZfM9RIioXTPGUjd3xfbOJfMDKtrUccKV5A==
id
dpm.demdex.net/ 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F7093025512D2B690A490D44%40AdobeOrg&d_nsid=0&ts=1650388094769
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
c9ecef5fd19166816e2dec146f9967772f51dd902c05b6986800f31fa11233d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-usw2-1-v028-0f9525576.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
nfUqLNItTZA=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.wired.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
2193
Expires
Thu, 01 Jan 1970 00:00:00 UTC
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5HBJC2K&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
1253
date
Tue, 19 Apr 2022 16:47:22 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 19 Apr 2022 18:47:22 GMT
quant.js
secure.quantserve.com/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5HBJC2K&l=dataLayer
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:44af:4f54:8af4:5563 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Tue, 26 Apr 2022 17:08:15 GMT
fbevents.js
connect.facebook.net/en_US/ 		99 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26311
x-xss-protection
0
pragma
public
x-fb-debug
YbL0jJ6NCHKhFFadAV4Z5aQv+VkabtYRGr2d56ije3oL7tdixjp7QSX2RcEvDC8p2QxJ8ITiSKoGtV3mQ8p50Q==
x-fb-trip-id
1512268381
x-frame-options
DENY
date
Tue, 19 Apr 2022 17:08:15 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
i.js
tag.bounceexchange.com/2825/ 		275 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.bounceexchange.com/2825/i.js
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
19e75d61aa8aa32f4e8f1fa4357ad11b6fc5d8238da854a004df46768b869dff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:07:27 GMT
content-encoding
gzip
server
istio-envoy
age
48
etag
479fe10eabfa54
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
via
1.1 google
cache-control
public,max-age=60
x-envoy-upstream-service-time
20
x-region
us-central1
timing-allow-origin
*
alt-svc
clear
content-length
119941
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect
PageName=cyberattacks%20and%20hacks,SiteID=Wired,CampaignID=1802C,Channel=website,CreativeID=security,Placement=apple
d.turn.com/r/dd/id/L21rdC84MTYvY2lkLzI4NTk1MjE1L3QvMA/kv/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://d.turn.com/r/dd/id/L21rdC84MTYvY2lkLzI4NTk1MjE1L3QvMA/kv/PageName=cyberattacks%20and%20hacks,SiteID=Wired,CampaignID=1802C,Channel=website,CreativeID=security,Placement=apple
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:112:f002:bbbb::23 , United States, ASN6336 (TURN-US-ASN, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
memo.js
cdn.memo.co/js/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.memo.co/js/memo.js
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-31.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3557e85820c5b6af8b1f10bbd07b503a8460232b8a7ba5d678c1b379b2dfb764

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
z9ABgFrjA._E2hI2fCDz0BILPiEANCh8
content-encoding
gzip
etag
W/"50238783324da6c24e044ccb9261f8e3"
last-modified
Wed, 06 May 2020 13:05:27 GMT
server
AmazonS3
x-amz-cf-pop
JFK51-C1
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 f800b68f44c427976fe7546b255b6206.cloudfront.net (CloudFront)
cache-control
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
x-amz-cf-id
FSkiaVyjFg9MUgbbMGANEbLApJR08AoR7PfTjCdonhp7EurUrusekw==
uwt.js
static.ads-twitter.com/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5HBJC2K&l=dataLayer
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
last-modified
Tue, 29 Mar 2022 00:08:27 GMT
etag
"8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip"
vary
Accept-Encoding,Host
x-tw-cdn
FT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache
x-cache
HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
5410
x-served-by
cache-iad-kiad7000108-IAD
pixel.js
www.redditstatic.com/ads/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5HBJC2K&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
ea011956164ed15022fb5732fd6d810bf75bb104babed05a29beb5c50302b926

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
via
1.1 varnish, 1.1 varnish
last-modified
Mon, 18 Apr 2022 22:30:59 GMT
server
snooserv
etag
"5dcf2f59e7a6e0d30193fedad78db790"
vary
Accept-Encoding,Origin
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-encoding
gzip
content-length
7461
spm.v1.min.js
ak.sail-horizon.com/spm/ 		121 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ak.sail-horizon.com/spm/spm.v1.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5HBJC2K&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.42.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-42-77.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:00:44 GMT
content-encoding
gzip
last-modified
Tue, 08 Jun 2021 04:22:34 GMT
server
AmazonS3
age
452
etag
W/"b22b4f4738e8722be1636447be239da2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9dc6533b1432a725b72f49ca8658a3c6.cloudfront.net (CloudFront)
cache-control
max-age=600; must-revalidate
x-amz-cf-pop
EWR52-C4
x-amz-cf-id
ZMmZ5X78BwTDdU-QpIs0bZkFVCJ7p6m3A2hsu3oz71LDrAYZQt-obQ==
insight.min.js
snap.licdn.com/li.lms-analytics/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:825a New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:15 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Apr 2022 23:25:22 GMT
X-CDN
AKAM
X-EdgeConnect-Cache-Status
1
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=57526
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3085
57
a.ad.gt/api/v1/u/matches/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.ad.gt/api/v1/u/matches/57
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5HBJC2K&l=dataLayer
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.26.86.82 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-86-82.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
ed7ad9f00586479494bf33075d8b9c02bd94d0317cfc8a71be55163fa28064fc

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 19 Apr 2022 17:08:15 GMT
cross-origin-resource-policy
cross-origin
server
nginx/1.18.0
content-length
3082
content-type
application/javascript
v2
z-na.associates-amazon.com/onetag/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z-na.associates-amazon.com/onetag/v2?MarketPlace=US&instanceId=11cb70e4-21b3-453f-834c-1463094700df
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-49.ewr52.r.cloudfront.net
Software
Server /
Resource Hash
8cbeee80c026a82a6a5e3b67ee444bf9f42a36b51e512dd9afc0da3220d54bcf

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 10:53:19 GMT
content-encoding
gzip
accept-charset
UTF-8
server
Server
age
22496
x-amz-rid
PGKZD579ZK8JMB8B8HXN
vary
accept-encoding,Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
access-control-allow-origin
*
permissions-policy
interest-cohort=()
x-amz-cf-pop
EWR52-C1
x-amz-cf-id
Erj3K8FNUpwUgF-18SS2a2u59DMDT-_rwdVbD1OxoTHO7q_dI9i5Tw==
via
1.1 2c6ca3b401fc63cf43d9316aff164af4.cloudfront.net (CloudFront)
100099X1555751.skimlinks.js
s.skimresources.com/js/ 		35 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.skimresources.com/js/100099X1555751.skimlinks.js
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ed98b083c5cb0ed2d72279f5fa70a2c33badb8cd1b51475efad0c97d99ec29ed

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
last-modified
Tue, 15 Mar 2022 10:52:15 GMT
server
AmazonS3
x-amz-request-id
3FHGVQ0GKAM0V830
etag
"d91e9cbd0c81a19ca71d1cbac83c0957"
x-hw
1650388095.cds178.dc2.hn,1650388095.cds070.dc2.c
content-type
application/octet-stream
cache-control
max-age=3600
accept-ranges
bytes
content-length
13760
x-amz-id-2
IyWJDFDwaRwQcKDyXO8u1kHNDIq/6iJei9eOcgHTxWi3fAwkYq6d1z/AbEjKWOoOx+xHFf1W3BY=
hotjar-1537182.js
static.hotjar.com/c/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-1537182.js?sv=6
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.209.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-209-11.ewr50.r.cloudfront.net
Software
/
Resource Hash
5b5f540575433a0a874dadc1ed492b6056f3214bc56b2b5523c03048e896cd5d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
age
29
etag
W/4c41afe34f93654cadd1e6080443c149
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
7NNHV7ItML0fHM2BhJuQrDgaM2YogK7s_LXlkAC9GjM1VAXCHElQjA==
via
1.1 00fd85d5c5d5bd788f272591be9ecbca.cloudfront.net (CloudFront)
events.js
analytics.tiktok.com/i18n/pixel/ 		124 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1IQID9FKFK1PHD4UBH0&lib=ttq
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.216.132.73 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-216-132-73.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ac35c1aaadd50f51ecaf0ae44158872c5f9d835e78ac87f382d12065c0439aed

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
server
nginx
x-tt-logid
2022041917081501011313525018C9FE58
vary
Accept-Encoding
x-cache
TCP_MISS from a23-216-133-201.deploy.akamaitechnologies.com (AkamaiGHost/10.7.4-40388856) (-)
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
12,23.216.133.201
x-tt-trace-host
01e9de859ad2e33abbaf7df8cd5e2b0dec9444231d4d34e7deb178556866b47fa9336a835bdfb9c1c289daf9a8892e97ce07e8875fdf49229f731fa8f4a9cdccd10c1e9a9d37ed01b840163d0be87a00fb6e286bc0003eeb17676c3ab514f54070
server-timing
inner; dur=3, cdn-cache; desc=MISS, edge; dur=2, origin; dur=12
x-akamai-request-id
2640b38f
expires
Tue, 19 Apr 2022 17:08:15 GMT
condenast_eujdmc753_wired.js
cdn-magiclinks.trackonomics.net/client/static/v2/ 		95 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-magiclinks.trackonomics.net/client/static/v2/condenast_eujdmc753_wired.js
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2209:de00:1d:8c8c:47c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.34 (Amazon) OpenSSL/1.0.2k-fips PHP/7.2.8 /
Resource Hash
fa0a89fea989fb41b202f6e96fd0cc6b43e09a75d69d991846988303632453b2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 01:58:53 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 11:33:53 GMT
server
Apache/2.4.34 (Amazon) OpenSSL/1.0.2k-fips PHP/7.2.8
age
54585
etag
W/"17c2f-5d6f346a26251"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
access-control-allow-origin
*
x-amz-cf-pop
EWR53-P1
x-amz-cf-id
8KAQl3lfVUGO-hVGLK9dNAvFCFlDmnK8JmCh8uitGBJjrHFOG9A7Ag==
via
1.1 52b969a4ab7956a248b07efba57c92a4.cloudfront.net (CloudFront)
458249.gif
idsync.rlcdn.com/
Redirect Chain
  • https://idsync.rlcdn.com/709387.gif?partner_uid=c0aa10cc-32ef-4371-a838-e477580f9efd&gtmcb=1557741609
  • https://idsync.rlcdn.com/1000.gif?memo=CIumKxIwCiwIARCFvQkaJGMwYWExMGNjLTMyZWYtNDM3MS1hODM4LWU0Nzc1ODBmOWVmZBAAGg0I_9j7kgYSBQjoBxAAQgBKAA
  • https://pippio.com/api/sync?pid=5324&it=1&iv=dee4cec5695533a96e094997567f47770ff5dc7071da7822acd02a2242c4e8e1791426b5417dce21&_=2
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlBkZWU0Y2VjNTY5NTUzM2E5NmUwOTQ5OTc1NjdmNDc3NzBmZjVkYzcwNzFkYTc4MjJhY2QwMmEyMjQyYzRlOGUxNzkxNDI2YjU...
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlBkZWU0Y2VjNTY5NTUzM2E5NmUwOTQ5OTc1NjdmNDc3NzBmZjVkYzcwNzFkYTc4MjJhY2QwMmEyMjQyYzRlOGUxNzkxNDI2YjU0MTdkY2UyMRAAGgwI_9j7kgYSBAgCEABCAEoA&goog...
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
  • https://idsync.rlcdn.com/458249.gif?partner_uid=bcd8c4b4-2bf0-4e12-8e50-b05d750e7085
42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/458249.gif?partner_uid=bcd8c4b4-2bf0-4e12-8e50-b05d750e7085
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:16 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

location
https://idsync.rlcdn.com/458249.gif?partner_uid=bcd8c4b4-2bf0-4e12-8e50-b05d750e7085
date
Tue, 19 Apr 2022 17:08:16 GMT
via
1.1 google
x-samesite
secure
alt-svc
clear
content-length
111
content-type
text/html; charset=utf-8
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=6035094&ns__t=1650388094826&ns_c=UTF-8&c8=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking%20%7C...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=6035094&ns__t=1650388094826&ns_c=UTF-8&c8=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking%20%7...
0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=6035094&ns__t=1650388094826&ns_c=UTF-8&c8=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking%20%7C%20WIRED&c7=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&c9=https%3A%2F%2Fapple.news%2F
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
99.84.118.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-118-11.ewr52.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
via
1.1 b9e793c57a48521c3ff94fb625d228a0.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C3
x-amz-cf-id
Bnl8ZdQyAVYm8LWEYRW_Nb0LgIcU0WToGlOqoZkpKa0Hdyq3qYDUnA==
x-cache
Miss from cloudfront

Redirect headers

location
/b2?c1=2&c2=6035094&ns__t=1650388094826&ns_c=UTF-8&c8=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking%20%7C%20WIRED&c7=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&c9=https%3A%2F%2Fapple.news%2F
date
Tue, 19 Apr 2022 17:08:15 GMT
via
1.1 b9e793c57a48521c3ff94fb625d228a0.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C3
content-length
0
x-amz-cf-id
KK64VKWAuCjw4YT3CI9o-0MU7jlqFfSzySwejnj9vQYn-5B30Mv6Hw==
x-cache
Miss from cloudfront
check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_device_id=undefined
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=ADB&partner_device_id=undefined
95 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=ADB&partner_device_id=undefined
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.246.178.107.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=ADB&partner_device_id=undefined
date
Tue, 19 Apr 2022 17:08:15 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
receive
pixel.tapad.com/idsync/ex/
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=648&partner_device_id=c0aa10cc-32ef-4371-a838-e477580f9efd
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=648&partner_device_id=c0aa10cc-32ef-4371-a838-e477580f9efd
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=2fd282df-41d0-44d6-9e93-1cf49faa06bc%252C&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=2fd282df-41d0-44d6-9e93-1cf49faa06bc%252C&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=5c721061-149d-4078-895c-afabf1a9fca0&ttd_puid=2fd282df-41d0-44d6-9e93-1cf49faa06bc%2C
95 B
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=5c721061-149d-4078-895c-afabf1a9fca0&ttd_puid=2fd282df-41d0-44d6-9e93-1cf49faa06bc%2C
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.246.178.107.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:15 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=5c721061-149d-4078-895c-afabf1a9fca0&ttd_puid=2fd282df-41d0-44d6-9e93-1cf49faa06bc%2C
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
353
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame B97E 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 16:23:56 GMT
x-content-type-options
nosniff
age
2659
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 19 Apr 2023 16:23:56 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame B97E 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 17 Apr 2022 00:09:49 GMT
x-content-type-options
nosniff
age
233906
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Mon, 17 Apr 2023 00:09:49 GMT
p.js
cdn.parsely.com/keys/wired.com/ 		56 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.parsely.com/keys/wired.com/p.js
Requested by
Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.112.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-112-62.ewr52.r.cloudfront.net
Software
nginx /
Resource Hash
e4312f2f537cbd6e153d8426ab167e1537c2aa53c8be4f62f05de9e666155d13

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
public
date
Tue, 19 Apr 2022 00:48:06 GMT
content-encoding
gzip
last-modified
Mon, 17 Jan 2022 22:10:23 GMT
server
nginx
age
58809
etag
W/"61e5e94f-e009"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 b9bb8c8d0c6ea9da42e05e460c141e76.cloudfront.net (CloudFront)
cache-control
max-age=86400, public
x-amz-cf-pop
EWR52-C3
x-amz-cf-id
p1Sqz68W_pQIO2pF2vRA7gqM6Y-DLDfFLP37117ccnEyAdzxb7aySw==
expires
Wed, 20 Apr 2022 00:48:06 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame B97E
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Redirect headers

date
Tue, 19 Apr 2022 17:08:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
sparrow.min.js
pixel.condenastdigital.com/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.condenastdigital.com/sparrow.min.js
Requested by
Host: www.wired.com
URL: https://www.wired.com/verso/static/presenter-articles.22d7ad7d77a06f3f1bda.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cff3ff7513a42187f914df965c0006c8756f549dc13ffb64540767042902a748

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:15 GMT
Content-Encoding
gzip
Age
475368
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
13370
x-amz-id-2
SENHVCtuomdm2Mm3mqd2d5TaZvXtN7y+tX3NqyQzcJZGMI1w5AhAFIHf5woKpMNeAi2X6kBHmcY=
X-Served-By
cache-bwi5179-BWI, cache-yul12827-YUL
Access-Control-Allow-Origin
*
Last-Modified
Mon, 18 Oct 2021 11:33:31 GMT
Server
AmazonS3
X-Timer
S1650388095.201740,VS0,VE0
ETag
"e6b88c6f7c41eb887a206c62c62867a9"
Vary
Accept-Encoding
x-amz-request-id
17RDPM5XDG8GCCK8
Via
1.1 varnish, 1.1 varnish
Expires
Wed, 20 Oct 2021 22:46:55 GMT
Cache-Control
no-cache, public, max-age=604800
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Hits
2, 2488
embed-api.json
player.cnevids.com/ 		11 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://player.cnevids.com/embed-api.json?videoId=6230c6615577c237274617fc&interludeOverride=true&playerType=interlude&embedLocation=wired
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/6230c6615577c237274617fc.js?autoplay=1&muted=1&continuousPlay=1&hasCompanion=false&hideHoverTitle=1&hidePosterTitle=1&interludeOverride=true&onReady=setupInterlude1&playerType=interlude&recAlgorithm=copilotIdOverride&recStrategy=copilotIdOverride&showPlaylistBar=false&isRightRail=true&onIframeReady=onIframeReady16503880946570
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.67.76.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-76-84.iad89.r.cloudfront.net
Software
nginx/1.18.0 /
Resource Hash
84d8301a0f5ec6b34d429520cc19bdb41a311ffccb0e768bbd660ae8f4853267
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-Amz-Cf-Pop
IAD89-P2
X-Cache
Miss from cloudfront
Status
200 OK
Access-Control-Max-Age
1728000
Connection
keep-alive
Content-Length
3596
X-XSS-Protection
1; mode=block
X-Request-Id
dc2dde2c-eb3a-4672-8b6e-fc7f284d17e9
X-Runtime
0.029838
X-Backend-Node
10.110.40.180
Referrer-Policy
strict-origin-when-cross-origin
Server
nginx/1.18.0
ETag
W/"15db50835b7d87341a80c6dd1faaf3b5"
X-Download-Options
noopen
Vary
Origin,Accept-Encoding
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
application/json; charset=utf-8
Via
1.1 cfb94084ba0615910dd15548de7c4c5e.cloudfront.net (CloudFront)
Access-Control-Expose-Headers
Cache-Control
max-age=300, public
Access-Control-Allow-Origin
*
X-Amz-Cf-Id
JIcsbGs3Xo58DdeF-2-HuGThk7OuKwm_ih8fG1dRD_MOf7YmTaZRmA==
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame BFCE 		376 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/6230c6615577c237274617fc.js?autoplay=1&muted=1&continuousPlay=1&hasCompanion=false&hideHoverTitle=1&hidePosterTitle=1&interludeOverride=true&onReady=setupInterlude1&playerType=interlude&recAlgorithm=copilotIdOverride&recStrategy=copilotIdOverride&showPlaylistBar=false&isRightRail=true&onIframeReady=onIframeReady16503880946570
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a3da958535a6188b8270a226a4602561a9e6bcc0fe31a5b7ce735b84de07226a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128424
x-xss-protection
0
expires
Tue, 19 Apr 2022 17:08:15 GMT
gpt_proxy.js
imasdk.googleapis.com/js/sdkloader/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/gpt_proxy.js
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/6230c6615577c237274617fc.js?autoplay=1&muted=1&continuousPlay=1&hasCompanion=false&hideHoverTitle=1&hidePosterTitle=1&interludeOverride=true&onReady=setupInterlude1&playerType=interlude&recAlgorithm=copilotIdOverride&recStrategy=copilotIdOverride&showPlaylistBar=false&isRightRail=true&onIframeReady=onIframeReady16503880946570
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9d7cd7f9e1951cabf780b0e5d5bdbe15f69c596ca7e899529a37593faada09d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 16:55:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
775
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31532
x-xss-protection
0
last-modified
Thu, 14 Apr 2022 23:47:21 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
public, max-age=900
accept-ranges
bytes
expires
Tue, 19 Apr 2022 17:10:20 GMT
player-style-d962d5cba633cc5fda85.css
d2c8v52ll5s99u.cloudfront.net/player/ Frame BFCE 		89 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d2c8v52ll5s99u.cloudfront.net/player/player-style-d962d5cba633cc5fda85.css
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/6230c6615577c237274617fc.js?autoplay=1&muted=1&continuousPlay=1&hasCompanion=false&hideHoverTitle=1&hidePosterTitle=1&interludeOverride=true&onReady=setupInterlude1&playerType=interlude&recAlgorithm=copilotIdOverride&recStrategy=copilotIdOverride&showPlaylistBar=false&isRightRail=true&onIframeReady=onIframeReady16503880946570
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.33.81.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-81-81.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
60e3261cfc313477177588f3af1ff9fde8b0e59fbc54f5f61c966749608d572a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 13 Apr 2022 18:09:56 GMT
Content-Encoding
gzip
Age
514700
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
12847
Last-Modified
Wed, 13 Apr 2022 17:03:23 GMT
Server
AmazonS3
ETag
"ff908b891e3dc16bd508d707eb8a1a12"
x-amz-version-id
c_fCZ4YzcHzPpy64LyTae80QNFHwok8T
Via
1.1 6e24e95f882f20707346a032d1fa2948.cloudfront.net (CloudFront)
Cache-Control
max-age=63072000, public
X-Amz-Cf-Pop
EWR52-C1
Accept-Ranges
bytes
Content-Type
text/css; charset=utf-8
X-Amz-Cf-Id
U6LrjsWmkhh487zI4nI9WJ8WvhWXGvMmJulFYx9ZV9wc2-LxRkq76A==
Expires
Tue, 01 Jan 2030 00:00:00 GMT
main-cbaabc24a9061ea5fbe1.js
d2c8v52ll5s99u.cloudfront.net/player/ Frame BFCE 		824 KB
225 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2c8v52ll5s99u.cloudfront.net/player/main-cbaabc24a9061ea5fbe1.js
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/6230c6615577c237274617fc.js?autoplay=1&muted=1&continuousPlay=1&hasCompanion=false&hideHoverTitle=1&hidePosterTitle=1&interludeOverride=true&onReady=setupInterlude1&playerType=interlude&recAlgorithm=copilotIdOverride&recStrategy=copilotIdOverride&showPlaylistBar=false&isRightRail=true&onIframeReady=onIframeReady16503880946570
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.33.81.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-81-81.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4dec4d0777bdaeb172679c73cc10d762dae818ee69c7a972e484ebf288c8ad3b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Mon, 11 Apr 2022 13:52:18 GMT
Content-Encoding
gzip
Age
702958
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
229675
Last-Modified
Fri, 08 Apr 2022 20:27:30 GMT
Server
AmazonS3
ETag
"057f62e2a89eec5bca1c2cef0e80c31d"
x-amz-version-id
AI3lhdT.ym9.J3X6cX7K1KLNHCwg3tZ2
Via
1.1 6e24e95f882f20707346a032d1fa2948.cloudfront.net (CloudFront)
Cache-Control
max-age=63072000, public
X-Amz-Cf-Pop
EWR52-C1
Accept-Ranges
bytes
Content-Type
application/javascript
X-Amz-Cf-Id
ZAQ3QCtH45izotRu4wK1EwukGQyFOt9X2VkdYDvVkXtlILs-VT0sjQ==
Expires
Tue, 01 Jan 2030 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 3DF1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssg0qt_vqNM8gEpCGENDI6Re2AlqhE0g4EGQFgtTSzrwD6QwQ2KsQwH8_L9cuJfSAC8SwQFFp_wfxZvyTgV8uPabi_t9oUwRuIojYCZQQfF3xa5vYv0KV2D5DBGklasxm9y5WnzWc4LvIu_PGmRHRqaQMEJM0n1PjE1o0eR6mZFhjVgrs4H5lj2K40r9d9zn2AjXZ6byGWSYMF4Qa4GSWCpvI8XPLdHLIRTsthPhDHySISM2r0l3IRqI9JKng8KT3aYEkQVM34RjrjHFx-r_ODVt8fjg4QsGsGd94-aZV9_dNRFPrl7PwfouI1eIXdLQsPD7NSOSrPKILcBXQ&sai=AMfl-YRf2Y3-VsPAK1fHZ5yFLaxo5u1ZpM3A0IeHajAKLztRiSjEqNmfb9p5AL6zJwZPAN0E7yEU2fRfMansfUbtdJqxuzuE0rte6m_CDNf09wDLVrLY8Xp_JPrkQYJToI0bEA1G7qszrwADBg-yzo-g&sig=Cg0ArKJSzBeYsmLdwQ9aEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
dcmads.js
www.googletagservices.com/dcm/ Frame 3DF1 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/dcmads.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f8dbb6ce75623f0ad406fde606d85b94e9e372430a862531ef17cb1f4eb04e02
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 16:13:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3273
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9368
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 15:20:37 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 19 Apr 2022 17:13:42 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 3DF1 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650281421154365"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 19 Apr 2022 17:08:15 GMT
moatad.js
z.moatads.com/condenastdfp9588492144/ Frame 3DF1 		338 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/condenastdfp9588492144/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
93bdae6b694c8ab42e75dc9fb50cb63b5a0b5dffbd519544e46ad2408b89eb9c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
last-modified
Tue, 19 Apr 2022 16:11:24 GMT
server
AmazonS3
x-amz-request-id
Z1NAP36CTFKK6KHY
etag
"52993edeac412af707946fca555c86e7"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=64505
accept-ranges
bytes
content-length
115750
x-amz-id-2
9EXEhsNqUKW0PeNatwIaY4sC1OQOLMBRUN75+vuUVH2QiNS5l4CjQ+Jsd79gwZQtxDFic67dG+E=
p-Jjy-Cyr1NZGRz.gif
pixel.quantserve.com/pixel/ 		35 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel/p-Jjy-Cyr1NZGRz.gif?labels=_campaign.media.Advertiser%20ID.5141956204.Campaign%20ID.3000880211.Line%20Item%20ID.5960647119
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:44af:4f54:8af4:5563 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:15 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=conde.wired.native&zMoatAdUnit2=in-content&zMoatAdUnit3=security&zMoatAdUnit4=article&wf=1&ra=3&pxm=3&sgs=3&vb=7&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F7078450531912860447%2Fdownsize_200k_v1%3Fsqp%3D4sqPyQR5QncIABIUDc3MzD4VAAAAQB0AAAAAJQAAAAAYACIKDQAAgD8VAACAPypPCFoQAR0AALRCIAEoATAGOANAgMLXL0gAUABYAGBacAJ4AIABAIgBAJABAJ0BAACAP6ABAKgBALABgK3iBLgB____________AcUBLbKdPg%26rs%3DAOga4ql6QulDDZjgzWwUbJlG6g6xxuSZDQ&i=CONDENAST_PREBID_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%23Vyt9.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-3gPfcs6wZ10QbMk%2BqjMratT%2F8IKBUGMSV3D%2B4hwCudYVWqlJ9ew2bEg%3D&rs=1-8mrC8H1EcAEJWg%3D%3D&sc=1&os=1-8Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&g=0&h=125&w=125&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&f=0&j=https%3A%2F%2Fapple.news&t=1650388093410&de=811794565249&rx=878667589509&cu=1650388093410&m=1798&ar=bee2df476bf-clean&iw=5eeb72d&cb=0&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=6137&le=1&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A628%3A628%3A0%3A735&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&cc=0&bw=0&bx=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=0&of=0&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=281&cd=0&ah=281&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=4660981638%3A2443012271%3A5276770044%3A138301071698&bo=conde.wired.native&bd=1&gw=condenastprebidheader987326845656&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&tc=0&fs=198121&na=1653142183&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:15 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:15 GMT
MRNA_science_GettyImages-1237786053.jpg
media.wired.com/photos/625a1c9b59f96ede09b15dda/1:1/w_320,h_350,c_limit/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.wired.com/photos/625a1c9b59f96ede09b15dda/1:1/w_320,h_350,c_limit/MRNA_science_GettyImages-1237786053.jpg
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
199ad79590104276904e4867d388cafbf3fe34d6482cebec5f1b0d2dc31d2599

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Age
315353
X-Cache
HIT, HIT
Fastly-Io-Info
ifsz=768522 idim=2400x1600 ifmt=jpeg ofsz=13698 odim=320x320 ofmt=webp
server-timing
geo;desc="continent=NA;country=CA;pop=YUL"
Fastly-Restarts
1
X-Served-By
cache-fra19130-FRA, cache-yul12828-YUL
experience
katra
Accept-Ranges
bytes
X-Timer
S1650388095.369026,VS0,VE1
Etag
"NONCI760Cl/2kMzudbLyJPfQ+7cdFAgw8PkuXzmxqVo"
vary
accept
Content-Type
image/webp
Fastly-Stats
io=1
cache-control
max-age=31536, must-revalidate, public
Content-Length
13698
timing-allow-origin
*
X-Cache-Hits
1, 2
Avian_flu_science_GettyImages-1387571468.jpg
media.wired.com/photos/6259e5ecad866a4c55b79278/1:1/w_320,h_350,c_limit/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.wired.com/photos/6259e5ecad866a4c55b79278/1:1/w_320,h_350,c_limit/Avian_flu_science_GettyImages-1387571468.jpg
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d87f4aceddc451f74425f752e29c0d15bd2e35500b8d33df508a339847100043

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Age
320703
X-Cache
HIT, HIT
Fastly-Io-Info
ifsz=459439 idim=2400x1800 ifmt=jpeg ofsz=13498 odim=320x320 ofmt=webp
server-timing
geo;desc="continent=NA;country=CA;pop=YUL"
Fastly-Restarts
1
X-Served-By
cache-iad-kcgs7200162-IAD, cache-yul12821-YUL
experience
katra
Accept-Ranges
bytes
X-Timer
S1650388095.372221,VS0,VE1
Etag
"GThYz5akAlO+rg1M+6Mu48foaokT/iXANokvrBdMxws"
vary
accept
Content-Type
image/webp
Fastly-Stats
io=1
cache-control
max-age=31536, must-revalidate, public
Content-Length
13498
timing-allow-origin
*
X-Cache-Hits
1, 50
Quanta_W-Boson_2880x1620_Lede.jpg
media.wired.com/photos/62597ba3a7f86087873e1126/1:1/w_320,h_350,c_limit/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.wired.com/photos/62597ba3a7f86087873e1126/1:1/w_320,h_350,c_limit/Quanta_W-Boson_2880x1620_Lede.jpg
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7920f9b7e66ad369aaff2873c2a6e1100c05874edad4950596fc57fc27a24ab5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Age
331697
X-Cache
HIT, HIT
Fastly-Io-Info
ifsz=1200787 idim=2400x1350 ifmt=jpeg ofsz=17674 odim=320x320 ofmt=webp
server-timing
geo;desc="continent=NA;country=CA;pop=YUL"
Fastly-Restarts
1
X-Served-By
cache-iad-kjyo7100159-IAD, cache-yul12828-YUL
experience
katra
Accept-Ranges
bytes
X-Timer
S1650388095.382603,VS0,VE1
Etag
"hz0Mf6Cu+NsNOoiFoikJLJ3MHAcyvtXDaCFrZjGQD3U"
vary
accept
Content-Type
image/webp
Fastly-Stats
io=1
cache-control
max-age=31536, must-revalidate, public
Content-Length
17674
timing-allow-origin
*
X-Cache-Hits
1, 3
Russia-Troops-Data-Publishing-Security-1239544105.jpg
media.wired.com/photos/62561aad4d62eb1d9cf1c3d3/1:1/w_320,h_350,c_limit/ 		25 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.wired.com/photos/62561aad4d62eb1d9cf1c3d3/1:1/w_320,h_350,c_limit/Russia-Troops-Data-Publishing-Security-1239544105.jpg
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
80eff21c17184d2761f1eccfbaf19343c894ed55335b69c4dbf8df845aea12f1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Age
542168
X-Cache
HIT, HIT
Fastly-Io-Info
ifsz=2845899 idim=2400x1600 ifmt=jpeg ofsz=25568 odim=320x320 ofmt=webp
server-timing
geo;desc="continent=NA;country=CA;pop=YUL"
Fastly-Restarts
1
X-Served-By
cache-fra19165-FRA, cache-yul12821-YUL
experience
katra
Accept-Ranges
bytes
X-Timer
S1650388095.385400,VS0,VE1
Etag
"ive1osB2O5UYi97ibXMrpcGXW/ijW8S3lHzwaoWLwkA"
vary
accept
Content-Type
image/webp
Fastly-Stats
io=1
cache-control
max-age=31536, must-revalidate, public
Content-Length
25568
timing-allow-origin
*
X-Cache-Hits
1, 35
pr
s.amazon-adsystem.com/v3/ Frame 4EF3 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/v3/pr?exlist=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&dcc=t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
7f8bb85ccf656cd3aae3262f8b6e462f723398be9f6e3c10957179bf38f3f724
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&dcc=t
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
2014
Content-Type
text/html;charset=ISO-8859-1
Date
Tue, 19 Apr 2022 17:08:15 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Permissions-Policy
interest-cohort=()
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
x-amz-rid
MPP7PRCG04RREYV8NHWN
dest5.html
condenast.demdex.net/ Frame D96F 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://condenast.demdex.net/dest5.html?d_nsid=0
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.224.186.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-224-186-170.compute-1.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
2791
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-va6-2-v031-0b2fd6cf1.edge-va6.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
AD+hPRANS4k=
content-encoding
gzip
date
Tue, 19 Apr 2022 17:08:15 GMT
last-modified
Wed, 13 Apr 2022 15:25:57 GMT
vary
accept-encoding
ibs:dpid=411&dpuuid=Yl7sfwAAAHRrhARA
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=51128452588216843153317871896908876551
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl7sfwAAAHRrhARA
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl7sfwAAAHRrhARA
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v028-04c724a40.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
li87kcJfRPE=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yl7sfwAAAHRrhARA
Date
Tue, 19 Apr 2022 17:08:15 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
linkid.js
www.google-analytics.com/plugins/ua/ 		2 KB
884 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 16:51:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1026
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 19 Apr 2022 17:51:09 GMT
publisher:getClientId
ampcid.google.com/v1/ 		74 B
531 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ae8264ec552f76003b5335b0839b6fe29284e27617923b0b2c50357ade389091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.wired.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
94
x-xss-protection
0
228464857488266
connect.facebook.net/signals/config/ 		308 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/228464857488266?v=2.9.57&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
33c8d7252ee326944846d5374837b33b81bd068ac71b593b3ba41d460801316b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
89813
x-xss-protection
0
pragma
public
x-fb-debug
2BaXa3M/c7zrBY8zfG3YBYx/jOEotfqiXUAXz7AzwIqvtDl8t5YKzBONkvaVxsf2vj7UD4L1wA1wveuHKYcaqQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 19 Apr 2022 17:08:15 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
rules-p-Jjy-Cyr1NZGRz.js
rules.quantcount.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-Jjy-Cyr1NZGRz.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21ec:3e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
efdbd8582066a12cf45115f1e150d2a8de06bf6b14db3feca98b116efeb9e0bb

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 16:53:25 GMT
content-encoding
gzip
age
890
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
last-modified
Mon, 19 Mar 2018 22:18:17 GMT
server
AmazonS3
etag
W/"2c930184a7ea36f2f9a5d9324b880b63"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 4cb1c715abfea3c2d99c87070fbe2f26.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
JFK51-C1
x-amz-cf-id
p3ccPBsLRKtfOoxiQju6Cnm8qzNiCt5Xtg49IZjc1OhxrzRaK8W6Ag==
br-ijs_all_modules_2d913b64e789f2bd268452855491ee94.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		539 KB
102 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/br-ijs_all_modules_2d913b64e789f2bd268452855491ee94.js
Requested by
Host: tag.bounceexchange.com
URL: https://tag.bounceexchange.com/2825/i.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b6854bf9d082917a43310dcac4c41ed763557068df5ce773e117d12e656deae2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 14:40:27 GMT
content-encoding
br
age
8868
x-guploader-uploadid
ADPycdsjjnt0rGXHElTu9V44yoxm3z7Y-pZEqFotNSIJ0N0dUmhnf9EqXxTmoyBKhsGaEF3FXhiTngFnbWtAPK5VExx4XGDMt-mY
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
clear
content-length
103491
last-modified
Tue, 19 Apr 2022 14:40:20 GMT
server
UploadServer
etag
"98e93560a084fb3dfcfaf71e465fc2be"
x-goog-hash
crc32c=IyJp9g==, md5=mOk1YKCE+z38+vceRl/Cvg==
x-goog-generation
1650379220777904
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=31536000
x-goog-stored-content-length
103491
accept-ranges
bytes
content-type
text/javascript
expires
Wed, 19 Apr 2023 14:40:27 GMT
adsct
analytics.twitter.com/i/ 		31 B
216 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1his&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=df9eddda-730d-4dd1-bda0-6cf02b404af4&tw_document_href=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&tpx_cb=twttr.conversion.loadPixels
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
6
date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
server
tsa_b
strict-transport-security
max-age=631138519
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0
x-connection-hash
c65b8d729d7104a06072062b47f109a1eed3c4a790829519ea1a595feb96ba72
content-type
application/javascript;charset=utf-8
content-length
57
adsct
analytics.twitter.com/i/ 		31 B
458 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o28a6&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=4454905f-1013-4fcb-a893-c0c61b4ef12b&tw_document_href=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&tpx_cb=twttr.conversion.loadPixels
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
5
date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
server
tsa_b
strict-transport-security
max-age=631138519
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0
x-connection-hash
c65b8d729d7104a06072062b47f109a1eed3c4a790829519ea1a595feb96ba72
content-type
application/javascript;charset=utf-8
content-length
57
adsct
t.co/i/ 		43 B
207 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o1his&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=df9eddda-730d-4dd1-bda0-6cf02b404af4&tw_document_href=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
6
date
Tue, 19 Apr 2022 17:08:14 GMT
server
tsa_b
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
9723200a6b40e20f6546da186f8e2a197f6719646ce1dbfec3253ee108cf691c
content-length
43
adsct
t.co/i/ 		43 B
336 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o28a6&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=4454905f-1013-4fcb-a893-c0c61b4ef12b&tw_document_href=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
6
date
Tue, 19 Apr 2022 17:08:15 GMT
server
tsa_b
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
9723200a6b40e20f6546da186f8e2a197f6719646ce1dbfec3253ee108cf691c
content-length
43
modules.0076bf93c385ddf0ff58.js
script.hotjar.com/ 		239 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.0076bf93c385ddf0ff58.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1537182.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.102.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-102-38.ewr53.r.cloudfront.net
Software
/
Resource Hash
e0e44c153e6969ff112250bc468dd4615e5f48f2b2db3e3ffabc11be9d9b6313
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 10:49:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
541149
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
63817
access-control-allow-origin
*
last-modified
Wed, 13 Apr 2022 10:48:29 GMT
etag
"838915b4bc2438e3190a8320d0520962"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 6886c621d4716e156349149ba8d65b40.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
1tsDd-ek-QtMjjBTy_ULD0euxcISoVFjwYZ9jlU7k0SKVnvdvccBwA==
user
4d.condenastdigital.com/ 		67 B
466 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://4d.condenastdigital.com/user?xid=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: pixel.condenastdigital.com
URL: https://pixel.condenastdigital.com/sparrow.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.2.129.5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-2-129-5.compute-1.amazonaws.com
Software
/
Resource Hash
dec17afa5dc5e4249bab1d13a178f473f537248675f71a3d64878b5c17e73ced

Request headers

Accept
text/plain
Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
transfer-encoding
chunked
Content-Type
application/json; charset=utf-8
access-control-allow-origin
https://www.wired.com
access-control-expose-headers
WWW-Authenticate,Server-Authorization
cache-control
no-cache
access-control-allow-credentials
true
Connection
keep-alive
content
4d.condenastdigital.com/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://4d.condenastdigital.com/content?url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F
Requested by
Host: pixel.condenastdigital.com
URL: https://pixel.condenastdigital.com/sparrow.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.2.129.5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-2-129-5.compute-1.amazonaws.com
Software
/
Resource Hash
e24f891e86eaed809c4964f529f23c8f647204ac6b6e4c0c0a6db2ddd48999ce

Request headers

Accept
text/plain
Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
transfer-encoding
chunked
Content-Type
application/json; charset=utf-8
access-control-allow-origin
https://www.wired.com
access-control-expose-headers
WWW-Authenticate,Server-Authorization
cache-control
no-cache
access-control-allow-credentials
true
Connection
keep-alive
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.378Z&_t=assigned-experiments&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6000&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&uNw=1&uUq=1&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=general&dim1=%7B%22assignments%22%3A%5B%7B%22payload%22%3A%22%7B%5Cn%20%20%20%20%5C%22client%5C%22%3A%20%7B%5Cn%20%20%20%20%20%20%20%20%5C%22ArticlePageContext%5C%22%3A%20%7B%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%5C%22ArticlePage%5C%22%20%3A%20%7B%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%5C%22settings%5C%22%20%3A%20%7B%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%5C%22isNewsletterAggressive%5C%22%20%3A%20true%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%7D%2C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%5C%22AggressiveNewsletterWrapper%5C%22%20%3A%20%7B%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%5C%22settings%5C%22%20%3A%20%7B%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%5C%22isNewsletterAggressive%5C%22%3A%20true%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%7D%2C%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%5C%22NewsletterSubscribeForm%5C%22%3A%20%7B%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%5C%22variation%5C%22%20%3A%20%5C%22Aggressive%5C%22%5Cn%20%20%20%20%20%20%20%20%20%20%20%20%7D%5Cn%20%20%20%20%20%20%20%20%7D%5Cn%20%20%20%20%7D%5Cn%7D%22%2C%22assignment%22%3A%22newsletter-aggressive%22%2C%22experimentLabel%22%3A%22WIRED-aggressive-newsletter-signup-test%22%2C%22bucketLabel%22%3A%22newsletter-aggressive%22%2C%22status%22%3A%22NEW_ASSIGNMENT%22%2C%22applicationName%22%3A%22Verso%22%2C%22pageName%22%3A%22wired%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%7D%2C%7B%22payload%22%3A%22%7B%7D%22%2C%22assignment%22%3A%22with-ad%22%2C%22experimentLabel%22%3A%22wired-sponsor-product%22%2C%22bucketLabel%22%3A%22with-ad%22%2C%22status%22%3A%22NEW_ASSIGNMENT%22%2C%22applicationName%22%3A%22Verso%22%2C%22pageName%22%3A%22wired%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%7D%5D%7D&environment=prod&origin=wired
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
transfer-encoding
chunked
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.387Z&_t=pubadsReady&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6000&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22pageContext%22%3A%7B%22channel%22%3A%22security%22%2C%22content%22%3A%7B%22copyCount%22%3A1358%2C%22imageCount%22%3A0%2C%22embedCount%22%3A1%2C%22ratio%22%3A1358%7D%2C%22contentType%22%3A%22article%22%2C%22keywords%22%3A%7B%22copilotid%22%3A%5B%226256eb35dcd4a10f9e523401%22%5D%2C%22platform%22%3A%5B%22verso%22%5D%2C%22tags%22%3A%5B%22cybersecurity%22%2C%22malware%22%2C%22hacking%22%2C%22russia%22%2C%22cyberattacks-and-hacks%22%2C%22national-security%22%2C%22Russia%22%5D%7D%2C%22server%22%3A%22production%22%2C%22slug%22%3A%22pipedream-ics-malware%22%2C%22subChannel%22%3A%22cyberattacks-and-hacks%22%2C%22subSubChannel%22%3A%22%22%2C%22templateType%22%3A%22mt_article_two_column%22%7D%2C%22version%22%3A%226.57.0%22%7D&environment=prod&origin=wired
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.396Z&_t=renderEnded&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6000&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Atrue%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22interstitial%22%2C%22size%22%3A%22%22%7D&environment=prod&origin=wired
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.402Z&_t=renderEnded&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6000&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Afalse%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22in-content%22%2C%22size%22%3A%220x0%22%7D&environment=prod&origin=wired
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.409Z&_t=in-view&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6000&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=verso-pattern-tracking&dim5=%5B%7B%22pattern%22%3A%22ConnectedNavigation%22%7D%5D&dim6=%5B%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22WIRED-aggressive-newsletter-signup-test%22%2C%22bucketLabel%22%3A%22newsletter-aggressive%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%2C%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22wired-sponsor-product%22%2C%22bucketLabel%22%3A%22with-ad%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%5D&environment=prod&origin=wired
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
transfer-encoding
chunked
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.414Z&_t=in-view&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6000&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=verso-pattern-tracking&dim5=%5B%7B%22pattern%22%3A%22ConnectedNavigation%22%7D%2C%7B%22pattern%22%3A%22StandardNavigation%22%7D%5D&dim6=%5B%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22WIRED-aggressive-newsletter-signup-test%22%2C%22bucketLabel%22%3A%22newsletter-aggressive%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%2C%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22wired-sponsor-product%22%2C%22bucketLabel%22%3A%22with-ad%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%5D&environment=prod&origin=wired
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.419Z&_t=in-view&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6000&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=verso-pattern-tracking&dim5=%5B%7B%22pattern%22%3A%22ConnectedNavigation%22%7D%2C%7B%22pattern%22%3A%22StandardNavigation%22%7D%2C%7B%22pattern%22%3A%22ConnectedBookmarkAlert%22%7D%5D&dim6=%5B%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22WIRED-aggressive-newsletter-signup-test%22%2C%22bucketLabel%22%3A%22newsletter-aggressive%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%2C%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22wired-sponsor-product%22%2C%22bucketLabel%22%3A%22with-ad%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%5D&environment=prod&origin=wired
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.425Z&_t=in-view&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6000&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=verso-pattern-tracking&dim5=%5B%7B%22pattern%22%3A%22ConnectedNavigation%22%7D%2C%7B%22pattern%22%3A%22StandardNavigation%22%7D%2C%7B%22pattern%22%3A%22ConnectedBookmarkAlert%22%7D%2C%7B%22pattern%22%3A%22StickyHeroAd%22%7D%5D&dim6=%5B%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22WIRED-aggressive-newsletter-signup-test%22%2C%22bucketLabel%22%3A%22newsletter-aggressive%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%2C%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22wired-sponsor-product%22%2C%22bucketLabel%22%3A%22with-ad%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%5D&environment=prod&origin=wired
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.469Z&_t=in-view&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6000&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=verso-pattern-tracking&dim5=%5B%7B%22pattern%22%3A%22ConnectedNavigation%22%7D%2C%7B%22pattern%22%3A%22StandardNavigation%22%7D%2C%7B%22pattern%22%3A%22ConnectedBookmarkAlert%22%7D%2C%7B%22pattern%22%3A%22StickyHeroAd%22%7D%2C%7B%22pattern%22%3A%22ContentHeader%22%7D%5D&dim6=%5B%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22WIRED-aggressive-newsletter-signup-test%22%2C%22bucketLabel%22%3A%22newsletter-aggressive%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%2C%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22wired-sponsor-product%22%2C%22bucketLabel%22%3A%22with-ad%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%5D&environment=prod&origin=wired
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.481Z&_t=in-view&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6000&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=verso-pattern-tracking&dim5=%5B%7B%22pattern%22%3A%22ConnectedNavigation%22%7D%2C%7B%22pattern%22%3A%22StandardNavigation%22%7D%2C%7B%22pattern%22%3A%22ConnectedBookmarkAlert%22%7D%2C%7B%22pattern%22%3A%22StickyHeroAd%22%7D%2C%7B%22pattern%22%3A%22ContentHeader%22%7D%2C%7B%22pattern%22%3A%22TitleBlock%22%7D%5D&dim6=%5B%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22WIRED-aggressive-newsletter-signup-test%22%2C%22bucketLabel%22%3A%22newsletter-aggressive%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%2C%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22wired-sponsor-product%22%2C%22bucketLabel%22%3A%22with-ad%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%5D&environment=prod&origin=wired
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.494Z&_t=in-view&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6000&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=verso-pattern-tracking&dim5=%5B%7B%22pattern%22%3A%22ConnectedNavigation%22%7D%2C%7B%22pattern%22%3A%22StandardNavigation%22%7D%2C%7B%22pattern%22%3A%22ConnectedBookmarkAlert%22%7D%2C%7B%22pattern%22%3A%22StickyHeroAd%22%7D%2C%7B%22pattern%22%3A%22ContentHeader%22%7D%2C%7B%22pattern%22%3A%22TitleBlock%22%7D%2C%7B%22pattern%22%3A%22Caption%22%7D%5D&dim6=%5B%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22WIRED-aggressive-newsletter-signup-test%22%2C%22bucketLabel%22%3A%22newsletter-aggressive%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%2C%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22wired-sponsor-product%22%2C%22bucketLabel%22%3A%22with-ad%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%5D&environment=prod&origin=wired
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.510Z&_t=renderEnded&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6000&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Afalse%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22hero%22%2C%22size%22%3A%22728x90%22%7D&environment=prod&origin=wired
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:15 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
robots.txt
t.skimresources.com/api/v2/ Frame 26BA 		0
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.030162419296318577
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
47.67.201.35.bc.googleusercontent.com
Software
Python/3.7 aiohttp/3.5.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
via
1.1 google
server
Python/3.7 aiohttp/3.5.4
alt-svc
clear
content-length
0
content-type
text/plain charset=UTF-8
px.gif
p.skimresources.com/ 		43 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.skimresources.com/px.gif?ch=1&rn=6.355752766985656
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
160.91.190.35.bc.googleusercontent.com
Software
Skimlinks Pixel 1.0 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
via
1.1 google
server
Skimlinks Pixel 1.0
p3p
policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc
clear
content-length
43
content-type
image/gif
px.gif
p.skimresources.com/ 		43 B
244 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.skimresources.com/px.gif?ch=2&rn=6.355752766985656
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
160.91.190.35.bc.googleusercontent.com
Software
Skimlinks Pixel 1.0 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
via
1.1 google
server
Skimlinks Pixel 1.0
p3p
policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc
clear
content-length
43
content-type
image/gif
rp.gif
alb.reddit.com/ 		42 B
157 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1650388095564&id=t2_bn0mvswd&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=ed395cdc-6036-4447-b9a4-d90b361dee5c&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_90e98f9f
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
via
1.1 varnish
server
Varnish
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
s2s-hb
pbs.getpublica.com/v1/ 		2 B
388 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pbs.getpublica.com/v1/s2s-hb?site_id=2564&format=json&app_name=CNEVIDEO&adserver=gam&slot_count=1&site_name=wired&content_episode=79&content_length=457&content_season=Season%201&content_id=6230c6615577c237274617fc&content_title=A%20Timeline%20of%20Russian%20Cyberattacks%20on%20Ukraine&content_series=Currents&content_language=en&content_category=Security%2CScience%20%26%20Tech--Security&content_keywords=Russian%20Cyber%20Attacks%2Crussia%20ukraine%2Cukraine%20vs%20russian%2Cukranian%20invasion%2Cukraine%20cyber%20attacks%2Ccyber%20attacks%20ukraine%2Cukraine%2Crussia%20and%20ukraine%2Crussian%20cyber%20attacks%2Crussian%20cyber%20attacks%20timeline%2Ctimeline%20of%20cyber%20attacks%2Crussian%20attacks%2Cwired%20russia%2Crussia%20attacks%2Cwired%20cyber%20attacks%2Csandworm%2Csandworm%20russia%2Crussia%20sandworm%2Crussia%20worm%2Ccomputer%20worm%2Crussia%20computer%20worm%2Ccomputer%20worm%20russia%2Ckremlin%2Ckremlin%20cyber%20attack%2Ccyber%20attacks%20kremlin&site_page=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&cb=5750640
Requested by
Host: player.cnevids.com
URL: https://player.cnevids.com/script/video/6230c6615577c237274617fc.js?autoplay=1&muted=1&continuousPlay=1&hasCompanion=false&hideHoverTitle=1&hidePosterTitle=1&interludeOverride=true&onReady=setupInterlude1&playerType=interlude&recAlgorithm=copilotIdOverride&recStrategy=copilotIdOverride&showPlaylistBar=false&isRightRail=true&onIframeReady=onIframeReady16503880946570
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.162.166.167 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-162-166-167.compute-1.amazonaws.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:16 GMT
Content-Encoding
gzip
Vary
Origin
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://www.wired.com
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials
true
Content-Length
26
Expires
0
/
p.adsymptotic.com/d/px/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1650388095567&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1650388095567&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&cookiesTest=true
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D434737%26time%3D1650388095567%26url%3Dhttps%253A%252F%252Fwww.wired.com%252Fstory...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1650388095567&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&cookiesTest=true&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=434737&time=1650388095567&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&cookiesTest=true&liSync=true&e_ipv6=AQJWEvTiIkrcCwAA...
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=0302ae64-220c-44e7-90c8-11aca3d9147c
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=0302ae64-220c-44e7-90c8-11aca3d9147c&_expected_cookie=edac0a428f128e924c46fa2f...
43 B
165 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=0302ae64-220c-44e7-90c8-11aca3d9147c&_expected_cookie=edac0a428f128e924c46fa2f1448938d
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
104.18.98.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:18 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6fe73dcc5aa7a241-YYZ
p3p
CP='NON DSP COR CONi OUR BUS CNT'
content-type
image/gif
content-length
43

Redirect headers

location
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=0302ae64-220c-44e7-90c8-11aca3d9147c&_expected_cookie=edac0a428f128e924c46fa2f1448938d
date
Tue, 19 Apr 2022 17:08:17 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6fe73dcb3860a241-YYZ
content-length
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
simple
api.sail-personalize.com/v1/personalize/ 		288 B
497 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Requested by
Host: ak.sail-horizon.com
URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.2.40.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aa7557bb34ea5624b.awsglobalaccelerator.com
Software
/
Resource Hash
e2ddb369a9b8e431beddc0860abd41ce03cc7c561bb045b03655df8b5c9f638a

Request headers

x-lib-version
v1.0.1
accept-language
en-CA,en;q=0.9
authorization
Bearer 96cc6d73eeadca5c51a196378f9bf3d1
content-type
application/json
accept
application/json
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
x-referring-url
https://www.wired.com/story/pipedream-ics-malware/

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
allowedorigins
*
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
no-store
access-control-allow-credentials
true
allowedheaders
Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin
content-length
196
allowedmethods
GET,OPTIONS
expires
-1
simple
api.sail-personalize.com/v1/personalize/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.2.40.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aa7557bb34ea5624b.awsglobalaccelerator.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,x-lib-version,x-referring-url
Access-Control-Request-Method
GET
Origin
https://www.wired.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL
access-control-allow-methods
OPTIONS,GET,POST,PUT,DELETE
access-control-allow-origin
https://www.wired.com
access-control-max-age
1800
allow
HEAD,GET,OPTIONS
content-length
18
content-type
text/plain
date
Tue, 19 Apr 2022 17:08:15 GMT
n
elsa.memoinsights.com/ 		306 B
911 B 		Script
General
Check archive.org
Download Go to
Full URL
https://elsa.memoinsights.com/n?pid=5c058a6070cdcc676efa61c4&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&date=2022-04-13T19%3A50%3A48.527Z&title=Feds%20Uncover%20a%20%27Swiss%20Army%20Knife%27%20for%20Hacking%20Industrial%20Systems&channels=tags&authors=Cond%C3%A9%20Nast&referrer=https%3A%2F%2Fapple.news%2F&ref_url=https%3A%2F%2Fapple.news%2F&page_url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&cb=MEMO.API.callbacks.cbboldxkx&v=v3.0.5
Requested by
Host: cdn.memo.co
URL: https://cdn.memo.co/js/memo.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.85.177.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-177-101.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
f77bf38affd00e58556f04280638d5a86c926e2a71c3f793b19b9a7c642e4613

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
server
istio-envoy
content-type
application/javascript
x-envoy-upstream-service-time
0
Connection
keep-alive
Content-Length
213
x-request-id
769f8154094db8c3b62c469e7f2a0fc7
box-4924254a9ce4dc9b959b6e4a9b662d60.html
vars.hotjar.com/ Frame 8896 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1537182.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.146.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-146-75.ewr52.r.cloudfront.net
Software
/
Resource Hash
67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
541149
cache-control
max-age=31536000
content-encoding
br
content-length
1044
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 10:49:06 GMT
etag
"1635635016e428baa170305e9282c34a"
last-modified
Wed, 13 Apr 2022 10:48:29 GMT
vary
Accept-Encoding
via
1.1 b4396731a9663e6ea5f94926a9a70198.cloudfront.net (CloudFront)
x-amz-cf-id
rpMpjkxEkETAFFweQlPFeCq3g-9_4b8KdZBO5Ix6SDZBcuxtZ9sXhA==
x-amz-cf-pop
EWR52-C2
x-cache
Hit from cloudfront
x-robots-tag
none
/
r.skimresources.com/api/ 		150 B
341 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://r.skimresources.com/api/
Requested by
Host: s.skimresources.com
URL: https://s.skimresources.com/js/100099X1555751.skimlinks.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
101.59.190.35.bc.googleusercontent.com
Software
openresty/1.11.2.5 /
Resource Hash
8d23d1e5b7c3ebcbe109c3f4247f926e661440f2a861db23fcb2739ce8d32047
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
openresty/1.11.2.5
strict-transport-security
max-age=31536000
content-type
application/json
access-control-allow-origin
https://www.wired.com
vary
Accept-Encoding
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
impl_v86.js
www.googletagservices.com/dcm/ Frame 3DF1 		54 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/impl_v86.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c7d7c651efabfdcce87a8fec34efbafc99924e3c83c8412f954219cddafa458
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:13:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
39273
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21362
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:03:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 06:13:42 GMT
cfcc45d7-cb72-4a0e-a29a-d4e2f1831c4f
https://www.wired.com/ Frame BFCE 		31 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.wired.com/cfcc45d7-cb72-4a0e-a29a-d4e2f1831c4f
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Length
31
Content-Type
application/javascript
integrator.js
adservice.google.ca/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ca/adsid/integrator.js?domain=www.wired.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.wired.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		302 B
142 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4240033368257457&correlator=1230515925443800&hxva=1&scor=406237631797971&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fifs&rdp=1&us_privacy=1---&iu_parts=3379%2Cconde.wired.native%2Caside%2Csecurity%2Carticle%2C1&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=320x50%7C2x2&fluid=height&ifi=4&adks=1253013061&sfv=1-0-38&ecs=20220419&fsapi=false&prev_scp=pos%3Daside%26ctx_slot_type%3Daside%26ctx_slot_rn%3D0%26pos_instance%3D1%26ctx_slot_instance%3D0%26ctx_slot_name%3Daside_0%26slot_name%3Daside_1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_platform%3Dverso%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd%26cnt_cm%3Dcm_pay_ent_sample%252Ccm_pay_scope_none%252Ccm_pay_ent_sample_cnt_1%252Ccm_pay_ent_sample_max_4%26vnd_4d_sid%3D8eaeadd8-b23f-4df8-8692-888f7fc5dce8%26vnd_4d_pid%3Db8c5454f-ed15-4054-8d4c-c698d3ec1f22&ppid=c0aa10cc32ef4371a838e477580f9efd&sc=1&cookie=ID%3Db1d44f49b8b413d5%3AT%3D1650388093%3AS%3DALNI_Mbp1e38ciDp26q0_SlcWfCK-cav3A&gpic=UID%3D0000044500e5e7cf%3AT%3D1650388093%3ART%3D1650388093%3AS%3DALNI_MawNgb8jh0LRUguYvVEiSwFFk6zCA&abxe=1&dt=1650388095881&lmt=1650388095&dlt=1650388093100&idt=528&biw=1600&bih=1200&adxs=-12245933&adys=-12245933&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ref=https%3A%2F%2Fapple.news%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x0&msz=0x0&fws=640&ohw=0&ga_vid=145265742.1650388094&ga_sid=1650388094&ga_hid=1715062932&ga_fc=false&btvi=-1&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
8492ed826dc6b4e4850875f1d92bdeb612a321e11eb38a5ac3a2ee7a842182c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		187 KB
75 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4240033368257457&correlator=1230515925443800&hxva=1&scor=406237631797971&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fifs&rdp=1&us_privacy=1---&iu_parts=3379%2Cwiredcom.cm%2Csecurity%2Ccyberattacks-and-hacks&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=1280x300&ifi=5&adks=1058725820&sfv=1-0-38&ecs=20220419&fsapi=false&prev_scp=pos%3Dcm%26ctx_slot_type%3Dcm_paywall_bar_call_to_action%26ctx_slot_rn%3D0%26pos_instance%3D1%26ctx_slot_instance%3D0%26ctx_slot_name%3Dcm_paywall_bar_call_to_action_0%26slot_name%3Dcm_1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_platform%3Dverso%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd%26cnt_cm%3Dcm_pay_ent_sample%252Ccm_pay_scope_none%252Ccm_pay_ent_sample_cnt_1%252Ccm_pay_ent_sample_max_4%26vnd_4d_sid%3D8eaeadd8-b23f-4df8-8692-888f7fc5dce8%26vnd_4d_pid%3Db8c5454f-ed15-4054-8d4c-c698d3ec1f22&ppid=c0aa10cc32ef4371a838e477580f9efd&sc=1&cookie=ID%3Db1d44f49b8b413d5%3AT%3D1650388093%3AS%3DALNI_Mbp1e38ciDp26q0_SlcWfCK-cav3A&gpic=UID%3D0000044500e5e7cf%3AT%3D1650388093%3ART%3D1650388093%3AS%3DALNI_MawNgb8jh0LRUguYvVEiSwFFk6zCA&abxe=1&dt=1650388095886&lmt=1650388095&dlt=1650388093100&idt=528&biw=1600&bih=1200&adxs=160&adys=1200&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ref=https%3A%2F%2Fapple.news%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x-1&msz=1600x-1&fws=512&ohw=0&ga_vid=145265742.1650388094&ga_sid=1650388094&ga_hid=1715062932&ga_fc=false&btvi=2&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
1ee7dd45dd7a5948ee2b77bcff48d60252c17998918acaefbbad8a77cd8bf71d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
77039
x-xss-protection
0
google-lineitem-id
5966601000
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138387131425
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		302 B
141 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4240033368257457&correlator=1230515925443800&hxva=1&scor=406237631797971&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fifs&rdp=1&us_privacy=1---&iu_parts=3379%2Cwiredcom.cm%2Csecurity%2Ccyberattacks-and-hacks&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=520x638&ifi=6&adks=907467394&sfv=1-0-38&ecs=20220419&fsapi=false&prev_scp=pos%3Dcm%26ctx_slot_type%3Dcm_paywall_modal_full_barrier%26ctx_slot_rn%3D0%26pos_instance%3D2%26ctx_slot_instance%3D0%26ctx_slot_name%3Dcm_paywall_modal_full_barrier_0%26slot_name%3Dcm_2&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_platform%3Dverso%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd%26cnt_cm%3Dcm_pay_ent_sample%252Ccm_pay_scope_none%252Ccm_pay_ent_sample_cnt_1%252Ccm_pay_ent_sample_max_4%26vnd_4d_sid%3D8eaeadd8-b23f-4df8-8692-888f7fc5dce8%26vnd_4d_pid%3Db8c5454f-ed15-4054-8d4c-c698d3ec1f22&ppid=c0aa10cc32ef4371a838e477580f9efd&sc=1&cookie=ID%3Db1d44f49b8b413d5%3AT%3D1650388093%3AS%3DALNI_Mbp1e38ciDp26q0_SlcWfCK-cav3A&gpic=UID%3D0000044500e5e7cf%3AT%3D1650388093%3ART%3D1650388093%3AS%3DALNI_MawNgb8jh0LRUguYvVEiSwFFk6zCA&abxe=1&dt=1650388095888&lmt=1650388095&dlt=1650388093100&idt=528&biw=1600&bih=1200&adxs=-12245933&adys=-12245933&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ref=https%3A%2F%2Fapple.news%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&fws=516&ohw=0&ga_vid=145265742.1650388094&ga_sid=1650388094&ga_hid=1715062932&ga_fc=false&btvi=-1&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
9de722f7cc46ce4c0f77f0bcc7672da63122b0e35788e7459ed0455e7533f540
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		21 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4240033368257457&correlator=1230515925443800&hxva=1&scor=406237631797971&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fifs&rdp=1&us_privacy=1---&iu_parts=3379%2Cconde.wired.cm%2Cnav-cta%2Csecurity%2Carticle%2C1&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=80x40&ifi=7&adks=2667067849&sfv=1-0-38&ecs=20220419&fsapi=false&prev_scp=pos%3Dnav-cta%26ctx_slot_type%3Dnav_cta%26ctx_slot_rn%3D0%26pos_instance%3D1%26ctx_slot_instance%3D0%26ctx_slot_name%3Dnav_cta_0%26slot_name%3Dnav_cta_1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_platform%3Dverso%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd%26cnt_cm%3Dcm_pay_ent_sample%252Ccm_pay_scope_none%252Ccm_pay_ent_sample_cnt_1%252Ccm_pay_ent_sample_max_4%26vnd_4d_sid%3D8eaeadd8-b23f-4df8-8692-888f7fc5dce8%26vnd_4d_pid%3Db8c5454f-ed15-4054-8d4c-c698d3ec1f22&ppid=c0aa10cc32ef4371a838e477580f9efd&sc=1&cookie=ID%3Db1d44f49b8b413d5%3AT%3D1650388093%3AS%3DALNI_Mbp1e38ciDp26q0_SlcWfCK-cav3A&gpic=UID%3D0000044500e5e7cf%3AT%3D1650388093%3ART%3D1650388093%3AS%3DALNI_MawNgb8jh0LRUguYvVEiSwFFk6zCA&abxe=1&dt=1650388095891&lmt=1650388095&dlt=1650388093100&idt=528&biw=1600&bih=1200&adxs=1448&adys=28&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ref=https%3A%2F%2Fapple.news%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=80x-1&msz=80x-1&fws=512&ohw=0&ga_vid=145265742.1650388094&ga_sid=1650388094&ga_hid=1715062932&ga_fc=false&btvi=0&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
524c12bbbd545b79ccfa7837fea66e08d051878fa7aca7907204d06120e0add8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9641
x-xss-protection
0
google-lineitem-id
5966601018
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138387131773
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		272 KB
150 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4240033368257457&correlator=1230515925443800&hxva=1&scor=406237631797971&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fifs&rdp=1&us_privacy=1---&iu_parts=3379%2Cconde.wired.cm%2Cnav-rollover%2Csecurity%2Carticle%2C1&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=300x200&ifi=8&adks=3527217923&sfv=1-0-38&ecs=20220419&fsapi=false&prev_scp=pos%3Dnav-rollover%26ctx_slot_type%3Dnav_rollover%26ctx_slot_rn%3D0%26pos_instance%3D1%26ctx_slot_instance%3D0%26ctx_slot_name%3Dnav_rollover_0%26slot_name%3Dnav_rollover_1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_platform%3Dverso%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd%26cnt_cm%3Dcm_pay_ent_sample%252Ccm_pay_scope_none%252Ccm_pay_ent_sample_cnt_1%252Ccm_pay_ent_sample_max_4%26vnd_4d_sid%3D8eaeadd8-b23f-4df8-8692-888f7fc5dce8%26vnd_4d_pid%3Db8c5454f-ed15-4054-8d4c-c698d3ec1f22&ppid=c0aa10cc32ef4371a838e477580f9efd&sc=1&cookie=ID%3Db1d44f49b8b413d5%3AT%3D1650388093%3AS%3DALNI_Mbp1e38ciDp26q0_SlcWfCK-cav3A&gpic=UID%3D0000044500e5e7cf%3AT%3D1650388093%3ART%3D1650388093%3AS%3DALNI_MawNgb8jh0LRUguYvVEiSwFFk6zCA&abxe=1&dt=1650388095894&lmt=1650388095&dlt=1650388093100&idt=528&biw=1600&bih=1200&adxs=1228&adys=42&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ref=https%3A%2F%2Fapple.news%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=300x-1&msz=300x-1&fws=512&ohw=0&ga_vid=145265742.1650388094&ga_sid=1650388094&ga_hid=1715062932&ga_fc=false&btvi=0&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
3bcb2ec2e35200e7ab69946cd3df2b94264dd2801885eddf5e87169a1347a2e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
153234
x-xss-protection
0
google-lineitem-id
5968630460
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138387131437
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		303 B
139 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4240033368257457&correlator=1230515925443800&hxva=1&scor=406237631797971&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fifs&rdp=1&us_privacy=1---&iu_parts=3379%2Cconde.wired.cm%2Cin-content%2Csecurity%2Carticle%2C2&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=450x140&ifi=9&adks=1834807156&sfv=1-0-38&ecs=20220419&fsapi=false&prev_scp=pos%3Din-content%26ctx_slot_type%3Dcm_in_content%26ctx_slot_rn%3D0%26pos_instance%3D2%26ctx_slot_instance%3D0%26ctx_slot_name%3Dcm_in_content_0%26slot_name%3Din_content_2&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_platform%3Dverso%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd%26cnt_cm%3Dcm_pay_ent_sample%252Ccm_pay_scope_none%252Ccm_pay_ent_sample_cnt_1%252Ccm_pay_ent_sample_max_4%26vnd_4d_sid%3D8eaeadd8-b23f-4df8-8692-888f7fc5dce8%26vnd_4d_pid%3Db8c5454f-ed15-4054-8d4c-c698d3ec1f22&ppid=c0aa10cc32ef4371a838e477580f9efd&sc=1&cookie=ID%3Db1d44f49b8b413d5%3AT%3D1650388093%3AS%3DALNI_Mbp1e38ciDp26q0_SlcWfCK-cav3A&gpic=UID%3D0000044500e5e7cf%3AT%3D1650388093%3ART%3D1650388093%3AS%3DALNI_MawNgb8jh0LRUguYvVEiSwFFk6zCA&abxe=1&dt=1650388095897&lmt=1650388095&dlt=1650388093100&idt=528&biw=1600&bih=1200&adxs=324&adys=2381&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ref=https%3A%2F%2Fapple.news%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=720x0&msz=720x0&fws=0&ohw=0&ga_vid=145265742.1650388094&ga_sid=1650388094&ga_hid=1715062932&ga_fc=false&btvi=3&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
d551bedf542778e0548df34ca60d9cebb258cd90f777f51eba745ce8199e1d35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:15 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
110
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		273 KB
149 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4240033368257457&correlator=1230515925443800&hxva=1&scor=406237631797971&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fifs&rdp=1&us_privacy=1---&iu_parts=3379%2Cconde.wired.cm%2Ccm-footer%2Csecurity%2Carticle%2C1&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=940x140&ifi=10&adks=2989442466&sfv=1-0-38&ecs=20220419&fsapi=false&prev_scp=pos%3Dcm-footer%26ctx_slot_type%3Dcm_footer%26ctx_slot_rn%3D0%26pos_instance%3D1%26ctx_slot_instance%3D0%26ctx_slot_name%3Dcm_footer_0%26slot_name%3Dcm_footer_1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_platform%3Dverso%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd%26cnt_cm%3Dcm_pay_ent_sample%252Ccm_pay_scope_none%252Ccm_pay_ent_sample_cnt_1%252Ccm_pay_ent_sample_max_4%26vnd_4d_sid%3D8eaeadd8-b23f-4df8-8692-888f7fc5dce8%26vnd_4d_pid%3Db8c5454f-ed15-4054-8d4c-c698d3ec1f22&ppid=c0aa10cc32ef4371a838e477580f9efd&sc=1&cookie=ID%3Db1d44f49b8b413d5%3AT%3D1650388093%3AS%3DALNI_Mbp1e38ciDp26q0_SlcWfCK-cav3A&gpic=UID%3D0000044500e5e7cf%3AT%3D1650388093%3ART%3D1650388093%3AS%3DALNI_MawNgb8jh0LRUguYvVEiSwFFk6zCA&abxe=1&dt=1650388095900&lmt=1650388095&dlt=1650388093100&idt=528&biw=1600&bih=1200&adxs=330&adys=5538&ucis=a&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ref=https%3A%2F%2Fapple.news%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x0&msz=1600x0&fws=0&ohw=0&ga_vid=145265742.1650388094&ga_sid=1650388094&ga_hid=1715062932&ga_fc=false&btvi=4&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
7ce6fb62310dec57da627f98660b0ef820598738eb8b5c746c0b466cf63283e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
152913
x-xss-protection
0
google-lineitem-id
5968630454
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138387131788
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
publisher:getClientId
ampcid.google.ca/v1/ 		3 B
460 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ampcid.google.ca/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.wired.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
vary
Origin, X-Origin, Referer
content-length
23
x-xss-protection
0
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A15.916Z&_t=pageview&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6100&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=general&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit&dim6=%5B%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22WIRED-aggressive-newsletter-signup-test%22%2C%22bucketLabel%22%3A%22newsletter-aggressive%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%2C%7B%22applicationName%22%3A%22Verso%22%2C%22experimentLabel%22%3A%22wired-sponsor-product%22%2C%22bucketLabel%22%3A%22with-ad%22%2C%22userID%22%3A%22c0aa10cc-32ef-4371-a838-e477580f9efd%22%2C%22pageName%22%3A%22wired%22%7D%5D
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
andoncord
assoc-na.associates-amazon.com/onetag/ 		16 B
413 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://assoc-na.associates-amazon.com/onetag/andoncord
Requested by
Host: z-na.associates-amazon.com
URL: https://z-na.associates-amazon.com/onetag/v2?MarketPlace=US&instanceId=11cb70e4-21b3-453f-834c-1463094700df
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.141.85 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c462d460eab61de19f36cc384c99666e5bf65eaeba0c12b8f594c5410c01f220

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:16 GMT
Server
Server
x-amz-rid
FN9QQHWNBVNC79W66ZSA
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Content-Type
application/json
Access-Control-Allow-Origin
https://www.wired.com
Access-Control-Allow-Credentials
true
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
16
/
p1.parsely.com/plogger/ 		43 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p1.parsely.com/plogger/?rand=1650388096039&plid=31412545&idsite=wired.com&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&urlref=https%3A%2F%2Fapple.news%2F&screen=1600x1200%7C1600x1200%7C24&data=%7B%22plan%22%3A%22Not+Active%22%7D&sid=1&surl=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&sref=https%3A%2F%2Fapple.news%2F&sts=1650388096029&slts=0&title=Pipedream+Malware%3A+Feds+Uncover+%27Swiss+Army+Knife%27+for+Industrial+System+Hacking+%7C+WIRED&date=Tue+Apr+19+2022+17%3A08%3A16+GMT%2B0000+(GMT)&action=pageview&pvid=16165129&u=pid%3D2a04e4fbe6d11a793ae8f38ef0778425
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-205-167-202.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:16 GMT
Cache-Control
no-cache
Last-Modified
Tuesday, 19-Apr-2022 17:08:16 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
usermatch
ssum-sec.casalemedia.com/ Frame 25FF
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3d26cee6f5338317013bd5264ada7f222159c70a6d9a58b3247f2154a07043ac

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1695
Content-Type
text/html
Date
Tue, 19 Apr 2022 17:08:16 GMT
Dropped-Udsids
230|45|241|39|13|105|47|41
Expires
Tue, 19 Apr 2022 17:08:16 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync

Redirect headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
324
Content-Type
text/html; charset=iso-8859-1
Date
Tue, 19 Apr 2022 17:08:16 GMT
Expires
Tue, 19 Apr 2022 17:08:16 GMT
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
usync.html
eus.rubiconproject.com/ Frame 7CDC 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.78.168.242 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-78-168-242.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 19 Apr 2022 17:08:16 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
visitormatch
bh.contextweb.com/ Frame 6FCD 		930 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
Jetty(9.4.14.v20181114) /
Resource Hash
c515d893267d2fd89f4dc663ccc2fb9374ebd0266848a269f17aa619845758b2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
private, max-age=0, no-cache, no-store
content-language
en-CA
content-length
930
content-type
text/html;charset=iso-8859-1
cw-server
bh-deployment-5d95fd45d8-sf986
expires
-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(9.4.14.v20181114)
strict-transport-security
max-age=15768000
ecm3
s.amazon-adsystem.com/ Frame 9316
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58251/sync?redir=true
  • https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS03QUdkLnBORTJ1SW1wNE15blgxWFZFRHVJOFVfSlJWbn5B
43 B
556 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS03QUdkLnBORTJ1SW1wNE15blgxWFZFRHVJOFVfSlJWbn5B
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Tue, 19 Apr 2022 17:08:16 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Permissions-Policy
interest-cohort=()
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
x-amz-rid
TZTDEDFB3H7XRF1ET2J5

Redirect headers

age
0
content-length
0
date
Tue, 19 Apr 2022 17:08:16 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS03QUdkLnBORTJ1SW1wNE15blgxWFZFRHVJOFVfSlJWbn5B
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.0.46
strict-transport-security
max-age=31536000
cm
u.openx.net/w/1.0/ Frame 78C7 		722 B
768 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
6de3e54d0cbe75496a13bc9e0bc4ae3296aedfe2aaf54a9e7e9945e695a89dd0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
457
content-type
text/html
date
Tue, 19 Apr 2022 17:08:16 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
via
1.1 google
ecm3
s.amazon-adsystem.com/ Frame 2F86
Redirect Chain
  • https://ssbsync-us.smartadserver.com/api/sync?callerId=2
  • https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=7635925066268763285&gdpr=0&gdpr_consent=
43 B
556 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=7635925066268763285&gdpr=0&gdpr_consent=
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Tue, 19 Apr 2022 17:08:16 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Permissions-Policy
interest-cohort=()
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
x-amz-rid
7NSCSJDQK66TAG2FDAXD

Redirect headers

content-length
0
date
Tue, 19 Apr 2022 17:08:15 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=7635925066268763285&gdpr=0&gdpr_consent=
ecm3
s.amazon-adsystem.com/ Frame B68D
Redirect Chain
  • https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com
  • https://s.amazon-adsystem.com/ecm3?id=5068312605290501509&ex=appnexus.com
43 B
556 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?id=5068312605290501509&ex=appnexus.com
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Tue, 19 Apr 2022 17:08:16 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Permissions-Policy
interest-cohort=()
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
x-amz-rid
Y9CNZSYPMAPCYW5VWKDH

Redirect headers

AN-X-Request-Uuid
d40be685-5eda-4e49-85ed-b353e5eaef38
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Tue, 19 Apr 2022 17:08:16 GMT
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Location
https://s.amazon-adsystem.com/ecm3?id=5068312605290501509&ex=appnexus.com
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma
no-cache
Server
nginx/1.21.3
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection
0
ecm3
s.amazon-adsystem.com/ Frame 5ABF
Redirect Chain
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=279427031869946490122
43 B
556 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=279427031869946490122
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-index_rbd_ppt_n-vmg_ox-db5_smrt_an-db5_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Tue, 19 Apr 2022 17:08:16 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Permissions-Policy
interest-cohort=()
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
x-amz-rid
00YYKHNWWW4CM9D2WEB1

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Tue, 19 Apr 2022 17:08:16 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=279427031869946490122
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
identify.js
analytics.tiktok.com/i18n/pixel/ 		114 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/identify.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1IQID9FKFK1PHD4UBH0&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.216.132.73 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-216-132-73.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b2864c65b32cd25bf64a7eb4fddf486dff821f1924172a0083db962615bd6ce0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
server
nginx
x-tt-logid
202204191708160101130062090C0748D8
vary
Accept-Encoding
x-cache
TCP_MISS from a23-216-133-201.deploy.akamaitechnologies.com (AkamaiGHost/10.7.4-40388856) (-)
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
18,23.216.133.201
x-tt-trace-host
01e9de859ad2e33abbaf7df8cd5e2b0dec9444231d4d34e7deb178556866b47fa9336a835bdfb9c1c289daf9a8892e97cefdf07cd1635e26adaf4fed8f75de9a7f4a648e0f249361e35e34da78bcbf359fa3b976025cac0addd391660c539464f9
server-timing
inner; dur=5, cdn-cache; desc=MISS, edge; dur=1, origin; dur=18
x-akamai-request-id
2640b88f
expires
Tue, 19 Apr 2022 17:08:16 GMT
config.js
analytics.tiktok.com/i18n/pixel/ 		882 B
963 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/config.js?sdkid=C1IQID9FKFK1PHD4UBH0&hostname=www.wired.com
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1IQID9FKFK1PHD4UBH0&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.216.132.73 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-216-132-73.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
65d9905a6dab0acb64d9a3fcb34dc78d020c648f54106d910d7b92c7fabec373

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-akamai-request-id
2640b8d1
date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-cache
TCP_MISS from a23-216-133-201.deploy.akamaitechnologies.com (AkamaiGHost/10.7.4-40388856) (-)
server-timing
inner; dur=4, cdn-cache; desc=MISS, edge; dur=1, origin; dur=13
content-length
358
pragma
no-cache
server
nginx
x-tt-logid
202204191708160101131350982790AD86
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
14,23.216.133.201
x-tt-trace-host
01e9de859ad2e33abbaf7df8cd5e2b0dec9444231d4d34e7deb178556866b47fa9336a835bdfb9c1c289daf9a8892e97ced017a2c42c1c7930e11da0ef04c9b1cbc85361e6ae12641d6f1d2fb4762b7e12307261b189ce8f7f477ebcdbb02e6bee
expires
Tue, 19 Apr 2022 17:08:16 GMT
haloid
id.halo.ad.gt/api/v1/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://id.halo.ad.gt/api/v1/haloid
Requested by
Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/57
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.25.223.171 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-25-223-171.us-west-2.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
c5d5e7f685c3bb91e84b94b6738310b8e2de4056b4668c42131ec64b3f014e40

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
gzip
origin-trial
server
nginx/1.20.0
content-type
text/javascript; charset=UTF-8
57
p.ad.gt/api/v1/p/ 		29 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p.ad.gt/api/v1/p/57
Requested by
Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/57
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.254.18.59 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-254-18-59.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
5d7372bbd4162193bb46d7138d5dbdcaec241cd4dcb7feaefa39681b62b5b185

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
gzip
last-modified
Fri, 15 Apr 2022 13:41:24 GMT
server
nginx/1.18.0
etag
W/"1650030084.0-29837-2545748540"
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=43200
expires
Wed, 20 Apr 2022 05:08:16 GMT
match
ids.ad.gt/api/v1/
Redirect Chain
  • https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&adnxs_id=$UID
  • https://ids.ad.gt/api/v1/match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&adnxs_id=5068312605290501509
43 B
470 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&adnxs_id=5068312605290501509
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
54.148.204.204 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-204-204.us-west-2.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
cache-control
public, max-age=43200
server
nginx/1.20.0
content-type
image/gif
expires
Wed, 20 Apr 2022 05:08:16 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:16 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
376518b1-2fa3-450b-ade9-4b0f271f8f74
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ids.ad.gt/api/v1/match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&adnxs_id=5068312605290501509
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
t_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=709de7b3-ad72-41b0-a5a3-bee226fa562e
  • https://ids.ad.gt/api/v1/t_match?tdid=5c721061-149d-4078-895c-afabf1a9fca0&id=709de7b3-ad72-41b0-a5a3-bee226fa562e
43 B
466 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/t_match?tdid=5c721061-149d-4078-895c-afabf1a9fca0&id=709de7b3-ad72-41b0-a5a3-bee226fa562e
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
54.148.204.204 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-204-204.us-west-2.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
cache-control
public, max-age=43200
server
nginx/1.20.0
content-type
image/gif
expires
Wed, 20 Apr 2022 05:08:16 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ids.ad.gt/api/v1/t_match?tdid=5c721061-149d-4078-895c-afabf1a9fca0&id=709de7b3-ad72-41b0-a5a3-bee226fa562e
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
259
pbm_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D709de7b3-ad72-41b0-a5a3-bee226fa562e
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3D709de7b3-ad72-41b0-a5a3-bee226fa562e
  • https://ids.ad.gt/api/v1/pbm_match?pbm=399F1BBB-5F36-413A-B5AF-6A196DD6CC89&id=709de7b3-ad72-41b0-a5a3-bee226fa562e
43 B
467 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/pbm_match?pbm=399F1BBB-5F36-413A-B5AF-6A196DD6CC89&id=709de7b3-ad72-41b0-a5a3-bee226fa562e
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
54.148.204.204 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-204-204.us-west-2.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
cache-control
public, max-age=43200
server
nginx/1.20.0
content-type
image/gif
expires
Wed, 20 Apr 2022 05:08:17 GMT

Redirect headers

location
https://ids.ad.gt/api/v1/pbm_match?pbm=399F1BBB-5F36-413A-B5AF-6A196DD6CC89&id=709de7b3-ad72-41b0-a5a3-bee226fa562e
date
Tue, 19 Apr 2022 17:08:16 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
g_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=709de7b3-ad72-41b0-a5a3-bee226fa562e
  • https://ids.ad.gt/api/v1/g_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&google_gid=CAESEJ-eJlmWTcGWLt9oCtJ_p8k&google_cver=1&google_ula=450542624,0
43 B
467 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/g_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&google_gid=CAESEJ-eJlmWTcGWLt9oCtJ_p8k&google_cver=1&google_ula=450542624,0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
54.148.204.204 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-204-204.us-west-2.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
cache-control
public, max-age=43200
server
nginx/1.20.0
content-type
image/gif
expires
Wed, 20 Apr 2022 05:08:16 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ids.ad.gt/api/v1/g_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&google_gid=CAESEJ-eJlmWTcGWLt9oCtJ_p8k&google_cver=1&google_ula=450542624,0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
357
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/
Redirect Chain
  • https://ids.ad.gt/api/v1/g_hosted?id=709de7b3-ad72-41b0-a5a3-bee226fa562e
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=NzA5ZGU3YjMtYWQ3Mi00MWIwLWE1YTMtYmVlMjI2ZmE1NjJl
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=NzA5ZGU3YjMtYWQ3Mi00MWIwLWE1YTMtYmVlMjI2ZmE1NjJl
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Server
142.251.40.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=NzA5ZGU3YjMtYWQ3Mi00MWIwLWE1YTMtYmVlMjI2ZmE1NjJl
date
Tue, 19 Apr 2022 17:08:16 GMT
server
nginx/1.20.0
content-length
473
content-type
text/html; charset=utf-8
getuid
sync.smartadserver.com/
Redirect Chain
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fsmart_match%3Fid%3D709de7b3-ad72-41b0-a5a3-bee226fa562e%26sas_uid%3D%5bsas_uid%5d
  • https://sync.smartadserver.com/getuid?url=https://ids.ad.gt/api/v1/smart_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&sas_uid=[sas_uid]&cklb=1
0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.smartadserver.com/getuid?url=https://ids.ad.gt/api/v1/smart_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&sas_uid=[sas_uid]&cklb=1
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
199.187.193.192 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
content-length
0

Redirect headers

location
https://sync.smartadserver.com:443/getuid?url=https://ids.ad.gt/api/v1/smart_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&sas_uid=[sas_uid]&cklb=1
pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
son_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://sync.go.sonobi.com/us?https://ids.ad.gt/api/v1/son_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&uid=[UID]
  • https://ids.ad.gt/api/v1/son_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&uid=25def852-866c-4d5c-9ec5-2d11780385bc
43 B
374 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/son_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&uid=25def852-866c-4d5c-9ec5-2d11780385bc
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
54.148.204.204 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-204-204.us-west-2.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
cache-control
public, max-age=43200
server
nginx/1.20.0
content-type
image/gif
expires
Wed, 20 Apr 2022 05:08:16 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:16 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-77
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://ids.ad.gt/api/v1/son_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&uid=25def852-866c-4d5c-9ec5-2d11780385bc
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
unruly
ids.ad.gt/api/v1/
Redirect Chain
  • https://sync.1rx.io/usersync/audigent/0?dspret=1&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Funruly%3Fid%3D709de7b3-ad72-41b0-a5a3-bee226fa562e%26unruly_id%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync/audigent/0?zcc=1&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Funruly%3Fid%3D709de7b3-ad72-41b0-a5a3-bee226fa562e%26unruly_id%3D%5BRX_UUID%5D&cb=1650388096468
  • https://ids.ad.gt/api/v1/unruly?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&unruly_id=OPTOUT
43 B
381 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/unruly?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&unruly_id=OPTOUT
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
54.148.204.204 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-204-204.us-west-2.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
cache-control
public, max-age=43200
server
nginx/1.20.0
content-type
image/gif
expires
Wed, 20 Apr 2022 05:08:17 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:16 GMT
Server
Tengine
ETag
OPTOUT
Transfer-Encoding
chunked
Content-Type
text/html
Location
https://ids.ad.gt/api/v1/unruly?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&unruly_id=OPTOUT
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Expires
0
ads
securepubads.g.doubleclick.net/gampad/ 		15 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4240033368257457&correlator=1230515925443800&hxva=1&scor=406237631797971&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fifs&rdp=1&us_privacy=1---&iu_parts=3379%2Cconde.wired%2Crail%2Csecurity%2Carticle%2C1&enc_prev_ius=0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=300x250%7C300x600&ifi=11&adks=3607248659&sfv=1-0-38&ecs=20220419&fsapi=false&prev_scp=pos%3Drail%26ctx_slot_type%3Drail%26ctx_slot_rn%3D0%26pos_instance%3D1%26ctx_slot_instance%3D0%26ctx_slot_name%3Drail_0%26slot_name%3Drail_1%26m_mv%3DslotNoHistData%26m_gv%3DslotNoHistData%26amznbid%3D117mjnk%26amznp%3D8ua29s%26amzniid%3DIjwVjLG8XZwbue1JVvUnFDgAAAGAQsvM2wEAAAvbAZ8WRlo%26amznsz%3D300x250%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.18%26hb_adid%3D38eb1f100e8c15a%26hb_bidder%3Dix&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_platform%3Dverso%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd%26cnt_cm%3Dcm_pay_ent_sample%252Ccm_pay_scope_none%252Ccm_pay_ent_sample_cnt_1%252Ccm_pay_ent_sample_max_4%26vnd_4d_sid%3D8eaeadd8-b23f-4df8-8692-888f7fc5dce8%26vnd_4d_pid%3Db8c5454f-ed15-4054-8d4c-c698d3ec1f22&ppid=c0aa10cc32ef4371a838e477580f9efd&sc=1&cookie=ID%3Db1d44f49b8b413d5%3AT%3D1650388093%3AS%3DALNI_Mbp1e38ciDp26q0_SlcWfCK-cav3A&gpic=UID%3D0000044500e5e7cf%3AT%3D1650388093%3ART%3D1650388093%3AS%3DALNI_MawNgb8jh0LRUguYvVEiSwFFk6zCA&abxe=1&dt=1650388096166&lmt=1650388096&dlt=1650388093100&idt=528&biw=1600&bih=1200&adxs=1067&adys=1560&ucis=b&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ref=https%3A%2F%2Fapple.news%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&fws=512&ohw=0&ga_vid=145265742.1650388094&ga_sid=1650388094&ga_hid=1715062932&ga_fc=false&btvi=5&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
e985cc726a29e331db8cd63071c86e495a20b9e5277be5b9dea4e6834c32ce6d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8011
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A16.192Z&_t=renderEnded&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6100&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Atrue%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22aside%22%2C%22size%22%3A%22%22%7D&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A16.208Z&_t=renderEnded&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6100&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Atrue%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22cm%22%2C%22size%22%3A%22%22%7D&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
view
securepubads.g.doubleclick.net/pcs/ Frame E9EF 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstkgWupKTXJWQGHXHNrdMOOKZDkbIeW4SWflP-5h0LwgWjLXZMBrQk1gW4WKnMkkhpoRMX7P_M2W4-H878_6hCpIyXEOszQggh1KcLwS-ypS58VDW-_tV8GGwblNlmkfiS6pfkNGg32GW20T34EtAvt0SWlbBqhy4qV4Tkh5LmFBOc6t3VKyQtHWNH9w6QMocfvrbA-l74i9oG-hZnPW9qxTQ6KlWLe5dwzqDjy5fFDN2Rpt-K41mf2dJUGR5uWe2qrTA_2BHNWdl919LT0GCFmj2MkOdYDy_Sxc_EstMf7udAHkXJg019Nd1WTk_DrFvg0prHFVD6hgZx7ZDiU1w&sai=AMfl-YQ4nmYzurS385OZ5lumPo4CMkY_EzGo7I7-WX5G9c3RsrD47Rll5FCpI-s2Kfi4EQjVeWTOSV2XYo_iXr4EQtxPD5v5VNovTKKECE84qgDrTdK2BxMECDgeV6ebM4Y4-cywiBgcv5jJ9Md_wR8-&sig=Cg0ArKJSzI-myX3dFhmwEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E9EF 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650281421154365"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 19 Apr 2022 17:08:16 GMT
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A16.231Z&_t=renderEnded&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6100&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Afalse%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22nav-cta%22%2C%22size%22%3A%2280x40%22%7D&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
p-Jjy-Cyr1NZGRz.gif
pixel.quantserve.com/pixel/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel/p-Jjy-Cyr1NZGRz.gif?labels=_campaign.media.Advertiser%20ID.347421895.Campaign%20ID.3004935525.Line%20Item%20ID.5966601018
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:44af:4f54:8af4:5563 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
WiredMono-Regular.woff2
www.wired.com/verso/static/wired/assets/fonts/ Frame E9EF 		18 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/wired/assets/fonts/WiredMono-Regular.woff2
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c8c9128b649afff93f89f77eb2aa5a4bbbb1443bebc5156d0f697780c8beaa26
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
via
1.1 varnish
age
468163
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/wired/assets/fonts/WiredMono-Regular.woff2
last-modified
Thu, 11 Nov 2021 10:13:22 GMT
verso
true
content-length
18912
x-amz-id-2
NYofixHD7NLSYylKlEgdaAB5zn0RnpwCvhk1O3z0zDaYNTGYxcljcNEtDnPzvPNOAm2GneyZzmg=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388096.249807,VS0,VE0
apple-news-services-request-url
/verso/static/wired/assets/fonts/WiredMono-Regular.woff2
etag
"e755d282ae1120887b3b1d207bb930ce"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
1715DMN8CYBM1TX0
access-control-allow-origin
*
expires
Fri, 14 Apr 2023 07:05:33 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff2
apple-news-services-host
www.wired.com
x-cache-hits
121
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A16.248Z&_t=renderEnded&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6100&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Atrue%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22in-content%22%2C%22size%22%3A%22%22%7D&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
view
securepubads.g.doubleclick.net/pcs/ Frame 3419 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvY-7vNNU6JJDT2yGFdrtvOfePV7-U0x6IqTaGPD4XVEYvgpCoJRz7LfYFULONBCyutz87lDYuIw0BFzZnI-1abLcfZIwUW67Wm9-cCbzwSF7-yEXgSBBpr1tlnPjvRQR9nNdBpe5xSoUUZue8sOIWDToK2THPCPef3A6h86oRFBNgO9X2kFYdgM2NNvz1RwMMziQd5tlv1pmjI8lhb8JuY-ejQDgxGC7bbygQ7sGKEpSTLlL_K3nDbrOUrncIn9sHwAYc02IjIGu-ffCgIzW7NZvCCqao3cEW6yNiuoY843uy-6N48TeIMp4_cxYmcfKqnUHSGPat71g0LbxYiAXAi&sai=AMfl-YTqrgIAtyk2V-zcGAZs7N1j9EUHxnbyTI5H0zBfhmjWyoZ-cYKwWgTByy7dtZtEpTK-e-hcUkU8Wp5df7ot7TaM2_2Obk4gfzE-5_NIWYVvGlPeLz6FXbyaGVdodmKlUSqFwZ3iD9w0OFsLV46A&sig=Cg0ArKJSzJyFWiQai5d4EAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
entitlement
www.wired.com/api/payment/ Frame 3419 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/api/payment/entitlement
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
via
1.1 varnish
x-cache
HIT
x-ua-device
desktop
access-control-allow-methods
POST
server-timing
geo;desc="continent=NA;country=CA;pop=YUL"
content-length
0
x-served-by
cache-yul12829-YUL
server
Varnish
x-timer
S1650388096.293713,VS0,VE1
vary
strict-transport-security
max-age=31536000; preload
access-control-allow-origin
https://www.wired.com
access-control-expose-headers
Set-Cookie
cache-control
no-cache
access-control-allow-credentials
true
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
Origin, Content-Type
apple-news-services-host
www.wired.com
retry-after
0
x-cache-hits
0
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 3419 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650281421154365"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 19 Apr 2022 17:08:16 GMT
Totex4.png
media.wired.com/photos/602aecc4c46dad7d557e27f8/master/pass/ Frame 3419 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.wired.com/photos/602aecc4c46dad7d557e27f8/master/pass/Totex4.png
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.239 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1c39eb6721f509a4f33444ca0981fa061c1529b69f4d451debc9c0ffdd644e1c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Age
2800830
X-Cache
HIT, HIT
Fastly-Io-Info
ifsz=530514 idim=1275x864 ifmt=png ofsz=31618 odim=1275x864 ofmt=webp
server-timing
geo;desc="continent=NA;country=CA;pop=YUL"
Fastly-Restarts
1
X-Served-By
cache-iad-kjyo7100102-IAD, cache-yul12821-YUL
experience
katra
Accept-Ranges
bytes
X-Timer
S1650388097.543175,VS0,VE1
Etag
"/WFKt4GKowQO8eqCAMn4x2jsoj/fM0YWX16QF0NZZpQ"
vary
accept
Content-Type
image/webp
Fastly-Stats
io=1
cache-control
max-age=31536, must-revalidate, public
Content-Length
31618
timing-allow-origin
*
X-Cache-Hits
1, 1034
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A16.292Z&_t=renderEnded&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6100&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Afalse%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22cm%22%2C%22size%22%3A%221280x300%22%7D&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
p-Jjy-Cyr1NZGRz.gif
pixel.quantserve.com/pixel/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel/p-Jjy-Cyr1NZGRz.gif?labels=_campaign.media.Advertiser%20ID.347421895.Campaign%20ID.3004935525.Line%20Item%20ID.5966601000
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:44af:4f54:8af4:5563 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 8918 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuZ4fDctexw8FvTP6VaYiqV1UaOzpMBlcMx0DjszBX0WGwoI6eqycew2RyEMKjoB7PP0eI0WI2Z0cGfeF7ERu8KvDL_5dHLJo6klnjaxMTIcMLbXtWhP_7gQobvRLzv3NtrfNLc4ZpFHA1nlt-CfMUUMxzaRSmXCwXREiwXsjDWpdVowS8CBsBpqsG6oSmwkobJJB6nYIDZFva7QsauplvVd-v125Pt3RhV6crVt7qIOliIg1Im4nOSPKnVZIMJbDQj-gs7VkqMJvJiiXdvQPFkcTa7804brBhpjiKd3Ber7pOXL8vRrndnf_RqDucnrFqqVgVo-_ukaolRC6-OCihNmGPv&sai=AMfl-YTAeDYuLORErpXcrldCW3zy5oIqGKCLwMyy0sIzzIfaNhXgOl6pVY_72PvReEJzsjpIqpnlZh3CANRSRk-RlnJZzPJKDdH4SpML70QuDWEaRbASnmLzmhPmTYZRWFyJbAfKvTc9wy1LEZkXDy9L&sig=Cg0ArKJSzB16bkyPDVSUEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8918 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650281421154365"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 19 Apr 2022 17:08:16 GMT
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A16.328Z&_t=renderEnded&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6100&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Afalse%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22nav-rollover%22%2C%22size%22%3A%22300x200%22%7D&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
p-Jjy-Cyr1NZGRz.gif
pixel.quantserve.com/pixel/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel/p-Jjy-Cyr1NZGRz.gif?labels=_campaign.media.Advertiser%20ID.347421895.Campaign%20ID.3004935525.Line%20Item%20ID.5968630460
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:44af:4f54:8af4:5563 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_o=cne&app=playerservice&cCh=videos%2Fshow&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&pID=&sID=&uId=&xid=c0aa10cc-32ef-4371-a838-e477580f9efd&_ts=2022-04-19T17%3A08%3A16.339Z&_c=error&_t=PrebidError&dim1=%7B%22errorData%22%3A%7B%22body%22%3A%5B%5D%7D%7D&dim3=Empty
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
sf-ui-display-medium-webfont.woff2
d2c8v52ll5s99u.cloudfront.net/assets/fonts/ Frame BFCE 		29 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://d2c8v52ll5s99u.cloudfront.net/assets/fonts/sf-ui-display-medium-webfont.woff2
Requested by
Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/player-style-d962d5cba633cc5fda85.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.33.81.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-81-81.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d281c9d6bae645f3da6d2f0769a2cf0668709fd28e2021ce74821cdd8c7117b3

Request headers

Referer
https://d2c8v52ll5s99u.cloudfront.net/player/player-style-d962d5cba633cc5fda85.css
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
null
Content-Encoding
gzip
ETag
"7d18db04f980971f2a9c5026bbc34bed"
X-Amz-Cf-Pop
EWR52-C1
X-Cache
RefreshHit from cloudfront
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
29632
Access-Control-Allow-Origin
*
Last-Modified
Mon, 26 Jun 2017 15:24:42 GMT
Server
AmazonS3
Date
Tue, 19 Apr 2022 17:08:17 GMT
Vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Access-Control-Allow-Methods
GET
Content-Type
application/font-woff2
Via
1.1 bdfe34c94134f86b07ebb7714d12d094.cloudfront.net (CloudFront)
Cache-Control
max-age=63072000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
rTUGmeYtUZxiARJw-rq2FGIC__GUUXKEk8OY5b0_koxTxcNm13FwwA==
Expires
Tue, 01 Jan 2030 00:00:00 GMT
bridge3.510.1_en.html
imasdk.googleapis.com/js/core/ Frame FFC4 		631 KB
205 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dc89c933d5f3a060b6d6529c1f6748bbe87213a8aa11eca62361b67a2c39266b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
408022
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209821
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Thu, 14 Apr 2022 23:47:54 GMT
expires
Fri, 14 Apr 2023 23:47:54 GMT
last-modified
Thu, 14 Apr 2022 23:44:31 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame BFCE 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 19 Apr 2022 17:08:16 GMT
fbevents.js
connect.facebook.net/en_US/ Frame BFCE 		99 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-cbaabc24a9061ea5fbe1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26311
x-xss-protection
0
pragma
public
x-fb-debug
YbL0jJ6NCHKhFFadAV4Z5aQv+VkabtYRGr2d56ije3oL7tdixjp7QSX2RcEvDC8p2QxJ8ITiSKoGtV3mQ8p50Q==
x-frame-options
DENY
date
Tue, 19 Apr 2022 17:08:16 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
comscore-min.js
d2c8v52ll5s99u.cloudfront.net/player/ Frame BFCE 		38 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2c8v52ll5s99u.cloudfront.net/player/comscore-min.js
Requested by
Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-cbaabc24a9061ea5fbe1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.33.81.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-81-81.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
833a86642252016b29f08dd45ffd27f9e00ca237f28d8c5f0147a6e15d009377

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id
null
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Wed, 24 May 2017 18:19:15 GMT
Server
AmazonS3
Age
55
ETag
W/"054acb6fbd2b2a6c1ac561705bffb0cc"
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Via
1.1 6e24e95f882f20707346a032d1fa2948.cloudfront.net (CloudFront)
Connection
keep-alive
Date
Tue, 19 Apr 2022 17:07:22 GMT
X-Amz-Cf-Pop
EWR52-C1
X-Amz-Cf-Id
y61SXbpcx7XlbCO5htDT0omFu-mEJgKYC61eVVkvIDl4wOPL-r-2yg==
js
www.googletagmanager.com/gtag/ 		173 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P1P55J3LNW&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5HBJC2K&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
355c4e1bd4732f4f683f4a157cb9b151c6145d13c8253b1e30f248a180969042
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
65022
x-xss-protection
0
expires
Tue, 19 Apr 2022 17:08:16 GMT
track
capture.condenastdigital.com/ Frame BFCE 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_o=cne&_ts=2022-04-19T17%3A08%3A16.343Z&_c=&_t=Player%20Requested&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ Frame BFCE 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_o=cne&_ts=2022-04-19T17%3A08%3A16.426Z&_c=initial&_t=gptData&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&dim1=%7B%22adBlocked%22%3Afalse%2C%22adUnits%22%3A%5B%223379%2Fconde.wired%2Finterstitial%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fconde.wired%2Fhero%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fconde.wired%2Frail%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fconde.wired%2Frail%2Fsecurity%2Farticle%2F2%22%2C%223379%2Fconde.wired%2Fmid-content%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fconde.wired%2Ffooter%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fconde.wired.native%2Fin-content%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fconde.wired.native%2Faside%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fwiredcom.cm%2Fsecurity%2Fcyberattacks-and-hacks%22%2C%223379%2Fwiredcom.cm%2Fsecurity%2Fcyberattacks-and-hacks%22%2C%223379%2Fconde.wired.cm%2Fnav-cta%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fconde.wired.cm%2Fnav-rollover%2Fsecurity%2Farticle%2F1%22%2C%223379%2Fconde.wired.cm%2Fin-content%2Fsecurity%2Farticle%2F2%22%2C%223379%2Fconde.wired.cm%2Fcm-footer%2Fsecurity%2Farticle%2F1%22%5D%2C%22embedLocation%22%3A%22wired%22%2C%22error%22%3A%22%22%2C%22lineItems%22%3A%5B%5D%2C%22publicaEnabled%22%3Afalse%2C%22videoId%22%3A%226230c6615577c237274617fc%22%7D
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
wired_wired-news-and-science-a-timeline-of-russian-cyber-attacks-on-ukraine.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_wired.png,fl_progressive,g_face,h_450,q_80,w_800/v1647868275/ Frame BFCE 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_wired.png,fl_progressive,g_face,h_450,q_80,w_800/v1647868275/wired_wired-news-and-science-a-timeline-of-russian-cyber-attacks-on-ukraine.jpg
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.84.120.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-120-217.ewr52.r.cloudfront.net
Software
Cloudinary /
Resource Hash
b3a9e90322e216b73f8bc2e2a1dd4f32a515d10c1ef678d3aeda7aa3d0b2361f
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Via
1.1 75e33350c9c4e8f80789197bf361fe12.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Age
55
X-Cache
Hit from cloudfront
Date
Tue, 19 Apr 2022 17:07:36 GMT
Server-Timing
fastly;dur=10;cpu=0;start=2022-04-10T16:54:07.112Z;desc=hit,rtt;dur=1
Content-Length
56832
Last-Modified
Mon, 21 Mar 2022 13:11:27 GMT
Server
Cloudinary
Cache-Control
public, no-transform, max-age=300
ETag
"b65b42752676eb7a45cb993179af17ac"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,ETag,Server-Timing,X-Content-Type-Options
Connection
keep-alive
X-Amz-Cf-Pop
EWR52-C3
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
ZBsDS_ikxzOqrWTPIE_ZiiGWUj3g4CTQnB50PDZdBzayM2ff-SdA9g==
LabGrotesque-Medium.woff2
www.wired.com/verso/static/assets/fonts/ Frame 3419 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/assets/fonts/LabGrotesque-Medium.woff2
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8575c83bcd649c28701830bc98d0051adba45ba685776092d2417c9240ee0c67
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
via
1.1 varnish
age
2970505
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/assets/fonts/LabGrotesque-Medium.woff2
last-modified
Wed, 16 Mar 2022 07:54:39 GMT
verso
true
content-length
46416
x-amz-id-2
+HEp1XyaFTnWQpjDU7Le03O8gMSAWeU8s/wJlILbfLqYqTcwM9QpZ4DWwqyLWYuS/h5Ds16WvyE=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388097.540607,VS0,VE0
apple-news-services-request-url
/verso/static/assets/fonts/LabGrotesque-Medium.woff2
etag
"d3df48def87009f6ce71e9e5b82a1281"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
TM1EA3WP5ZSADZSS
access-control-allow-origin
*
expires
Thu, 16 Mar 2023 07:59:50 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff2
apple-news-services-host
www.wired.com
x-cache-hits
113
WiredMono-Regular.woff2
www.wired.com/verso/static/assets/fonts/ Frame 3419 		18 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.wired.com/verso/static/assets/fonts/WiredMono-Regular.woff2
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c8c9128b649afff93f89f77eb2aa5a4bbbb1443bebc5156d0f697780c8beaa26
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
via
1.1 varnish
age
4267968
x-cache
HIT
x-ua-device
desktop
apple-news-services-parsed-url
/verso/static/assets/fonts/WiredMono-Regular.woff2
last-modified
Tue, 01 Mar 2022 07:30:48 GMT
verso
true
content-length
18912
x-amz-id-2
SRUi+0gGbwyoIcKyyOFL6rZcQjMWtTAqgqJGkp5Zby5UR4KhC24mkJIO2HPEaidqvmtVG+mTM7A=
x-served-by
cache-yul12829-YUL
apple-news-services-handled
false
x-timer
S1650388097.540619,VS0,VE0
apple-news-services-request-url
/verso/static/assets/fonts/WiredMono-Regular.woff2
etag
"e755d282ae1120887b3b1d207bb930ce"
vary
Verso
strict-transport-security
max-age=31536000; preload
x-amz-request-id
40M656QTDTVPEPYZ
access-control-allow-origin
*
expires
Wed, 01 Mar 2023 07:35:28 GMT
cache-control
max-age=31536000, immutable
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests;
accept-ranges
bytes
content-type
application/x-font-woff2
apple-news-services-host
www.wired.com
x-cache-hits
228
truncated
/ Frame 8918 		46 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fd65ed43609a7956881d37ee1920272ad92a7a384716c09bbde11a87eed80e35

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ Frame 8918 		109 KB
109 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
878ddb69ba5b8403330675541fd57db17f641ef8fab4aadcee3ed590294363d9

Request headers

Referer
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
font/truetype;charset=utf-8
truncated
/ Frame 8918 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
57f2dce7dff20de0defd93427e6d62cf03bd271fda37120b785fa2afea34fb30

Request headers

Referer
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
view
securepubads.g.doubleclick.net/pcs/ Frame B773 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuHleYT6N6YeIDr1ykDDp2R2ypcoKfIrVOlEOeJJzXcLjdSiXBj9e3LDUnRattmj37EoR8TzVLrqz-qQA1xzdE5YtdI4bQtO6Wk3VKbNNcK2Mn368LageAAMIwx2VbkkjXhv2dTUTR1bvNeTkDXLsk0MbjeVIaNBB1WeeBBrih_CpNfhy-YHbsqHaymEzZr80Qc9Z4wS3_0mFAFwgftdkKn_y3QcodXgbWtRYGNAqeapF2paUB1Y9N44A9Zc69mX8veocrRc8TqBbUp6Bgv1QqV-p2EmnEN9EGoGOQUMLIzrOdIhif5rOyO9xb850S6_SBChZLPzQpa9OAtn1mWhzfR&sai=AMfl-YSoicwyoM6kFXjv3TMf6-RJedFWl-FabWc9ZPbAh3pHZamLY5TYy0RQD3L54USSOqAHGVsYc5JLQFAAoOY1eUspAx7Ouk1f33dwdJjoiGqfkKFtWFsGYsKHpfpSHTitLzy3BCXcwFHBzxdjSQJg&sig=Cg0ArKJSzA-axu7g_230EAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B773 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650281421154365"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 19 Apr 2022 17:08:16 GMT
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A16.579Z&_t=renderEnded&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6200&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Afalse%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22cm-footer%22%2C%22size%22%3A%22940x140%22%7D&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
p-Jjy-Cyr1NZGRz.gif
pixel.quantserve.com/pixel/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel/p-Jjy-Cyr1NZGRz.gif?labels=_campaign.media.Advertiser%20ID.347421895.Campaign%20ID.3004935525.Line%20Item%20ID.5968630454
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:44af:4f54:8af4:5563 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel;r=1071004503;labels=Culture.Wired.security.cyberattacks%20and%20hacks;source=gtm;rf=0;a=p-Jjy-Cyr1NZGRz;url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F;ref=https%3A%2F%2Fap...
pixel.quantserve.com/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1071004503;labels=Culture.Wired.security.cyberattacks%20and%20hacks;source=gtm;rf=0;a=p-Jjy-Cyr1NZGRz;url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F;ref=https%3A%2F%2Fapple.news%2F;uht=2;fpan=1;fpa=P0-1657309964-1650388096618;pbc=6238712a-13ba-42ab-9013-be6a3e95297e;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;us_privacy=1---;d=wired.com;je=0;sr=1600x1200x24;dst=0;et=1650388096618;tzo=0;ogl=description.The%20malware%20toolkit%252C%20known%20as%20Pipedream%252C%20is%20perhaps%20the%20most%20versatile%20tool%20ever%2Cimage.https%3A%2F%2Fmedia%252Ewired%252Ecom%2Fphotos%2F62587794ad866a4c55b7922c%2F191%3A100%2Fw_1280%252Cc_limit%2FS%2Csite_name.Wired%2Ctitle.Feds%20Uncover%20a%20'Swiss%20Army%20Knife'%20for%20Hacking%20Industrial%20Systems%2Ctype.article%2Curl.https%3A%2F%2Fwww%252Ewired%252Ecom%2Fstory%2Fpipedream-ics-malware%2F
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:44af:4f54:8af4:5563 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
truncated
/ Frame B773 		45 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1156bbfd835f82e4f8d20f7609d3b5015d5816e03bad1393cab0fc53b6d45db3

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ Frame B773 		109 KB
109 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
878ddb69ba5b8403330675541fd57db17f641ef8fab4aadcee3ed590294363d9

Request headers

Referer
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
font/truetype;charset=utf-8
truncated
/ Frame B773 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
57f2dce7dff20de0defd93427e6d62cf03bd271fda37120b785fa2afea34fb30

Request headers

Referer
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
/
www.facebook.com/tr/ 		44 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=228464857488266&ev=PageView&dl=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&rl=https%3A%2F%2Fapple.news%2F&if=false&ts=1650388096711&cd[SiteSection]=security&cd[SubSection]=cyberattacks%20and%20hacks&cd[PageTags]=security%7Ccyberattacks%20and%20hacks%7Cnational%20security%7Ccybersecurity%7Cmalware%7Chacking%7Crussia%7Ctextaboveleftsmall&cd[Brand]=Wired&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650388096709.592063518&it=1650388095330&coo=false&dpo=&rqm=GET
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:16 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Tue, 19 Apr 2022 17:08:16 GMT
B27523353.332460082;dc_ver=86.253;sz=728x90;u_sd=1;nel=1;dc_adk=545849083;ord=f2jmru;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstEM1RKU5ZOi4Fk9S4rD52ixIS-4UL7gRploqpZ...
ad.doubleclick.net/ddm/adj/N5778.119885CONDENAST/ Frame 3DF1 		50 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adj/N5778.119885CONDENAST/B27523353.332460082;dc_ver=86.253;sz=728x90;u_sd=1;nel=1;dc_adk=545849083;ord=f2jmru;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstEM1RKU5ZOi4Fk9S4rD52ixIS-4UL7gRploqpZlZi60u67tf3AWZSCXIMuz9I23SNsuo0h1LTVb_4-XsUS7Xhl6LlW1ulR4Owdf9k23T9MWafvQnDAYqCNUK6VEViXPazwqsztAld-tN8UXY6OeRxnFhnWPdSbOrWguXRYHMdu1fnqgAPrX3pKBDCw_HMV-vYxQvyCzdsGoHfs3BzW7CtXrVFFAUfz0UbpiMUWqxIRbEp293_94dTDvfelQpt0qke1LUHAQxOK1_ZrMZkz7NBzV1rd6pi3vE3YHmNITW_VLWCRKcN7Da5SVMrqaBJlFfVLcb8x5CN_Vw%26sai%3DAMfl-YSIzgVk2GBLcEiimVOyCbhutn4RS5pwOjk5k37Qkyk7mukHRUuM6gxcaWObElz5mR_QlVAgKj-WIfPBRn5EDfGTd5NqMC6heRAWsTWH8Ld_aZ_Cvbr_tO001Dvl400c9KQTyPmn-T8kDWIIIZ28%26sig%3DCg0ArKJSzEQFXqYZrMsmEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F$0;xdt=0;crlt=7m2-RpgUYb;stc=1;sttr=930;prcl=s
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v86.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.38 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f6.1e100.net
Software
cafe /
Resource Hash
683e47fac2790eb4945e47f22f12038852f5d424f172d9b140524490df296163
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24618
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
onetag
assoc-na.associates-amazon.com/ 		64 B
461 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://assoc-na.associates-amazon.com/onetag?src=330&pj=%7B%22tracking_id%22%3A%22w050b-20%22%2C%22assocPayloadId%22%3Anull%2C%22refUrl%22%3A%22https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F%22%7D&u=https://www.wired.com/story/pipedream-ics-malware/
Requested by
Host: z-na.associates-amazon.com
URL: https://z-na.associates-amazon.com/onetag/v2?MarketPlace=US&instanceId=11cb70e4-21b3-453f-834c-1463094700df
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.141.85 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
0f8260a66c40d97c479fac43972f6d149a0e72296e138e6ece2f9a2e3d9f76b7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:16 GMT
Server
Server
x-amz-rid
6FER876A3GBE26FAF9XT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Content-Type
application/json
Access-Control-Allow-Origin
https://www.wired.com
Access-Control-Allow-Credentials
true
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
64
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 11E3 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 16:49:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1103
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Tue, 19 Apr 2022 17:49:53 GMT
8b3d4565-6e79-4f20-a3d2-7937fcddeeb1thumbs.mp4
dp8hsntg6do36.cloudfront.net/6230c6615577c237274617fc/ Frame BFCE 		1 MB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://dp8hsntg6do36.cloudfront.net/6230c6615577c237274617fc/8b3d4565-6e79-4f20-a3d2-7937fcddeeb1thumbs.mp4
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-31.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Range
bytes=0-

Response headers

Date
Tue, 19 Apr 2022 03:53:09 GMT
Via
1.1 a751121faec5553b68a53cf4d4b7e9a6.cloudfront.net (CloudFront)
Last-Modified
Tue, 15 Mar 2022 19:12:07 GMT
Server
AmazonS3
Age
47708
ETag
"ef8a40b2456fb73c8353a54fec36657f"
X-Cache
Hit from cloudfront
Content-Type
video/mp4
Content-Range
bytes 0-1580349/1580350
Connection
keep-alive
X-Amz-Cf-Pop
JFK51-C1
Accept-Ranges
bytes
Content-Length
1580350
X-Amz-Cf-Id
pG3tlbsdtiYaTxLClMNOU0sIrxm8H_DYcri0YqoQuFlT7Bs6hJADPQ==
8b3d4565-6e79-4f20-a3d2-7937fcddeeb1thumbs.mp4
dp8hsntg6do36.cloudfront.net/6230c6615577c237274617fc/ Frame BFCE 		1 MB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://dp8hsntg6do36.cloudfront.net/6230c6615577c237274617fc/8b3d4565-6e79-4f20-a3d2-7937fcddeeb1thumbs.mp4
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-31.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Range
bytes=0-

Response headers

Date
Tue, 19 Apr 2022 03:53:09 GMT
Via
1.1 9ded77b3c7d35f54d8f10a70f8717c86.cloudfront.net (CloudFront)
Last-Modified
Tue, 15 Mar 2022 19:12:07 GMT
Server
AmazonS3
Age
47708
ETag
"ef8a40b2456fb73c8353a54fec36657f"
X-Cache
Hit from cloudfront
Content-Type
video/mp4
Content-Range
bytes 0-1580349/1580350
Connection
keep-alive
X-Amz-Cf-Pop
JFK51-C1
Accept-Ranges
bytes
Content-Length
1580350
X-Amz-Cf-Id
5y6HPsaGbC9namf5gqEPVTa-JTJs7pbPguMn8AayrTf4E0QTRDoZ_Q==
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatAdUnit1=conde.wired.native&zMoatAdUnit2=in-content&zMoatAdUnit3=security&zMoatAdUnit4=article&wf=1&ra=3&pxm=3&sgs=3&vb=14&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CONDENAST_PREBID_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%23Vyt9.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-3gPfcs6wZ10QbMk%2BqjMratT%2F8IKBUGMSV3D%2B4hwCudYVWqlJ9ew2bEg%3D&rs=1-8mrC8H1EcAEJWg%3D%3D&sc=1&os=1-8Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&g=1&h=125&w=125&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&f=0&j=https%3A%2F%2Fapple.news&t=1650388093410&de=811794565249&rx=878667589509&cu=1650388093410&m=3405&ar=bee2df476bf-clean&iw=5eeb72d&cb=0&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=6219&le=1&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A628%3A628%3A0%3A735&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&aj=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&dj=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1894&cd=281&ah=1894&am=281&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=4660981638%3A2443012271%3A5276770044%3A138301071698&bo=conde.wired.native&bd=1&gw=condenastprebidheader987326845656&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&tc=0&fs=198121&na=1073509754&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:16 GMT
track
capture.condenastdigital.com/ Frame BFCE 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_o=cne&_ts=2022-04-19T17%3A08%3A16.819Z&_c=Player%20Event&_t=Player%20Loaded&app=playerservice&cBr=wired&cCh=videos%2Fshow&cCu=https%3A%2F%2Fwww.wired.com%2Fvideo%2Fwatch%2Fwired-news-and-science-a-timeline-of-russian-cyber-attacks-on-ukraine&cId=6230c6615577c237274617fc&cKe=Russian%20Cyber%20Attacks%2Crussia%20ukraine%2Cukraine%20vs%20russian%2Cukranian%20invasion%2Cukraine%20cyber%20attacks%2Ccyber%20attacks%20ukraine%2Cukraine%2Crussia%20and%20ukraine%2Crussian%20cyber%20attacks%2Crussian%20cyber%20attacks%20timeline%2Ctimeline%20of%20cyber%20attacks%2Crussian%20attacks%2Cwired%20russia%2Crussia%20attacks%2Cwired%20cyber%20attacks%2Csandworm%2Csandworm%20russia%2Crussia%20sandworm%2Crussia%20worm%2Ccomputer%20worm%2Crussia%20computer%20worm%2Ccomputer%20worm%20russia%2Ckremlin%2Ckremlin%20cyber%20attack%2Ccyber%20attacks%20kremlin&cPd=2022-03-16T16%3A00%3A00%2B00%3A00&cTi=A%20Timeline%20of%20Russian%20Cyberattacks%20on%20Ukraine&mDu=457&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&pWw=370&pWh=208.125&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&uId=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&xid=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22contentStartType%22%3A%22manual%22%2C%22doNotTrackSetting%22%3Anull%2C%22environment%22%3A%22oo%22%2C%22gitBranch%22%3A%22master%22%2C%22gitSha%22%3A%22537481b%22%2C%22guid%22%3A%22961e8a96-ee95-a9c7-4e48-c49cbb16683b%22%2C%22isMobile%22%3Afalse%2C%22isVerso%22%3Atrue%2C%22initialPlayerStartType%22%3A%22autoplay%22%2C%22playerDepth%22%3A1268.703125%2C%22playerType%22%3A%22interlude%22%2C%22playsOnPage%22%3A0%2C%22prerollPlayed%22%3Afalse%2C%22recAlgorithm%22%3A%22copilotIdOverride%22%2C%22recStrategy%22%3A%22copilotIdOverride%22%2C%22sticky%22%3Afalse%2C%22stickyPosition%22%3A%22%22%2C%22isRightRail%22%3Atrue%2C%22tabStatus%22%3A%22active%22%2C%22versoContentType%22%3A%22article%22%2C%22videoViews%22%3A1%2C%22viewportStatus%22%3Anull%7D&dim2=%7B%22adBlocked%22%3Afalse%2C%22adId%22%3A%22%22%2C%22adType%22%3A%22%22%2C%22creativeId%22%3A%22%22%2C%22wrapperAdIds%22%3A%22%22%2C%22wrapperAdSystems%22%3A%22%22%2C%22dfpLineItem%22%3A%22%22%2C%22publicaEnabled%22%3Afalse%2C%22podIndex%22%3A%22%22%7D&adId=&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=a61a3c7a-01d9-4175-8ab8-7171949de605&contentType=article
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
container.html
0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9649 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
3
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 17:08:13 GMT
expires
Wed, 19 Apr 2023 17:08:13 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A16.843Z&_t=renderEnded&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6400&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isEmpty%22%3Afalse%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22rail%22%2C%22size%22%3A%22300x600%22%7D&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:16 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
p-Jjy-Cyr1NZGRz.gif
pixel.quantserve.com/pixel/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel/p-Jjy-Cyr1NZGRz.gif?labels=_campaign.media.Advertiser%20ID.4660981638.Campaign%20ID.2443012271.Line%20Item%20ID.programmatic
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:44af:4f54:8af4:5563 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
8b3d4565-6e79-4f20-a3d2-7937fcddeeb1manifest-ios.m3u8
dp8hsntg6do36.cloudfront.net/6230c6615577c237274617fc/ Frame BFCE 		918 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dp8hsntg6do36.cloudfront.net/6230c6615577c237274617fc/8b3d4565-6e79-4f20-a3d2-7937fcddeeb1manifest-ios.m3u8?videoIndex=0&requester=oo
Requested by
Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-cbaabc24a9061ea5fbe1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-31.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7d2e337e4f1f59a1e79a909308a4fd8b4b8dfba56ae669990aaad24168334e12

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Mon, 18 Apr 2022 21:56:26 GMT
Via
1.1 bc4b5a0c950f70df08b33cfb9288c098.cloudfront.net (CloudFront)
Vary
Origin
Age
69111
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
918
Last-Modified
Tue, 15 Mar 2022 19:10:41 GMT
Server
AmazonS3
ETag
"83cf859d7d17a110927e705e60b4136e"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, HEAD
Content-Type
application/x-mpegURL
Access-Control-Allow-Origin
*
X-Amz-Cf-Pop
JFK51-C1
Accept-Ranges
bytes
X-Amz-Cf-Id
D_WivqLXgu3TulEdoe1QqDOv5zRmppb2a79wb3ZPoep1BCO7nPFH1g==
1422
check.analytics.rlcdn.com/check/ 		25 B
383 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://check.analytics.rlcdn.com/check/1422
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-29.jfk51.r.cloudfront.net
Software
/
Resource Hash
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
via
1.1 b0a0e0d22a21f33ff74219a7ecf1d55e.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK51-C1
x-amzn-requestid
935acffb-f9d2-4f11-ae5d-e48f270f8754
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-625eec81-3cc5052355656dc47db481a9
x-amz-apigw-id
Q1nkMFvMjoEFT9Q=
content-length
25
x-amz-cf-id
SJSQBQMpNZHchqbq9V1bMT-Q4aiIAl3I71EogBDPeHeoII-aQ0buaQ==
rtset
bh.contextweb.com/bh/ Frame 6FCD
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=Zk5mZ2p4VnlZeHhtaGRLUlVHUFJDUQ&gdpr=0&gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEH_Rtpn8G6A04fttShO-asU&google_cver=1
49 B
652 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEH_Rtpn8G6A04fttShO-asU&google_cver=1
Requested by
Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint
Protocol
H2
Server
198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
Jetty(9.4.14.v20181114) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
content-language
en-CA
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
content-type
image/gif;charset=iso-8859-1
cw-server
bh-deployment-5d95fd45d8-sf986
expires
-1

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEH_Rtpn8G6A04fttShO-asU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
335
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rtset
bh.contextweb.com/bh/ Frame 6FCD
Redirect Chain
  • https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid=
  • https://pulsepoint-match.dotomi.com/match/bounce/current?DotomiTest=5d058224bd791235&is_secure=true&networkId=14200&version=1&nuid=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AAAGeExTYbUELQNScM2JAAAAAAA&expiration=1650474497&nuid=&is_secure=true
49 B
680 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AAAGeExTYbUELQNScM2JAAAAAAA&expiration=1650474497&nuid=&is_secure=true
Requested by
Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint
Protocol
H2
Server
198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
Jetty(9.4.14.v20181114) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
content-language
en-CA
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
content-type
image/gif;charset=iso-8859-1
cw-server
bh-deployment-5d95fd45d8-sf986
expires
-1

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AAAGeExTYbUELQNScM2JAAAAAAA&expiration=1650474497&nuid=&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
rtset
bh.contextweb.com/bh/ Frame 6FCD
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=95&gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=95&gdpr=0&gdpr_consent=
  • https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=db199c4e-400a-4380-a79d-834916fac0f2-625eec81-4341&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_i...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=db199c4e-400a-4380-a79d-834916fac0f2-625eec81-4341&partner_url=https%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid...
  • https://bh.contextweb.com/bh/rtset?do=add&pid=543793&ev=db199c4e-400a-4380-a79d-834916fac0f2-625eec81-4341&gdpr_in_effect=&gdpr_consent=
49 B
732 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bh.contextweb.com/bh/rtset?do=add&pid=543793&ev=db199c4e-400a-4380-a79d-834916fac0f2-625eec81-4341&gdpr_in_effect=&gdpr_consent=
Requested by
Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint
Protocol
H2
Server
198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
Jetty(9.4.14.v20181114) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
content-language
en-CA
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
content-type
image/gif;charset=iso-8859-1
cw-server
bh-deployment-5d95fd45d8-sf986
expires
-1

Redirect headers

location
https://bh.contextweb.com/bh/rtset?do=add&pid=543793&ev=db199c4e-400a-4380-a79d-834916fac0f2-625eec81-4341&gdpr_in_effect=&gdpr_consent=
date
Tue, 19 Apr 2022 17:08:17 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
ecm3
s.amazon-adsystem.com/ Frame 6FCD 		43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?id=WA8xlpgJfgLf&ex=Pulsepoint
Requested by
Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
THJVA7T0Z8C4FV6HXHWC
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ibs:dpid=21&dpuuid=214130604126013088042
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=51128452588216843153317871896908876551
  • https://dpm.demdex.net/ibs:dpid=21&dpuuid=214130604126013088042
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=21&dpuuid=214130604126013088042
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-1-v028-0a9c8e5c6.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
UzKQ/plASpQ=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
via
1.1 ab00cdb05d9e58b648b9b6b09875b196.cloudfront.net (CloudFront)
server
AAWebServer
x-amz-cf-pop
JFK51-C1
location
https://dpm.demdex.net/ibs:dpid=21&dpuuid=214130604126013088042
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-cache
Miss from cloudfront
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
x-amz-cf-id
8sLWaF_F2UGZ8zGv0V3saQKXwyFQgMbv0W_sGkFc8dS9YVL2fzqpfA==
expires
0
usync.js
eus.rubiconproject.com/ Frame 7CDC 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.78.168.242 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-78-168-242.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
18f25152e6157a80c22560120612d9f9c18790e176d7165194cf5ee62a7773d2

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:16 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=76473
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Wed, 20 Apr 2022 14:22:49 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
441 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-8293713-27&cid=145265742.1650388094&jid=1075108423&gjid=1205113767&_gid=1549923057.1650388097&_u=aChAiUAjBAQCAE~&z=1884407790
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 19 Apr 2022 17:08:17 GMT
content-type
text/plain
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:16 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
local_storage_frame16.min.html
assets.bounceexchange.com/assets/bounce/ Frame CC23 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/br-ijs_all_modules_2d913b64e789f2bd268452855491ee94.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
age
836907
alt-svc
clear
cache-control
public,max-age=31536000
content-encoding
gzip
content-length
1055
content-type
text/html; charset=UTF-8
date
Sun, 10 Apr 2022 00:39:50 GMT
etag
"f3aee7ff2b1db4084e1a3ef722a108c5"
expires
Mon, 10 Apr 2023 00:39:50 GMT
last-modified
Wed, 16 Mar 2022 18:52:52 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1647456772402018
x-goog-hash
crc32c=0N3DKA== md5=867n/ysdtAhOGj73IqEIxQ==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
gzip
x-goog-stored-content-length
1055
x-guploader-uploadid
ADPycdsdnDPNoANRN6hDTAdjUVINw_z8AY5Zx4-_qWzJfNTmn6pYmBRycrpHYHX3bJWCJZZp2sbLQVK3wyW-CxnpiDBTOtQNCds8
page
t.skimresources.com/api/v2/ 		22 B
339 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://t.skimresources.com/api/v2/page
Requested by
Host: s.skimresources.com
URL: https://s.skimresources.com/js/100099X1555751.skimlinks.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
47.67.201.35.bc.googleusercontent.com
Software
Python/3.7 aiohttp/3.5.4 /
Resource Hash
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
via
1.1 google
x-content-type-options
nosniff
server
Python/3.7 aiohttp/3.5.4
access-control-allow-headers
Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8, application/javascript
access-control-allow-origin
https://www.wired.com
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
22
usermatchredir
ssum-sec.casalemedia.com/ Frame 25FF
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB&gdpr_consent=&us_privacy=&gdpr=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEOhaeTL8HnuykEAoLS28FoI&google_cver=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEOhaeTL8HnuykEAoLS28FoI&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:17 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEOhaeTL8HnuykEAoLS28FoI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
342
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 25FF
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yl7sgEQk4ZWFQV1vkhZJgwAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDA4BxdpldxAClHHFETnhn4&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDA4BxdpldxAClHHFETnhn4&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:17 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDA4BxdpldxAClHHFETnhn4&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 25FF 		43 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
8BQFZMQHZNW6R9KSBGP9
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 25FF
Redirect Chain
  • https://match.adsrvr.org/track/cmf/casale
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=5c721061-149d-4078-895c-afabf1a9fca0&expiration=1652980097&gdpr=0&gdpr_consent=
43 B
1006 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=5c721061-149d-4078-895c-afabf1a9fca0&expiration=1652980097&gdpr=0&gdpr_consent=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:17 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=5c721061-149d-4078-895c-afabf1a9fca0&expiration=1652980097&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
323
crum
dsum-sec.casalemedia.com/ Frame 25FF
Redirect Chain
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=078e2204070ab2f529ea18b1&expiration=[EXPIRATION]
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=078e2204070ab2f529ea18b1&expiration=[EXPIRATION]
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:22 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:22 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=078e2204070ab2f529ea18b1&expiration=[EXPIRATION]
Date
Tue, 19 Apr 2022 17:08:02 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Powered-By
Express
Content-Length
0
Vary
Origin
crum
dsum-sec.casalemedia.com/ Frame 25FF
Redirect Chain
  • https://d.adroll.com/cm/index/ssp
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
43 B
1007 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:17 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
date
Tue, 19 Apr 2022 17:08:17 GMT
server
nginx/1.20.0
content-length
76
crum
dsum-sec.casalemedia.com/ Frame 25FF
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=EJllit1C1NGRkR5
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=EJllit1C1NGRkR5
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:17 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:16 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-0e05fc7b42a6d9b47@us-east-1e@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=EJllit1C1NGRkR5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 25FF
Redirect Chain
  • https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE
  • https://cm.adgrx.com/bridge.gif?AG_PID=casale
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=41&external_user_id=4e490e58-c003-11ec-a2c2-79feb162e037
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=41&external_user_id=4e490e58-c003-11ec-a2c2-79feb162e037
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:17 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
server
Cowboy
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=41&external_user_id=4e490e58-c003-11ec-a2c2-79feb162e037
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
X-RealServer-NX
lga-delivery-5
Content-Length
0
Expires
Thu, 23 Sep 2004 17:42:04 GMT
ecm3
s.amazon-adsystem.com/ Frame 25FF 		43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=index.com&id=Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
9BRYVNWAWAEV6APQP4WT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame 78C7 		43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=e942320e-a697-c6a6-0acb-f4153281d163
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
Y5D61KFDVNGH71J6C5XB
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 78C7
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yl7sfwAAAHRrhARA
43 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yl7sfwAAAHRrhARA
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
via
1.1 varnish
server
Varnish
x-timer
S1650388097.162083,VS0,VE0
x-served-by
cache-yul12832-YUL
x-cache
HIT
location
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yl7sfwAAAHRrhARA
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
25532837-2a91-ef15-fb12-6077a5e5d7ca
pr-bh.ybp.yahoo.com/sync/openx/ Frame 78C7 		43 B
989 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/25532837-2a91-ef15-fb12-6077a5e5d7ca?gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a07:3856:31e7:dd7:3c3d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
sd
us-u.openx.net/w/1.0/ Frame 78C7
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=b1944e73-ba3d-7d5c-cac5-76825ab21a83&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=5c721061-149d-4078-895c-afabf1a9fca0&ttd_puid=b1944e73-ba3d-7d5c-cac5-76825ab21a83&gdpr=0&gdpr_consent=
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=5c721061-149d-4078-895c-afabf1a9fca0&ttd_puid=b1944e73-ba3d-7d5c-cac5-76825ab21a83&gdpr=0&gdpr_consent=
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=5c721061-149d-4078-895c-afabf1a9fca0&ttd_puid=b1944e73-ba3d-7d5c-cac5-76825ab21a83&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
335
pixel
cm.g.doubleclick.net/ Frame 78C7 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OWRmYjlkYjktNzM0YS0yM2Y4LWRmMjUtMmMzYjkwNTBkNGUz
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 78C7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGd3srMTzjcNvYTo5gTnRrg&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGd3srMTzjcNvYTo5gTnRrg&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGd3srMTzjcNvYTo5gTnRrg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
e6877e79-ac54-4a7a-9053-531f067e6a4f
https://www.wired.com/ Frame BFCE 		5 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.wired.com/e6877e79-ac54-4a7a-9053-531f067e6a4f
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
173d7c7e266672df75c4e048a934c55ee24d9a9028a87fd2957e74d1bd6a8d08

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Length
5409
Content-Type
application/javascript
ibs:dpid=269&dpuuid=a88a625e-ec82-4200-85f8-81b527965aae&ddsuuid=51128452588216843153317871896908876551
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=51128452588216843153317871896908876551&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d51128452588216...
  • https://dpm.demdex.net/ibs:dpid=269&dpuuid=a88a625e-ec82-4200-85f8-81b527965aae&ddsuuid=51128452588216843153317871896908876551
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=269&dpuuid=a88a625e-ec82-4200-85f8-81b527965aae&ddsuuid=51128452588216843153317871896908876551
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v028-09ff66d5d.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
KXmHd0F9Tmg=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
MT3 4335 2c68c00 master hkg-pixel-x4 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dpm.demdex.net/ibs:dpid=269&dpuuid=a88a625e-ec82-4200-85f8-81b527965aae&ddsuuid=51128452588216843153317871896908876551
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 19 Apr 2022 17:08:17 GMT
truncated
/ Frame B773 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
25ad13804f1437bf42efe09636a5403e7f14a4927b23de37c7da16f1766857d2

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame B773 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvm2g-0nQaVg1OkTJZXzjp0n5ycyIZmGV7VfGVyJpnN8f1hJjwNOB6XfwebyrWak4fyE-SS2RI4Uj61bWSghdZ9UORr2qhNK6pwDNQvUGo1HBqIobusCOFPf3cg_Y7PIu1a54iZipsrpuylmHWr-RQiBeohkxl8dBfk24z-33snJDdWLnv4KIiMhmWAbtQ4YPvdTBQvIrKeA2P20qHLmGpnP2HFreeVmeRp7zH7KaXXdlzsGO5EZnpoWPM2O6LSrzSZxIt3VEYmWPzWcMeqpsKjje0LHQK0uEUoBEbXeDWMIRmK34Pym3HcGVB3A7KpXP_vkvmtSFGzoDamHmhU0zN_z1g&sai=AMfl-YQpR4q1kUaDcv-pHq9Oa7vHe3La8bNoBEti8zm8bNCleR7cYVWwH-57tgBos3WXBFimqS3ulk5dBQijlEy8ppyU01AybBKRtkkmCo1eF9teGl17zUEaoUHs2erRFGlx81vCJIZ0SzXltJ8OcB44&sig=Cg0ArKJSzFSf8PmTlWp1EAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Tue, 19 Apr 2022 17:08:17 GMT
truncated
/ Frame E9EF 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b41144d765b4945490647119eb524ab5af5dacf4ef051b3ed2fbf1a44fcb0dc3

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame E9EF 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuEbe3IixcU2uCLRj87h7f5v8vCo6OM5obzoWROHjryVRZI6JK4CqQHdKXEqLpvnQuCOiIARIGSjMINV5PrM654I-fdmh5PMG8EfZpkVUataCo-jdC2AMLBCiaZw3AjGguoBDLsNeyoXdz4ojRMlHxGX3vimU7VB9oU--3Nj_XHkAFnc378KDAgg412vj1h9vb7QYVLkvznGtrgtk_agQBuWYwoCDcWIX9tPRetI3_3DYpNsLmk8EdkTxVttOgqNtbuihgLk-094qku_kxEDuv3sHrwbTCpImOvbThWI-ui-YIpnZAArASY2Ql0prLcIhpVDM9zrPRsczDqBfvlPEc7&sai=AMfl-YQWAbtS2x4pYJhHxF2E82yRvjoHKd-aNAl9LFYqYVFb5G1T3JzP0tSX8m95wcEnXOAoaAZtFdZ4OSlwUYqqSzvCo8NDfXQR_lACnggfE06K_bTg3N7F1WKGbOwB6b76Uc7XpKboAnvbSJaO-kuL&sig=Cg0ArKJSzAVA3m43gT6AEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Tue, 19 Apr 2022 17:08:17 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-8293713-27&cid=145265742.1650388094&jid=1075108423&_u=aChAiUAjBAQCAE~&z=1016508438
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-8293713-27&cid=145265742.1650388094&jid=1075108423&_u=aChAiUAjBAQCAE~&z=1016508438
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 8918 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d498c63cbc4ffd37ce2dfc9e9e3535250ba09aacce4c0f2207dd636a1dc57c76

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 8918 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsteGByQNvD5vC9etz_h3rZJDn5hKCZBZO9kRH2T7VzEB9Lh4emauSp_NDsUflWSypA_K_MtPH5d3mTys9tggF49U7Q_hVK1B0rvOY-625PNfaGsf6cxLDsMenX1ASNuhMKdcBW4rDBi7otriIDEhPYHls8ql-gfPR5tMmEO8HHcdIpin9gJDAJcZACkZe2q0XF0okBsP2tutLud_Qt9kE2jqr7C49VUnPtci5i8zxxgFnwj8nydNIemrLcStMqC1rDLSJpNL2x20UfgP533-dwkzHLr3AtNUuwJjuDETc9A-qBQxAKejX6irEbsbvdeBDkwGTJUKGC_XgUXeaoJWGq1hUAxz6s&sai=AMfl-YSnq4Dqgo7Vo-kHynW9x_8HtaipOOjG0swh5R-YAxXiNQTOoRCphlu1VPdomkc18T8qq3i8xNi8rIuWUkj3OdB_DLDdXZhVbFLrIUTVURsQYmbZ87PPGEbR0QwokmlixbEAgu70srgekQL4DHIw&sig=Cg0ArKJSzArx_yFSFKs2EAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Tue, 19 Apr 2022 17:08:17 GMT
wired_wired-news-and-science-a-timeline-of-russian-cyber-attacks-on-ukraine.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_wired.png,fl_progressive,g_face,h_450,q_80,w_800/v1647868275/ Frame BFCE 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_wired.png,fl_progressive,g_face,h_450,q_80,w_800/v1647868275/wired_wired-news-and-science-a-timeline-of-russian-cyber-attacks-on-ukraine.jpg
Requested by
Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-cbaabc24a9061ea5fbe1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.84.120.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-120-217.ewr52.r.cloudfront.net
Software
Cloudinary /
Resource Hash
b3a9e90322e216b73f8bc2e2a1dd4f32a515d10c1ef678d3aeda7aa3d0b2361f
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Origin
https://www.wired.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Via
1.1 324ee7ffbffb0a0d21b807d0d4f50eb8.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Age
56
X-Cache
Hit from cloudfront
Date
Tue, 19 Apr 2022 17:07:36 GMT
Server-Timing
fastly;dur=10;cpu=0;start=2022-04-10T16:54:07.112Z;desc=hit,rtt;dur=1
Content-Length
56832
Last-Modified
Mon, 21 Mar 2022 13:11:27 GMT
Server
Cloudinary
Cache-Control
public, no-transform, max-age=300
ETag
"b65b42752676eb7a45cb993179af17ac"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,ETag,Server-Timing,X-Content-Type-Options
Connection
keep-alive
X-Amz-Cf-Pop
EWR52-C3
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
tNLSW_V6duJq5UWnFOr2OLTt8Jeam7QwLmutRs-JexhJUtrFaaRUfA==
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/ Frame 3DF1 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N5778.119885CONDENAST/B27523353.332460082;dc_ver=86.253;sz=728x90;u_sd=1;nel=1;dc_adk=545849083;ord=f2jmru;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstEM1RKU5ZOi4Fk9S4rD52ixIS-4UL7gRploqpZlZi60u67tf3AWZSCXIMuz9I23SNsuo0h1LTVb_4-XsUS7Xhl6LlW1ulR4Owdf9k23T9MWafvQnDAYqCNUK6VEViXPazwqsztAld-tN8UXY6OeRxnFhnWPdSbOrWguXRYHMdu1fnqgAPrX3pKBDCw_HMV-vYxQvyCzdsGoHfs3BzW7CtXrVFFAUfz0UbpiMUWqxIRbEp293_94dTDvfelQpt0qke1LUHAQxOK1_ZrMZkz7NBzV1rd6pi3vE3YHmNITW_VLWCRKcN7Da5SVMrqaBJlFfVLcb8x5CN_Vw%26sai%3DAMfl-YSIzgVk2GBLcEiimVOyCbhutn4RS5pwOjk5k37Qkyk7mukHRUuM6gxcaWObElz5mR_QlVAgKj-WIfPBRn5EDfGTd5NqMC6heRAWsTWH8Ld_aZ_Cvbr_tO001Dvl400c9KQTyPmn-T8kDWIIIZ28%26sig%3DCg0ArKJSzEQFXqYZrMsmEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F$0;xdt=0;crlt=7m2-RpgUYb;stc=1;sttr=930;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:03:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
317
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 03 May 2022 17:03:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 3DF1 		0
575 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu_ZriKjfw6_OJXizzvw5IPa1aSGQ05eSf99SyjzQzWqtpjHvy5pgzD7mbAF2ceHDvNf05AGopHo2s66YdxtoqdZr91qYFLFlVbQwN6pHxC19USueyn0MLGo9js197dK6clVij-4T53d0islYw&sig=Cg0ArKJSzGcYD14XCu3OEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220413.83291&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N5778.119885CONDENAST/B27523353.332460082;dc_ver=86.253;sz=728x90;u_sd=1;nel=1;dc_adk=545849083;ord=f2jmru;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstEM1RKU5ZOi4Fk9S4rD52ixIS-4UL7gRploqpZlZi60u67tf3AWZSCXIMuz9I23SNsuo0h1LTVb_4-XsUS7Xhl6LlW1ulR4Owdf9k23T9MWafvQnDAYqCNUK6VEViXPazwqsztAld-tN8UXY6OeRxnFhnWPdSbOrWguXRYHMdu1fnqgAPrX3pKBDCw_HMV-vYxQvyCzdsGoHfs3BzW7CtXrVFFAUfz0UbpiMUWqxIRbEp293_94dTDvfelQpt0qke1LUHAQxOK1_ZrMZkz7NBzV1rd6pi3vE3YHmNITW_VLWCRKcN7Da5SVMrqaBJlFfVLcb8x5CN_Vw%26sai%3DAMfl-YSIzgVk2GBLcEiimVOyCbhutn4RS5pwOjk5k37Qkyk7mukHRUuM6gxcaWObElz5mR_QlVAgKj-WIfPBRn5EDfGTd5NqMC6heRAWsTWH8Ld_aZ_Cvbr_tO001Dvl400c9KQTyPmn-T8kDWIIIZ28%26sig%3DCg0ArKJSzEQFXqYZrMsmEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F$0;xdt=0;crlt=7m2-RpgUYb;stc=1;sttr=930;prcl=s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
moatad.js
z.moatads.com/bpi100914419959/ Frame 3DF1 		320 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/bpi100914419959/moatad.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N5778.119885CONDENAST/B27523353.332460082;dc_ver=86.253;sz=728x90;u_sd=1;nel=1;dc_adk=545849083;ord=f2jmru;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstEM1RKU5ZOi4Fk9S4rD52ixIS-4UL7gRploqpZlZi60u67tf3AWZSCXIMuz9I23SNsuo0h1LTVb_4-XsUS7Xhl6LlW1ulR4Owdf9k23T9MWafvQnDAYqCNUK6VEViXPazwqsztAld-tN8UXY6OeRxnFhnWPdSbOrWguXRYHMdu1fnqgAPrX3pKBDCw_HMV-vYxQvyCzdsGoHfs3BzW7CtXrVFFAUfz0UbpiMUWqxIRbEp293_94dTDvfelQpt0qke1LUHAQxOK1_ZrMZkz7NBzV1rd6pi3vE3YHmNITW_VLWCRKcN7Da5SVMrqaBJlFfVLcb8x5CN_Vw%26sai%3DAMfl-YSIzgVk2GBLcEiimVOyCbhutn4RS5pwOjk5k37Qkyk7mukHRUuM6gxcaWObElz5mR_QlVAgKj-WIfPBRn5EDfGTd5NqMC6heRAWsTWH8Ld_aZ_Cvbr_tO001Dvl400c9KQTyPmn-T8kDWIIIZ28%26sig%3DCg0ArKJSzEQFXqYZrMsmEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F$0;xdt=0;crlt=7m2-RpgUYb;stc=1;sttr=930;prcl=s
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
706967bbc5cc78d9c821fe3ad7c0a39d288edd4e17bbb265421165f54a0701d4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
content-encoding
gzip
last-modified
Tue, 19 Apr 2022 16:10:50 GMT
server
AmazonS3
x-amz-request-id
KHXXZPJ78TVZQ0T3
etag
"07ea4aab6aa0fbd59862fdaec18b8be9"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=64589
accept-ranges
bytes
content-length
110219
x-amz-id-2
BWmDUDXy3oEPAzXQmuWi9qYiOdAl5VoirWMcymwPNq6ynpuOdKQSD94iVPM8Jr+TOnxg7TPz7Fk=
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 3DF1 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N5778.119885CONDENAST/B27523353.332460082;dc_ver=86.253;sz=728x90;u_sd=1;nel=1;dc_adk=545849083;ord=f2jmru;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstEM1RKU5ZOi4Fk9S4rD52ixIS-4UL7gRploqpZlZi60u67tf3AWZSCXIMuz9I23SNsuo0h1LTVb_4-XsUS7Xhl6LlW1ulR4Owdf9k23T9MWafvQnDAYqCNUK6VEViXPazwqsztAld-tN8UXY6OeRxnFhnWPdSbOrWguXRYHMdu1fnqgAPrX3pKBDCw_HMV-vYxQvyCzdsGoHfs3BzW7CtXrVFFAUfz0UbpiMUWqxIRbEp293_94dTDvfelQpt0qke1LUHAQxOK1_ZrMZkz7NBzV1rd6pi3vE3YHmNITW_VLWCRKcN7Da5SVMrqaBJlFfVLcb8x5CN_Vw%26sai%3DAMfl-YSIzgVk2GBLcEiimVOyCbhutn4RS5pwOjk5k37Qkyk7mukHRUuM6gxcaWObElz5mR_QlVAgKj-WIfPBRn5EDfGTd5NqMC6heRAWsTWH8Ld_aZ_Cvbr_tO001Dvl400c9KQTyPmn-T8kDWIIIZ28%26sig%3DCg0ArKJSzEQFXqYZrMsmEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F$0;xdt=0;crlt=7m2-RpgUYb;stc=1;sttr=930;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 13:39:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
98908
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 18 Apr 2023 13:39:49 GMT
3826706485224955577
s0.2mdn.net/simgad/ Frame 3DF1 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/3826706485224955577?sqp=-oaymwENCNgFEFogAUhkUAFYAQ&rs=AOga4qmjtJRVCA41W2GhZTYh3OoBHPfAew
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ac456d0467018cd0e35499760d14af15b8b7166731eebd4cbf1b51e7c1ed7438
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 21:49:08 GMT
x-content-type-options
nosniff
age
69549
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33334
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 21:40:03 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 18 Apr 2023 21:49:08 GMT
truncated
/ Frame 3DF1 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fa9a47541dad7cca9ba2a7da3848eea0908f8ac442728c732b0670d0ec04b793

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
v1
mb.moatads.com/ot/ 		47 B
220 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mb.moatads.com/ot/v1?url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&pcode=moatot&ord=1650388097367&jv=779176799&callback=OneTagNadoscallback_14653336
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/condenastdfp9588492144/moatad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.220.129.77 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-220-129-77.us-east-2.compute.amazonaws.com
Software
TornadoServer/5.1.1 /
Resource Hash
8f7fd68753e8be8d5b077184536f30fba0182910059ff59c503e090b704f3087

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
cache-control
max-age=900
server
TornadoServer/5.1.1
timing-allow-origin
*
etag
"7730bdcd6219e1e92fbcdc42506becaa7bc477fd"
content-length
47
content-type
text/html; charset=UTF-8
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CONDENAST_PREBID_HEADER1&hp=1&zMoatAdUnit1=conde.wired&zMoatAdUnit2=rail&zMoatAdUnit3=security&zMoatAdUnit4=article&wf=1&ra=3&pxm=3&sgs=3&vb=14&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=https%3A%2F%2Fapple.news&t=1650388093410&de=958190893268&rx=878667589509&m=0&ar=bee2df476bf-clean&iw=5eeb72d&q=2&cb=0&cu=1650388093410&ll=2&lm=0&ln=0&em=0&en=0&d=4660981638%3A2443012271%3A4884048123%3A138273356291&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&bo=conde.wired&bd=1&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=condenastprebidheader987326845656&fd=1&ac=1&it=500&pe=1%3A628%3A628%3A0%3A735&fs=198121&na=1742918946&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:17 GMT
ads
pubads.g.doubleclick.net/gampad/ Frame BFCE 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?sz=640x360|480x70&iu=/3379/conde.wired/rail-player/security/article&ciu_szs=300x60&gdfp_req=1&env=vp&output=vmap&unviewed_position_start=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd%26cnt_cm%3Dcm_pay_ent_sample%252Ccm_pay_scope_none%252Ccm_pay_ent_sample_cnt_1%252Ccm_pay_ent_sample_max_4%26vnd_4d_sid%3D8eaeadd8-b23f-4df8-8692-888f7fc5dce8%26vnd_4d_pid%3Db8c5454f-ed15-4054-8d4c-c698d3ec1f22%26ctx_line_items%3D%26timeout%3D500%26height%3D208%26muted%3D1%26right_rail%3D1%26sensitive%3D0%26series%3D5e30812e42b5f06e7765e942%26width%3D370%26feature_flags%3Dsticky-player-rail&correlator=1230515925443800&description_url=https%3A%2F%2Fwww.wired.com%2Fvideo%2Fwatch%2Fwired-news-and-science-a-timeline-of-russian-cyber-attacks-on-ukraine&vid=6230c6615577c237274617fc&cmsid=1495&ppid=c0aa10cc32ef4371a838e477580f9efd
Requested by
Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-cbaabc24a9061ea5fbe1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
9c6af7319925a54e7535a35f346c01e755e4049dba8c3ff7132da61cfdabd8a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1405
x-xss-protection
0
google-lineitem-id
0
pragma
no-cache
server
cafe
google-creative-id
0
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
wired_wired-news-and-science-a-timeline-of-russian-cyber-attacks-on-ukraine.jpg
dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_wired.png,fl_progressive,g_face,h_450,q_80,w_800/v1647868275/ Frame BFCE 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dwgyu36up6iuz.cloudfront.net/heru80fdn/image/upload/c_fill,d_placeholder_wired.png,fl_progressive,g_face,h_450,q_80,w_800/v1647868275/wired_wired-news-and-science-a-timeline-of-russian-cyber-attacks-on-ukraine.jpg
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.84.120.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-120-217.ewr52.r.cloudfront.net
Software
Cloudinary /
Resource Hash
b3a9e90322e216b73f8bc2e2a1dd4f32a515d10c1ef678d3aeda7aa3d0b2361f
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security
max-age=604800
Via
1.1 75e33350c9c4e8f80789197bf361fe12.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Age
56
X-Cache
Hit from cloudfront
Date
Tue, 19 Apr 2022 17:07:36 GMT
Server-Timing
fastly;dur=10;cpu=0;start=2022-04-10T16:54:07.112Z;desc=hit,rtt;dur=1
Content-Length
56832
Last-Modified
Mon, 21 Mar 2022 13:11:27 GMT
Server
Cloudinary
Cache-Control
public, no-transform, max-age=300
ETag
"b65b42752676eb7a45cb993179af17ac"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,ETag,Server-Timing,X-Content-Type-Options
Connection
keep-alive
X-Amz-Cf-Pop
EWR52-C3
Accept-Ranges
bytes
Timing-Allow-Origin
*
X-Amz-Cf-Id
3jYMV6i7F7BVGAF_4TSKO3BFaYcUh8LNclfgaO5fFyqaKDt1xQlBHQ==
pixel
analytics.tiktok.com/api/v2/ 		0
570 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C1IQID9FKFK1PHD4UBH0&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.216.132.73 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-216-132-73.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
server
nginx
x-tt-logid
2022041917081701011300622100D477A4
x-cache
TCP_MISS from a23-216-133-201.deploy.akamaitechnologies.com (AkamaiGHost/10.7.4-40388856) (-)
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
26,23.216.133.201
x-tt-trace-host
01e9de859ad2e33abbaf7df8cd5e2b0dec9444231d4d34e7deb178556866b47fa9336a835bdfb9c1c289daf9a8892e97cef524c34981a81f5be8debb6b5355c7e59da711554d3467944e81166f3bdb968f39db14a4ba06751064c7a712783b180b
server-timing
inner; dur=18, cdn-cache; desc=MISS, edge; dur=0, origin; dur=26
x-akamai-request-id
2640c340
content-length
0
expires
Tue, 19 Apr 2022 17:08:17 GMT
conde_nast_xid
ids.ad.gt/api/v1/put/ 		43 B
382 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/put/conde_nast_xid?conde_nast_xid=c0aa10cc-32ef-4371-a838-e477580f9efd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.148.204.204 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-204-204.us-west-2.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
cache-control
public, max-age=43200
server
nginx/1.20.0
content-type
image/gif
expires
Wed, 20 Apr 2022 05:08:17 GMT
8b3d4565-6e79-4f20-a3d2-7937fcddeeb1file-1422k-128-48000-768.m3u8
dp8hsntg6do36.cloudfront.net/6230c6615577c237274617fc/ Frame BFCE 		6 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dp8hsntg6do36.cloudfront.net/6230c6615577c237274617fc/8b3d4565-6e79-4f20-a3d2-7937fcddeeb1file-1422k-128-48000-768.m3u8?requester=oo
Requested by
Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-cbaabc24a9061ea5fbe1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-31.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
53aa0bae643b9b505cfe9b04fae4635ec9df43990e95467d61c75719f00108ba

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Mon, 18 Apr 2022 20:14:08 GMT
Content-Encoding
gzip
Vary
Origin
Age
75250
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Access-Control-Allow-Origin
*
Last-Modified
Tue, 15 Mar 2022 19:14:06 GMT
Server
AmazonS3
ETag
W/"8af4bbc37d30cdb6e69b8052b7907654"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, HEAD
Content-Type
application/x-mpegURL
Via
1.1 bc4b5a0c950f70df08b33cfb9288c098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
JFK51-C1
X-Amz-Cf-Id
qmU6-OEZZfXPJt7-CYjTwIaCVZrFGDOUyFh6L54MGvo_lEnqyOKHTg==
view
securepubads.g.doubleclick.net/pcs/ Frame 3419 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuuUWkkmjS87voUfiEGYqO58RroOcdk1274vpHJSNA7PJPTi4bE8-ExiJ6hP2CNrw6MKwMt28Lm4Y4fYI1QrkxLhf1cCCN-TXcmBIbmmUj_KPGXECN6PhPiqT9uh0YBnz41YXop4smQH9qznO9FEyqvP_t1J9IgG1OvaeewMeW6bLzbXgG1sffijCBo-hmiIx5fCtgF0A4mmwBmOHfoSJ3kZHjU4q1MpqEneRtC3FOGHVrPiu6WZQB2QQJRDplmZ-uDPrAA02-CVv1N_16vF0jCzKDCiJu735DOS1M9vx7VVbXhJDH4fb54O7Qmi-z4wDFXAeDmjsZ10vGdJ6lT3MbaeH4&sai=AMfl-YTtWTzCpyHK-9qMQmnUzFZM-WLE_srjp-cgQ8CmnM2SY4XaklXSAVbPdhYT2PqSBtKH4KxpQ2dHrUpHlrYUTnp56kLLlLZ1vBGX9k6h2dnC8wSbweTFfuiF49ZMCGVOP2zj6tsgUl7zBarrVEtS&sig=Cg0ArKJSzAlnWoHWjz_ZEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Tue, 19 Apr 2022 17:08:17 GMT
truncated
/ Frame 3419 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8de15a24d9e83289c657a5b8c73a31c2f39cd417104087dec5d49a124aa7ec3c

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
pixel.gif
load77.exelator.com/ Frame D96F
Redirect Chain
  • https://loadm.exelator.com/load/?p=204&g=091&j=0&bi=51128452588216843153317871896908876551
  • https://loadm.exelator.com/load/?p=204&g=091&j=0&bi=51128452588216843153317871896908876551&xl8blockcheck=1
  • https://load77.exelator.com/pixel.gif
43 B
333 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://load77.exelator.com/pixel.gif
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
2a02:6ea0:c400::11 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-77-nzt
AZySJBY0cef/T7oNAA
x-accel-expires
@1650525235
date
Tue, 19 Apr 2022 17:08:18 GMT
etag
"59f0c3fc-2b"
last-modified
Wed, 25 Oct 2017 17:03:56 GMT
server
CDN77-Turbo
x-77-nzt-ray
OLly4JDNS+8
x-77-cache
HIT
content-type
image/gif
access-control-allow-origin
*
x-cache
HIT
x-age
899663
accept-ranges
bytes
x-77-pop
newyorkUSNY
content-length
43

Redirect headers

date
Tue, 19 Apr 2022 17:08:17 GMT
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://load77.exelator.com/pixel.gif
cache-control
no-cache
access-control-allow-credentials
true
content-type
image/gif
content-length
0
halo_match
ids.ad.gt/api/v1/ 		43 B
471 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ids.ad.gt/api/v1/halo_match?id=709de7b3-ad72-41b0-a5a3-bee226fa562e&halo_id=02018hqkt607jv2yg08xizqr0bwpa1w0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj90fzd0bt1elzfjf1hl5r1i1kkc2jl
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.148.204.204 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-204-204.us-west-2.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
cache-control
public, max-age=43200
server
nginx/1.20.0
content-type
image/gif
expires
Wed, 20 Apr 2022 05:08:17 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame C454 		0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CNix6QEQmf2z2wIYqeTMxQEwAQ&v=APEucNW7yR6QRRRQqxz-zaUunCP7Ubr9DyX3l2NuEx0IS9e3yjBB6yAVd3Atvd1SSpkjGQuyjxnnBN4I8FtXxdOrIcRT04RabA
Requested by
Host: 0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com
URL: https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 17:08:17 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 9649 		56 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dj1JhmSPRAjTvNBjjXJR9bPVS9zQjDz9dSO_eNG-XN2MFZsiRA60MEnbTi5y-IpwZBrgrvKm73KmrkcRCs8ZGEg1a-MamkRAlxnbeCWkt-qNqWvgQ3SnSr_KvGrmz5sZtBGkNpIk0noWwcSZ1D7LJivPkjOg&dbm_d=AKAmf-ADaHd6KYXhuKdgI03gyNRDZRIKTazJtbnnfJK2gQ-c4Qgjvz7MjHlfNLsHoZtlFUVoith4zhxAuFyY0cXfWNyvSSu-YCkcocQ3slfWdI7mlQ7NnwDbM_IW67nxdZUfgL3d-bQR4IqDLY1OYvTpCNV8KgMIcn2ygsAyuanpO2v0J1Og8qk0YDvBZnCwHJ7UHsoxCQv2yyiduQ5zlCuNYiRK_Gw2acYjxAHDWdvUCcl1NLJibpg3KdzCNOgqT0YZ0evJPYTROJx__twFYsqP75P7dcreHXYs7W0mqpwJJRWS8Keodg0pBC37vw-OiUxJkvwems_NKY8VkPZIEysoXD0lpUfx1j1aLlQZR5_jMFMCX0TvGS6gBobTav_iJrKbbgu-vSZ8UL-7ic54hoYbiaTL-DCZXtAN2KhEIGj1Zm81uPLD20NmaQVb52dUNzeGHPsqJPp_3sVovlIv19IQLMfhocpz8wdmW9IiOJNpSctkiRblsXYZdsDZXVjbWY7tRlHuExokUROOULRZPK7qItJI0zcJK9VabBbr2aj2Xyczfzwre_pBN3RfZz7xvIDTnUcssPDgsngI0XX7cnw5cvZTAngL-FujIoZLtSlA6HfPknUK5UUp7XsUUDPNTMpYa1kwKLXFsR-gf0txrUZ5Mu3OeRB3PJKtSzP6_urRQmnyVfx3zaf5ydq8pIO7s9H_RC1Ar8MUHZArhEvmneWMJJ1lBDoXzu_-G3VJRIgaiCjKKbqTgN6B3aXqZT2VG8r3uBX4uiWFrTATZcCFoZGcvM94Q9uXrfFymdn9oCDVRd9Ia5abXM4j4EDMSGtOHYaZIMy0kJRCt-uf6sS6J-EEmCiFS_ZyKYHA7xx8P_IJ-c43vOYnDsqsoH-TnGobybBb4WB5_T8Z5l3qbdKnkHonU7aUI3Vt5bz1nU2bQPogPddHH4rD-fQKZgDXlJ0iYOGFePV_2yx3tEw7agde7rEC1N1g7mm2bgWopZmSVBlsOZpHpD3r2qO3CItymDt_9gM_ZlfKmWkEARuOmWIaLMB3AxcnFUKo_Mx1VhXmaF9W-uuiHa7Eksn4MtAD5iAesEiQflqquaAPh9KZIp9DBYpar2cxDMPvRpXXsDtM4PbQlcN2vfv1qi6ID-fJJiun30VP0g76jJ6x6D32oZdl3BGiKQZjMut50DmL60q7TfCV51IGhKSXsG2JP6sRfOwvfPybit0Ro1GvZuBbCXMZD33zZdVeFGemXYdcuh924iYFUYSxlQoQz6Z1NUeHkqq1LTywjdfhn8PI7JCO8jnUj_dnR_INe2-otWK-aSid29EdJNrvWhusPX_EUTbACQ-VosC5GHm5d0jnrFpWR7J1VMgnGY2j-5IDVaUsF9iBuVLWk7IJFxHBuCubql5z3X7p5LHK3IPCzKNMliLpsE45DznEEbJyrVA7ylbzbdhVKot_kVJEjcpgb7H0pyBAjqoPexLyCIQqChG5M0BDcxtFmGWjbGo1eRuUzQFSK15VFzwtlyMDk-uJG78Tj4sE8D9s6LgAs4FyCIjJdzUuX2uJK1y_mte92ze6a5LioX2QQ7yKI8ql3Wfc3HZ5KkamLk9jKbh8nN2jlB9M-6u93pdWnKkknrTmac9bRcEin7WiiBzioNNnuGD5e3NE9vlQPQdOTg5PjXRfEVnc8sdBnL7KCe8ApBoMO13-QMHsD4j5Ru3rik231MJ51DMYdpJZZGZJ2QBFtYGX2SxOSFQ9r1aXRzaK_ROEkKZgyOxG6UIpv2ye-5hbLBIH8bN83frlov7dvpOOo95rJv8ndUiZJPbLSzVKJ-grVCvzG46LG4AfEfcPlYVBI_suAd-A10mLhidA_hmofz5cRl-xPXF20pC78pnt8u1DzfbQYzmvTY_mPkY9aC3ttJkxKBWaAtH0NQOz1ZDnhrsFmwkpL6qnwxNA-gfPAi7hWmpJ7D7iocIsLl-IzNKAkpbKif-gdIYxAuRF1g0w6dD6Y93srbB5O5IqFQySnAHuIb1spfwyTPEqK-KmCIH95nWRi_pJjrkPGnatMV3h-uSCaYf6mQR6FyWROPeAwHYaLFHRs_c0rpGOn2MKIIoBE29lJUFSEtWppljtVfRBGlQyjwGs248c85OxxvB-ExUO3Bm9qk89U-0yc_QS-8FMP2bxOg25WSGoCUqoKo2RrVw23DBvwgGQhyBbNcHQWfJDUd_nSU7slMYqKRiHybm3IFbo7JjuyEFdYuAY7dyPzVe7AnHGWw4ZFjkT-jRnP54cBvZi6Bn4IUiym9gfl15KGizJWFox4giG4XlrvNifDZc0UbQOsN22IiG84HqQU7iztNk3VxC_TSSUebOAUJGASra9NMmr0h2HOzhrOoLjNLQd7_s6oK8OHtiuAMzyrB4lOSiWP08iQ-nUDOpXnT3chNIwNyPlZj5lNDz8zJLAwBz7UaPLj0crF1Lnb6SXLd3OcTW6ctZoWNLwrQrF3OBeoPhi0PGpcgaUIgLBKppmfsd9OGYJvV7NEdBQwJO8YSh3cc0rtmuHatDwBtkMQYP7b2slR9lx6rD0VIeJtajC-6qZM6HFIJec7RTTNy1rjahpyr7vfdMAUt7RIqu4QGXLPBos-Vro7LHlj1QQdBrnWI3JwVvXVsq6r7SxO5f4JRDH3lMm4WGR1PCxJK9q9OmDNEJX1dAaHXFbXzE2_79UDs5lIP4ywIX57OG2x7HWhfcietNxGfuj3Er2Ewoc6tEXGp2ODNmmNBdweBHoNG8y71Rv8lUYxvh3viWj2aIKOu6ravDSEKFHkYNQnZzgQGsxQaD3U74qi9UtigjV8oH_zhShDFtY0mdcmYEn-ApvwgEpLuQMl2ryGs9CFWbQabLM_bb52sJBGCFkCKpeOE-asF12xEhTYe1Yk6TSR3p9glbTMj5L0l1wCp73uVRZPaUZv1ToL4edY4L0n2eOTB3rq6ispAAKDQn1EeptooR9QWKCkDYgMK0dZSZfqhcWnsl_8syPI9UjqRH8J3r_u3Jw0gO54NIVU0W022UV2xvCibwgPCJkoxmIE-UKyUj8y0yUKOljc8mxyVQDusjJ8B_R18WgvwqMW7VMxN5QVggOBtP8MYu1HR9LFZVJn401Pft-39x7OMYwOCFleDFJ0lRoi-uauZk9Q5GDF-i-krRM0BVPHIAKYdxpvmnRXIEOLk0UNmxp1UD4TLNxgjGOMdnjPbozgY3Gtk4gweKBtBfDQqECXhZKCV4mlbYvdAiylF7eGUWDyM0OIZOXy5g8i9PhCPo_YZL8_KrytQNyRNtUJtoartyq_HsZqiAqhePYbRyMIznYE5a3u9VyB7wNNlkpj5p_-IW4z0lvsCEYcQodh9ZijgI5tGuLYxq1dsOeO8-xrWDsJ9hklQzQHA2vP_etAIR5ExJQpmRri2IixvOzRPQhqxr1TzbqF0wc1jwnjYyBi-Fy4uuFD0ge_tR8WToaNkEP1hzttJUu5DaiwAvX9Ym_dYz8NA&cid=CAASUORoTsTM4iTBHuy07xhNPRGP_aApeuEiO4QaV8Zfq-OaZkYhPJcNv3xYrDDud_js2kDvEVkkvxGDTJmA8xwEJoDW2gELP9At20ttn4j_MBXu&rfl=1%2Chttps%253A%252F%252Fwww.wired.com%252Fstory%252Fpipedream-ics-malware%252F%240
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
70e71a35d3be30acb68e2a9586af4175fc376a85c8127db173b3c246190d4bd7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27563
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9649 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CVtOLq2ZEyzG_M91LPlMi-POYNBhF3CD0AjR3Rb_4w4aLyVhVb-XgiKDEkQeZ-bhMVoKrzu6Cf-zYsx_ObnVdibAdotnFXxTEEA4UV2Y3IZ8QIh-k
Requested by
Host: 0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com
URL: https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 9649 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: 0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com
URL: https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:06:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 03 May 2022 17:06:46 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 9649 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com
URL: https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650281421154365"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 19 Apr 2022 17:08:17 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 9649 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: 0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com
URL: https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:01:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
388
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 03 May 2022 17:01:49 GMT
getpixels
pixels.ad.gt/api/v1/ 		0
52 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pixels.ad.gt/api/v1/getpixels?tagger_id=cca944d7b99b42fb8487a82caff5e9f7&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&code=%27none%27
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/57
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.81.107.237 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-81-107-237.us-west-2.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
server
nginx/1.20.0
ecommerce.js
www.google-analytics.com/plugins/ua/ 		1 KB
763 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ecommerce.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 16:59:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
557
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
738
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 19 Apr 2022 17:59:00 GMT
ec.js
www.google-analytics.com/plugins/ua/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ec.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 16:19:24 GMT
content-encoding
br
x-content-type-options
nosniff
age
2933
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1129
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 12:48:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 19 Apr 2022 17:19:24 GMT
collect
analytics.google.com/g/ 		0
346 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-P1P55J3LNW&gtm=2oe4d0&_p=1715062932&_z=ccd.NLB&_gaz=1&cid=145265742.1650388094&ul=en-us&sr=1600x1200&_s=1&dl=%2Fstory%2Fpipedream-ics-malware%2F&dr=https%3A%2F%2Fapple.news%2F&sid=1650388096&sct=1&seg=0&dt=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking%20%7C%20WIRED
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P1P55J3LNW&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-P1P55J3LNW&cid=145265742.1650388094&gtm=2oe4d0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P1P55J3LNW&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-P1P55J3LNW&cid=145265742.1650388094&gtm=2oe4d0&aip=1&z=1918629425
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1663130473914833
connect.facebook.net/signals/config/ Frame BFCE 		308 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1663130473914833?v=2.9.57&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8322f3f2eb2d31924aeb8d98a2709a4a1591a2f0a3afd1575410e5777fca1a44
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
89723
x-xss-protection
0
pragma
public
x-fb-debug
L76qxfMZmTryOtsoC+/2K/K7rGa6tFh/+atddqhAIK3SzUau9IJyT0+F/tUgab5bY7LKM/2VqqYQPeQn5Z2IkQ==
x-frame-options
DENY
date
Tue, 19 Apr 2022 17:08:17 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ Frame 7963 		0
18 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.wired.com
Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.wired.com
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 17:08:17 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
rid
match.adsrvr.org/track/ 		0
577 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=3egfyfq&fmt=json
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/javascript
access-control-allow-origin
https://www.wired.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
0
expires
Wed, 19 Apr 2023 17:08:17 GMT
envelope
api.rlcdn.com/api/identity/ 		0
252 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=1422
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.155.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.155.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.wired.com
access-control-allow-credentials
true
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length
0
pd
us-u.openx.net/w/1.0/ Frame F9D4 		757 B
482 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/pd?plm=6&ph=92a42b2b-081a-4be8-96bc-8a959e4a3060&gdpr=0&us_privacy=1---
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
73f666a2e19b1156d66b729d05ff091cea592b71589c5c4b96c7fa52e7a42663

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
463
content-type
text/html
date
Tue, 19 Apr 2022 17:08:17 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame FE37 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
42390
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 19 Apr 2022 17:08:17 GMT
ETag
W/"623de86a-cf34"
Expires
Sun, 17 Apr 2022 05:21:43 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
150347, 176895
X-Served-By
cache-lga21969-LGA, cache-yul12833-YUL
X-Timer
S1650388098.709926,VS0,VE0
ixmatch.html
js-sec.indexww.com/um/ Frame C9B6 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Tue, 19 Apr 2022 17:08:17 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame F481 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?us_privacy=1---
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.78.168.242 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-78-168-242.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Tue, 19 Apr 2022 17:08:17 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 1151 		757 B
482 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd?us_privacy=1---
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
73f666a2e19b1156d66b729d05ff091cea592b71589c5c4b96c7fa52e7a42663

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
463
content-type
text/html
date
Tue, 19 Apr 2022 17:08:17 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame FBF6 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
42390
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Tue, 19 Apr 2022 17:08:17 GMT
ETag
W/"623de86a-cf34"
Expires
Sun, 17 Apr 2022 05:21:43 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
150347, 176594
X-Served-By
cache-lga21969-LGA, cache-yul12822-YUL
X-Timer
S1650388098.708511,VS0,VE0
ixmatch.html
js-sec.indexww.com/um/ Frame 248C 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Tue, 19 Apr 2022 17:08:17 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame A94A 		35 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
637c4198d1e0038482b127e7c97893d08ecc6bb56b39acae4e91a9fdbae3ca3b
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
11643
content-type
text/html; charset=UTF-8
date
Tue, 19 Apr 2022 17:08:17 GMT
expires
Thu, 21 Apr 2022 17:08:17 GMT
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
checksync.php
contextual.media.net/ Frame 76F8 		35 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Requested by
Host: www.wired.com
URL: https://www.wired.com/hotzones/esi/wired/prebid.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
637c4198d1e0038482b127e7c97893d08ecc6bb56b39acae4e91a9fdbae3ca3b
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
11643
content-type
text/html; charset=UTF-8
date
Tue, 19 Apr 2022 17:08:17 GMT
expires
Thu, 21 Apr 2022 17:08:17 GMT
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
moatvideo.js
z.moatads.com/condenastjsvideocontent160527792519/ Frame BFCE 		316 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/condenastjsvideocontent160527792519/moatvideo.js
Requested by
Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-cbaabc24a9061ea5fbe1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
64612d60a42c4b3420243f134a978924d869c0387c9a2756cd538924144b19d5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
content-encoding
gzip
last-modified
Tue, 19 Apr 2022 16:11:27 GMT
server
AmazonS3
x-amz-request-id
KHXR704BJV4YWAGC
etag
"60d43463deb650d8cdf007814f197335"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=64696
accept-ranges
bytes
content-length
108017
x-amz-id-2
GTNNu59/5ppF0qzB/lfjaJj7gKNErTgwA0xrCmQKgDgP6Uo7Lmc1IvVSiUtjd238V7yPcFBnemU=
track
capture.condenastdigital.com/ Frame BFCE 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_o=cne&_ts=2022-04-19T17%3A08%3A17.690Z&_c=Video%20Ad&_t=Ad%20Call%20Made&app=playerservice&cBr=wired&cCh=videos%2Fshow&cCu=https%3A%2F%2Fwww.wired.com%2Fvideo%2Fwatch%2Fwired-news-and-science-a-timeline-of-russian-cyber-attacks-on-ukraine&cId=6230c6615577c237274617fc&cKe=Russian%20Cyber%20Attacks%2Crussia%20ukraine%2Cukraine%20vs%20russian%2Cukranian%20invasion%2Cukraine%20cyber%20attacks%2Ccyber%20attacks%20ukraine%2Cukraine%2Crussia%20and%20ukraine%2Crussian%20cyber%20attacks%2Crussian%20cyber%20attacks%20timeline%2Ctimeline%20of%20cyber%20attacks%2Crussian%20attacks%2Cwired%20russia%2Crussia%20attacks%2Cwired%20cyber%20attacks%2Csandworm%2Csandworm%20russia%2Crussia%20sandworm%2Crussia%20worm%2Ccomputer%20worm%2Crussia%20computer%20worm%2Ccomputer%20worm%20russia%2Ckremlin%2Ckremlin%20cyber%20attack%2Ccyber%20attacks%20kremlin&cPd=2022-03-16T16%3A00%3A00%2B00%3A00&cTi=A%20Timeline%20of%20Russian%20Cyberattacks%20on%20Ukraine&cTy=%2F3379%2Fconde.wired%2Frail-player%2Fsecurity%2Farticle&mDu=457&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&pWw=370&pWh=208.125&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&uId=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&xid=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22contentStartType%22%3A%22manual%22%2C%22doNotTrackSetting%22%3Anull%2C%22environment%22%3A%22oo%22%2C%22gitBranch%22%3A%22master%22%2C%22gitSha%22%3A%22537481b%22%2C%22guid%22%3A%22961e8a96-ee95-a9c7-4e48-c49cbb16683b%22%2C%22isMobile%22%3Afalse%2C%22isVerso%22%3Atrue%2C%22initialPlayerStartType%22%3A%22autoplay%22%2C%22playerDepth%22%3A1268.703125%2C%22playerType%22%3A%22interlude%22%2C%22playsOnPage%22%3A0%2C%22prerollPlayed%22%3Afalse%2C%22recAlgorithm%22%3A%22copilotIdOverride%22%2C%22recStrategy%22%3A%22copilotIdOverride%22%2C%22sticky%22%3Afalse%2C%22stickyPosition%22%3A%22%22%2C%22isRightRail%22%3Atrue%2C%22tabStatus%22%3A%22active%22%2C%22versoContentType%22%3A%22article%22%2C%22videoViews%22%3A1%2C%22viewportStatus%22%3A%22OUT_OF_VIEWPORT%22%7D&dim2=%7B%22adBlocked%22%3Afalse%2C%22adId%22%3A%22%22%2C%22adType%22%3A%22%22%2C%22creativeId%22%3A%22%22%2C%22wrapperAdIds%22%3A%22%22%2C%22wrapperAdSystems%22%3A%22%22%2C%22dfpLineItem%22%3A%22%22%2C%22publicaEnabled%22%3Afalse%2C%22podIndex%22%3A%22%22%7D&videoViews=1&adId=&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=a61a3c7a-01d9-4175-8ab8-7171949de605&contentType=article
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:17 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
view
googleads4.g.doubleclick.net/pcs/ Frame 3DF1 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu_ZriKjfw6_OJXizzvw5IPa1aSGQ05eSf99SyjzQzWqtpjHvy5pgzD7mbAF2ceHDvNf05AGopHo2s66YdxtoqdZr91qYFLFlVbQwN6pHxC19USueyn0MLGo9js197dK6clVij-4T53d0islYw&sig=Cg0ArKJSzGcYD14XCu3OEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=357&vt=11&dtpt=356&dett=2&cstd=0&cisv=r20220413.83291&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N5778.119885CONDENAST/B27523353.332460082;dc_ver=86.253;sz=728x90;u_sd=1;nel=1;dc_adk=545849083;ord=f2jmru;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjstEM1RKU5ZOi4Fk9S4rD52ixIS-4UL7gRploqpZlZi60u67tf3AWZSCXIMuz9I23SNsuo0h1LTVb_4-XsUS7Xhl6LlW1ulR4Owdf9k23T9MWafvQnDAYqCNUK6VEViXPazwqsztAld-tN8UXY6OeRxnFhnWPdSbOrWguXRYHMdu1fnqgAPrX3pKBDCw_HMV-vYxQvyCzdsGoHfs3BzW7CtXrVFFAUfz0UbpiMUWqxIRbEp293_94dTDvfelQpt0qke1LUHAQxOK1_ZrMZkz7NBzV1rd6pi3vE3YHmNITW_VLWCRKcN7Da5SVMrqaBJlFfVLcb8x5CN_Vw%26sai%3DAMfl-YSIzgVk2GBLcEiimVOyCbhutn4RS5pwOjk5k37Qkyk7mukHRUuM6gxcaWObElz5mR_QlVAgKj-WIfPBRn5EDfGTd5NqMC6heRAWsTWH8Ld_aZ_Cvbr_tO001Dvl400c9KQTyPmn-T8kDWIIIZ28%26sig%3DCg0ArKJSzEQFXqYZrMsmEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F$0;xdt=0;crlt=7m2-RpgUYb;stc=1;sttr=930;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
view
securepubads.g.doubleclick.net/pcs/ Frame 3DF1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsujZA9rro7U1kdepRL3BsIr6ZgtOJ3cl2ilf6OnpBTmu6H1kqNgpEr8gU-z3vadXrWVhWuNJKEvrC338Vhb3yGAJlzBxKFElcaXXpp5GPKcVIfGG3ll1bL_tgE_iLvVVW6g_XdlsQLouqj9pYya_uBkvaSY4bw6j-K5PET1R0VXsQL_KRnkE4rM1x_5fSPuIAXgBFLX5pEvHocSMuIwsBSklJA589AaNDuCN5jP6bCoOPkUiZMFMVnm1mTkm1dCSK6ac_kRlnTgjwg-v8-oc4rFfPPH3A7NSB_PfJhi8aeZ2UUczmjEfIMYKZRNwroNKhroDFsm4bnxGdUimLEp&sai=AMfl-YSVKfXYz8MXqu55SI8iYGAxsrTi0-RZUwRYfcTMM92v2ci42NeL4K6QkDE1H5wstZ456nE13zShVNmdZsVxzpoKVl5fqMU8z7YiLxJIcQnLzdX5IlFt6VZ9RA5v6f9Tg_hbhPF1T8qMmSyhTCch&sig=Cg0ArKJSzACleAQ9Dyk9EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Tue, 19 Apr 2022 17:08:17 GMT
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=conde.wired&zMoatAdUnit2=rail&zMoatAdUnit3=security&zMoatAdUnit4=article&wf=1&ra=3&pxm=3&sgs=3&vb=14&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2F0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&i=CONDENAST_PREBID_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%23Vyt9.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-3gPfcs6wZ10QbMk%2BqjMratT%2F8IKBUGMSV3D%2B4hwCudYVWqlJ9ew2bEg%3D&rs=1-8mrC8H1EcAEJWg%3D%3D&sc=1&os=1-8Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&g=0&h=600&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=1066.65625&gp=1559.625&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&f=0&j=https%3A%2F%2Fapple.news&t=1650388093410&de=958190893268&rx=878667589509&cu=1650388093410&m=4143&ar=bee2df476bf-clean&iw=5eeb72d&cb=0&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=1559.625&lb=6434&le=1&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A628%3A628%3A0%3A735&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=393&cd=0&ah=393&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=4660981638%3A2443012271%3A4884048123%3A138273356291&bo=conde.wired&bd=1&gw=condenastprebidheader987326845656&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&hv=findIframeAds&ab=2&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&tc=0&fs=198121&na=2102642099&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:17 GMT
ibs:dpid=420&dpuuid=625eec81fadc6195
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://su.addthis.com/red/usync?pid=16&puid=51128452588216843153317871896908876551&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D420%26dpuuid%3D%7B%7Buid%7D%7D
  • https://dpm.demdex.net/ibs:dpid=420&dpuuid=625eec81fadc6195
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=420&dpuuid=625eec81fadc6195
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-1-v028-09a8bf43f.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
MibRRvgPTqY=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=420&dpuuid=625eec81fadc6195
pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
cache-control
max-age=0, no-cache, no-store, no-transform
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
integrator.js
adservice.google.com/adsid/ Frame BFCE 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.wired.com
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 9649 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dj1JhmSPRAjTvNBjjXJR9bPVS9zQjDz9dSO_eNG-XN2MFZsiRA60MEnbTi5y-IpwZBrgrvKm73KmrkcRCs8ZGEg1a-MamkRAlxnbeCWkt-qNqWvgQ3SnSr_KvGrmz5sZtBGkNpIk0noWwcSZ1D7LJivPkjOg&dbm_d=AKAmf-ADaHd6KYXhuKdgI03gyNRDZRIKTazJtbnnfJK2gQ-c4Qgjvz7MjHlfNLsHoZtlFUVoith4zhxAuFyY0cXfWNyvSSu-YCkcocQ3slfWdI7mlQ7NnwDbM_IW67nxdZUfgL3d-bQR4IqDLY1OYvTpCNV8KgMIcn2ygsAyuanpO2v0J1Og8qk0YDvBZnCwHJ7UHsoxCQv2yyiduQ5zlCuNYiRK_Gw2acYjxAHDWdvUCcl1NLJibpg3KdzCNOgqT0YZ0evJPYTROJx__twFYsqP75P7dcreHXYs7W0mqpwJJRWS8Keodg0pBC37vw-OiUxJkvwems_NKY8VkPZIEysoXD0lpUfx1j1aLlQZR5_jMFMCX0TvGS6gBobTav_iJrKbbgu-vSZ8UL-7ic54hoYbiaTL-DCZXtAN2KhEIGj1Zm81uPLD20NmaQVb52dUNzeGHPsqJPp_3sVovlIv19IQLMfhocpz8wdmW9IiOJNpSctkiRblsXYZdsDZXVjbWY7tRlHuExokUROOULRZPK7qItJI0zcJK9VabBbr2aj2Xyczfzwre_pBN3RfZz7xvIDTnUcssPDgsngI0XX7cnw5cvZTAngL-FujIoZLtSlA6HfPknUK5UUp7XsUUDPNTMpYa1kwKLXFsR-gf0txrUZ5Mu3OeRB3PJKtSzP6_urRQmnyVfx3zaf5ydq8pIO7s9H_RC1Ar8MUHZArhEvmneWMJJ1lBDoXzu_-G3VJRIgaiCjKKbqTgN6B3aXqZT2VG8r3uBX4uiWFrTATZcCFoZGcvM94Q9uXrfFymdn9oCDVRd9Ia5abXM4j4EDMSGtOHYaZIMy0kJRCt-uf6sS6J-EEmCiFS_ZyKYHA7xx8P_IJ-c43vOYnDsqsoH-TnGobybBb4WB5_T8Z5l3qbdKnkHonU7aUI3Vt5bz1nU2bQPogPddHH4rD-fQKZgDXlJ0iYOGFePV_2yx3tEw7agde7rEC1N1g7mm2bgWopZmSVBlsOZpHpD3r2qO3CItymDt_9gM_ZlfKmWkEARuOmWIaLMB3AxcnFUKo_Mx1VhXmaF9W-uuiHa7Eksn4MtAD5iAesEiQflqquaAPh9KZIp9DBYpar2cxDMPvRpXXsDtM4PbQlcN2vfv1qi6ID-fJJiun30VP0g76jJ6x6D32oZdl3BGiKQZjMut50DmL60q7TfCV51IGhKSXsG2JP6sRfOwvfPybit0Ro1GvZuBbCXMZD33zZdVeFGemXYdcuh924iYFUYSxlQoQz6Z1NUeHkqq1LTywjdfhn8PI7JCO8jnUj_dnR_INe2-otWK-aSid29EdJNrvWhusPX_EUTbACQ-VosC5GHm5d0jnrFpWR7J1VMgnGY2j-5IDVaUsF9iBuVLWk7IJFxHBuCubql5z3X7p5LHK3IPCzKNMliLpsE45DznEEbJyrVA7ylbzbdhVKot_kVJEjcpgb7H0pyBAjqoPexLyCIQqChG5M0BDcxtFmGWjbGo1eRuUzQFSK15VFzwtlyMDk-uJG78Tj4sE8D9s6LgAs4FyCIjJdzUuX2uJK1y_mte92ze6a5LioX2QQ7yKI8ql3Wfc3HZ5KkamLk9jKbh8nN2jlB9M-6u93pdWnKkknrTmac9bRcEin7WiiBzioNNnuGD5e3NE9vlQPQdOTg5PjXRfEVnc8sdBnL7KCe8ApBoMO13-QMHsD4j5Ru3rik231MJ51DMYdpJZZGZJ2QBFtYGX2SxOSFQ9r1aXRzaK_ROEkKZgyOxG6UIpv2ye-5hbLBIH8bN83frlov7dvpOOo95rJv8ndUiZJPbLSzVKJ-grVCvzG46LG4AfEfcPlYVBI_suAd-A10mLhidA_hmofz5cRl-xPXF20pC78pnt8u1DzfbQYzmvTY_mPkY9aC3ttJkxKBWaAtH0NQOz1ZDnhrsFmwkpL6qnwxNA-gfPAi7hWmpJ7D7iocIsLl-IzNKAkpbKif-gdIYxAuRF1g0w6dD6Y93srbB5O5IqFQySnAHuIb1spfwyTPEqK-KmCIH95nWRi_pJjrkPGnatMV3h-uSCaYf6mQR6FyWROPeAwHYaLFHRs_c0rpGOn2MKIIoBE29lJUFSEtWppljtVfRBGlQyjwGs248c85OxxvB-ExUO3Bm9qk89U-0yc_QS-8FMP2bxOg25WSGoCUqoKo2RrVw23DBvwgGQhyBbNcHQWfJDUd_nSU7slMYqKRiHybm3IFbo7JjuyEFdYuAY7dyPzVe7AnHGWw4ZFjkT-jRnP54cBvZi6Bn4IUiym9gfl15KGizJWFox4giG4XlrvNifDZc0UbQOsN22IiG84HqQU7iztNk3VxC_TSSUebOAUJGASra9NMmr0h2HOzhrOoLjNLQd7_s6oK8OHtiuAMzyrB4lOSiWP08iQ-nUDOpXnT3chNIwNyPlZj5lNDz8zJLAwBz7UaPLj0crF1Lnb6SXLd3OcTW6ctZoWNLwrQrF3OBeoPhi0PGpcgaUIgLBKppmfsd9OGYJvV7NEdBQwJO8YSh3cc0rtmuHatDwBtkMQYP7b2slR9lx6rD0VIeJtajC-6qZM6HFIJec7RTTNy1rjahpyr7vfdMAUt7RIqu4QGXLPBos-Vro7LHlj1QQdBrnWI3JwVvXVsq6r7SxO5f4JRDH3lMm4WGR1PCxJK9q9OmDNEJX1dAaHXFbXzE2_79UDs5lIP4ywIX57OG2x7HWhfcietNxGfuj3Er2Ewoc6tEXGp2ODNmmNBdweBHoNG8y71Rv8lUYxvh3viWj2aIKOu6ravDSEKFHkYNQnZzgQGsxQaD3U74qi9UtigjV8oH_zhShDFtY0mdcmYEn-ApvwgEpLuQMl2ryGs9CFWbQabLM_bb52sJBGCFkCKpeOE-asF12xEhTYe1Yk6TSR3p9glbTMj5L0l1wCp73uVRZPaUZv1ToL4edY4L0n2eOTB3rq6ispAAKDQn1EeptooR9QWKCkDYgMK0dZSZfqhcWnsl_8syPI9UjqRH8J3r_u3Jw0gO54NIVU0W022UV2xvCibwgPCJkoxmIE-UKyUj8y0yUKOljc8mxyVQDusjJ8B_R18WgvwqMW7VMxN5QVggOBtP8MYu1HR9LFZVJn401Pft-39x7OMYwOCFleDFJ0lRoi-uauZk9Q5GDF-i-krRM0BVPHIAKYdxpvmnRXIEOLk0UNmxp1UD4TLNxgjGOMdnjPbozgY3Gtk4gweKBtBfDQqECXhZKCV4mlbYvdAiylF7eGUWDyM0OIZOXy5g8i9PhCPo_YZL8_KrytQNyRNtUJtoartyq_HsZqiAqhePYbRyMIznYE5a3u9VyB7wNNlkpj5p_-IW4z0lvsCEYcQodh9ZijgI5tGuLYxq1dsOeO8-xrWDsJ9hklQzQHA2vP_etAIR5ExJQpmRri2IixvOzRPQhqxr1TzbqF0wc1jwnjYyBi-Fy4uuFD0ge_tR8WToaNkEP1hzttJUu5DaiwAvX9Ym_dYz8NA&cid=CAASUORoTsTM4iTBHuy07xhNPRGP_aApeuEiO4QaV8Zfq-OaZkYhPJcNv3xYrDDud_js2kDvEVkkvxGDTJmA8xwEJoDW2gELP9At20ttn4j_MBXu&rfl=1%2Chttps%253A%252F%252Fwww.wired.com%252Fstory%252Fpipedream-ics-malware%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:06:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9777
x-xss-protection
0
server
cafe
etag
12512753850102923420
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 03 May 2022 17:06:56 GMT
16524689138803467138
s0.2mdn.net/simgad/ Frame 9649 		211 KB
211 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/16524689138803467138
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dj1JhmSPRAjTvNBjjXJR9bPVS9zQjDz9dSO_eNG-XN2MFZsiRA60MEnbTi5y-IpwZBrgrvKm73KmrkcRCs8ZGEg1a-MamkRAlxnbeCWkt-qNqWvgQ3SnSr_KvGrmz5sZtBGkNpIk0noWwcSZ1D7LJivPkjOg&dbm_d=AKAmf-ADaHd6KYXhuKdgI03gyNRDZRIKTazJtbnnfJK2gQ-c4Qgjvz7MjHlfNLsHoZtlFUVoith4zhxAuFyY0cXfWNyvSSu-YCkcocQ3slfWdI7mlQ7NnwDbM_IW67nxdZUfgL3d-bQR4IqDLY1OYvTpCNV8KgMIcn2ygsAyuanpO2v0J1Og8qk0YDvBZnCwHJ7UHsoxCQv2yyiduQ5zlCuNYiRK_Gw2acYjxAHDWdvUCcl1NLJibpg3KdzCNOgqT0YZ0evJPYTROJx__twFYsqP75P7dcreHXYs7W0mqpwJJRWS8Keodg0pBC37vw-OiUxJkvwems_NKY8VkPZIEysoXD0lpUfx1j1aLlQZR5_jMFMCX0TvGS6gBobTav_iJrKbbgu-vSZ8UL-7ic54hoYbiaTL-DCZXtAN2KhEIGj1Zm81uPLD20NmaQVb52dUNzeGHPsqJPp_3sVovlIv19IQLMfhocpz8wdmW9IiOJNpSctkiRblsXYZdsDZXVjbWY7tRlHuExokUROOULRZPK7qItJI0zcJK9VabBbr2aj2Xyczfzwre_pBN3RfZz7xvIDTnUcssPDgsngI0XX7cnw5cvZTAngL-FujIoZLtSlA6HfPknUK5UUp7XsUUDPNTMpYa1kwKLXFsR-gf0txrUZ5Mu3OeRB3PJKtSzP6_urRQmnyVfx3zaf5ydq8pIO7s9H_RC1Ar8MUHZArhEvmneWMJJ1lBDoXzu_-G3VJRIgaiCjKKbqTgN6B3aXqZT2VG8r3uBX4uiWFrTATZcCFoZGcvM94Q9uXrfFymdn9oCDVRd9Ia5abXM4j4EDMSGtOHYaZIMy0kJRCt-uf6sS6J-EEmCiFS_ZyKYHA7xx8P_IJ-c43vOYnDsqsoH-TnGobybBb4WB5_T8Z5l3qbdKnkHonU7aUI3Vt5bz1nU2bQPogPddHH4rD-fQKZgDXlJ0iYOGFePV_2yx3tEw7agde7rEC1N1g7mm2bgWopZmSVBlsOZpHpD3r2qO3CItymDt_9gM_ZlfKmWkEARuOmWIaLMB3AxcnFUKo_Mx1VhXmaF9W-uuiHa7Eksn4MtAD5iAesEiQflqquaAPh9KZIp9DBYpar2cxDMPvRpXXsDtM4PbQlcN2vfv1qi6ID-fJJiun30VP0g76jJ6x6D32oZdl3BGiKQZjMut50DmL60q7TfCV51IGhKSXsG2JP6sRfOwvfPybit0Ro1GvZuBbCXMZD33zZdVeFGemXYdcuh924iYFUYSxlQoQz6Z1NUeHkqq1LTywjdfhn8PI7JCO8jnUj_dnR_INe2-otWK-aSid29EdJNrvWhusPX_EUTbACQ-VosC5GHm5d0jnrFpWR7J1VMgnGY2j-5IDVaUsF9iBuVLWk7IJFxHBuCubql5z3X7p5LHK3IPCzKNMliLpsE45DznEEbJyrVA7ylbzbdhVKot_kVJEjcpgb7H0pyBAjqoPexLyCIQqChG5M0BDcxtFmGWjbGo1eRuUzQFSK15VFzwtlyMDk-uJG78Tj4sE8D9s6LgAs4FyCIjJdzUuX2uJK1y_mte92ze6a5LioX2QQ7yKI8ql3Wfc3HZ5KkamLk9jKbh8nN2jlB9M-6u93pdWnKkknrTmac9bRcEin7WiiBzioNNnuGD5e3NE9vlQPQdOTg5PjXRfEVnc8sdBnL7KCe8ApBoMO13-QMHsD4j5Ru3rik231MJ51DMYdpJZZGZJ2QBFtYGX2SxOSFQ9r1aXRzaK_ROEkKZgyOxG6UIpv2ye-5hbLBIH8bN83frlov7dvpOOo95rJv8ndUiZJPbLSzVKJ-grVCvzG46LG4AfEfcPlYVBI_suAd-A10mLhidA_hmofz5cRl-xPXF20pC78pnt8u1DzfbQYzmvTY_mPkY9aC3ttJkxKBWaAtH0NQOz1ZDnhrsFmwkpL6qnwxNA-gfPAi7hWmpJ7D7iocIsLl-IzNKAkpbKif-gdIYxAuRF1g0w6dD6Y93srbB5O5IqFQySnAHuIb1spfwyTPEqK-KmCIH95nWRi_pJjrkPGnatMV3h-uSCaYf6mQR6FyWROPeAwHYaLFHRs_c0rpGOn2MKIIoBE29lJUFSEtWppljtVfRBGlQyjwGs248c85OxxvB-ExUO3Bm9qk89U-0yc_QS-8FMP2bxOg25WSGoCUqoKo2RrVw23DBvwgGQhyBbNcHQWfJDUd_nSU7slMYqKRiHybm3IFbo7JjuyEFdYuAY7dyPzVe7AnHGWw4ZFjkT-jRnP54cBvZi6Bn4IUiym9gfl15KGizJWFox4giG4XlrvNifDZc0UbQOsN22IiG84HqQU7iztNk3VxC_TSSUebOAUJGASra9NMmr0h2HOzhrOoLjNLQd7_s6oK8OHtiuAMzyrB4lOSiWP08iQ-nUDOpXnT3chNIwNyPlZj5lNDz8zJLAwBz7UaPLj0crF1Lnb6SXLd3OcTW6ctZoWNLwrQrF3OBeoPhi0PGpcgaUIgLBKppmfsd9OGYJvV7NEdBQwJO8YSh3cc0rtmuHatDwBtkMQYP7b2slR9lx6rD0VIeJtajC-6qZM6HFIJec7RTTNy1rjahpyr7vfdMAUt7RIqu4QGXLPBos-Vro7LHlj1QQdBrnWI3JwVvXVsq6r7SxO5f4JRDH3lMm4WGR1PCxJK9q9OmDNEJX1dAaHXFbXzE2_79UDs5lIP4ywIX57OG2x7HWhfcietNxGfuj3Er2Ewoc6tEXGp2ODNmmNBdweBHoNG8y71Rv8lUYxvh3viWj2aIKOu6ravDSEKFHkYNQnZzgQGsxQaD3U74qi9UtigjV8oH_zhShDFtY0mdcmYEn-ApvwgEpLuQMl2ryGs9CFWbQabLM_bb52sJBGCFkCKpeOE-asF12xEhTYe1Yk6TSR3p9glbTMj5L0l1wCp73uVRZPaUZv1ToL4edY4L0n2eOTB3rq6ispAAKDQn1EeptooR9QWKCkDYgMK0dZSZfqhcWnsl_8syPI9UjqRH8J3r_u3Jw0gO54NIVU0W022UV2xvCibwgPCJkoxmIE-UKyUj8y0yUKOljc8mxyVQDusjJ8B_R18WgvwqMW7VMxN5QVggOBtP8MYu1HR9LFZVJn401Pft-39x7OMYwOCFleDFJ0lRoi-uauZk9Q5GDF-i-krRM0BVPHIAKYdxpvmnRXIEOLk0UNmxp1UD4TLNxgjGOMdnjPbozgY3Gtk4gweKBtBfDQqECXhZKCV4mlbYvdAiylF7eGUWDyM0OIZOXy5g8i9PhCPo_YZL8_KrytQNyRNtUJtoartyq_HsZqiAqhePYbRyMIznYE5a3u9VyB7wNNlkpj5p_-IW4z0lvsCEYcQodh9ZijgI5tGuLYxq1dsOeO8-xrWDsJ9hklQzQHA2vP_etAIR5ExJQpmRri2IixvOzRPQhqxr1TzbqF0wc1jwnjYyBi-Fy4uuFD0ge_tR8WToaNkEP1hzttJUu5DaiwAvX9Ym_dYz8NA&cid=CAASUORoTsTM4iTBHuy07xhNPRGP_aApeuEiO4QaV8Zfq-OaZkYhPJcNv3xYrDDud_js2kDvEVkkvxGDTJmA8xwEJoDW2gELP9At20ttn4j_MBXu&rfl=1%2Chttps%253A%252F%252Fwww.wired.com%252Fstory%252Fpipedream-ics-malware%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:824::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
013c97245f47c8cbc7adcd6faa3febeb649d6b85971639c0cc2292f4cb7d50a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 08:04:07 GMT
x-content-type-options
nosniff
age
378250
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
216226
x-xss-protection
0
last-modified
Fri, 01 Apr 2022 02:50:01 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 15 Apr 2023 08:04:07 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/ Frame 9649 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dj1JhmSPRAjTvNBjjXJR9bPVS9zQjDz9dSO_eNG-XN2MFZsiRA60MEnbTi5y-IpwZBrgrvKm73KmrkcRCs8ZGEg1a-MamkRAlxnbeCWkt-qNqWvgQ3SnSr_KvGrmz5sZtBGkNpIk0noWwcSZ1D7LJivPkjOg&dbm_d=AKAmf-ADaHd6KYXhuKdgI03gyNRDZRIKTazJtbnnfJK2gQ-c4Qgjvz7MjHlfNLsHoZtlFUVoith4zhxAuFyY0cXfWNyvSSu-YCkcocQ3slfWdI7mlQ7NnwDbM_IW67nxdZUfgL3d-bQR4IqDLY1OYvTpCNV8KgMIcn2ygsAyuanpO2v0J1Og8qk0YDvBZnCwHJ7UHsoxCQv2yyiduQ5zlCuNYiRK_Gw2acYjxAHDWdvUCcl1NLJibpg3KdzCNOgqT0YZ0evJPYTROJx__twFYsqP75P7dcreHXYs7W0mqpwJJRWS8Keodg0pBC37vw-OiUxJkvwems_NKY8VkPZIEysoXD0lpUfx1j1aLlQZR5_jMFMCX0TvGS6gBobTav_iJrKbbgu-vSZ8UL-7ic54hoYbiaTL-DCZXtAN2KhEIGj1Zm81uPLD20NmaQVb52dUNzeGHPsqJPp_3sVovlIv19IQLMfhocpz8wdmW9IiOJNpSctkiRblsXYZdsDZXVjbWY7tRlHuExokUROOULRZPK7qItJI0zcJK9VabBbr2aj2Xyczfzwre_pBN3RfZz7xvIDTnUcssPDgsngI0XX7cnw5cvZTAngL-FujIoZLtSlA6HfPknUK5UUp7XsUUDPNTMpYa1kwKLXFsR-gf0txrUZ5Mu3OeRB3PJKtSzP6_urRQmnyVfx3zaf5ydq8pIO7s9H_RC1Ar8MUHZArhEvmneWMJJ1lBDoXzu_-G3VJRIgaiCjKKbqTgN6B3aXqZT2VG8r3uBX4uiWFrTATZcCFoZGcvM94Q9uXrfFymdn9oCDVRd9Ia5abXM4j4EDMSGtOHYaZIMy0kJRCt-uf6sS6J-EEmCiFS_ZyKYHA7xx8P_IJ-c43vOYnDsqsoH-TnGobybBb4WB5_T8Z5l3qbdKnkHonU7aUI3Vt5bz1nU2bQPogPddHH4rD-fQKZgDXlJ0iYOGFePV_2yx3tEw7agde7rEC1N1g7mm2bgWopZmSVBlsOZpHpD3r2qO3CItymDt_9gM_ZlfKmWkEARuOmWIaLMB3AxcnFUKo_Mx1VhXmaF9W-uuiHa7Eksn4MtAD5iAesEiQflqquaAPh9KZIp9DBYpar2cxDMPvRpXXsDtM4PbQlcN2vfv1qi6ID-fJJiun30VP0g76jJ6x6D32oZdl3BGiKQZjMut50DmL60q7TfCV51IGhKSXsG2JP6sRfOwvfPybit0Ro1GvZuBbCXMZD33zZdVeFGemXYdcuh924iYFUYSxlQoQz6Z1NUeHkqq1LTywjdfhn8PI7JCO8jnUj_dnR_INe2-otWK-aSid29EdJNrvWhusPX_EUTbACQ-VosC5GHm5d0jnrFpWR7J1VMgnGY2j-5IDVaUsF9iBuVLWk7IJFxHBuCubql5z3X7p5LHK3IPCzKNMliLpsE45DznEEbJyrVA7ylbzbdhVKot_kVJEjcpgb7H0pyBAjqoPexLyCIQqChG5M0BDcxtFmGWjbGo1eRuUzQFSK15VFzwtlyMDk-uJG78Tj4sE8D9s6LgAs4FyCIjJdzUuX2uJK1y_mte92ze6a5LioX2QQ7yKI8ql3Wfc3HZ5KkamLk9jKbh8nN2jlB9M-6u93pdWnKkknrTmac9bRcEin7WiiBzioNNnuGD5e3NE9vlQPQdOTg5PjXRfEVnc8sdBnL7KCe8ApBoMO13-QMHsD4j5Ru3rik231MJ51DMYdpJZZGZJ2QBFtYGX2SxOSFQ9r1aXRzaK_ROEkKZgyOxG6UIpv2ye-5hbLBIH8bN83frlov7dvpOOo95rJv8ndUiZJPbLSzVKJ-grVCvzG46LG4AfEfcPlYVBI_suAd-A10mLhidA_hmofz5cRl-xPXF20pC78pnt8u1DzfbQYzmvTY_mPkY9aC3ttJkxKBWaAtH0NQOz1ZDnhrsFmwkpL6qnwxNA-gfPAi7hWmpJ7D7iocIsLl-IzNKAkpbKif-gdIYxAuRF1g0w6dD6Y93srbB5O5IqFQySnAHuIb1spfwyTPEqK-KmCIH95nWRi_pJjrkPGnatMV3h-uSCaYf6mQR6FyWROPeAwHYaLFHRs_c0rpGOn2MKIIoBE29lJUFSEtWppljtVfRBGlQyjwGs248c85OxxvB-ExUO3Bm9qk89U-0yc_QS-8FMP2bxOg25WSGoCUqoKo2RrVw23DBvwgGQhyBbNcHQWfJDUd_nSU7slMYqKRiHybm3IFbo7JjuyEFdYuAY7dyPzVe7AnHGWw4ZFjkT-jRnP54cBvZi6Bn4IUiym9gfl15KGizJWFox4giG4XlrvNifDZc0UbQOsN22IiG84HqQU7iztNk3VxC_TSSUebOAUJGASra9NMmr0h2HOzhrOoLjNLQd7_s6oK8OHtiuAMzyrB4lOSiWP08iQ-nUDOpXnT3chNIwNyPlZj5lNDz8zJLAwBz7UaPLj0crF1Lnb6SXLd3OcTW6ctZoWNLwrQrF3OBeoPhi0PGpcgaUIgLBKppmfsd9OGYJvV7NEdBQwJO8YSh3cc0rtmuHatDwBtkMQYP7b2slR9lx6rD0VIeJtajC-6qZM6HFIJec7RTTNy1rjahpyr7vfdMAUt7RIqu4QGXLPBos-Vro7LHlj1QQdBrnWI3JwVvXVsq6r7SxO5f4JRDH3lMm4WGR1PCxJK9q9OmDNEJX1dAaHXFbXzE2_79UDs5lIP4ywIX57OG2x7HWhfcietNxGfuj3Er2Ewoc6tEXGp2ODNmmNBdweBHoNG8y71Rv8lUYxvh3viWj2aIKOu6ravDSEKFHkYNQnZzgQGsxQaD3U74qi9UtigjV8oH_zhShDFtY0mdcmYEn-ApvwgEpLuQMl2ryGs9CFWbQabLM_bb52sJBGCFkCKpeOE-asF12xEhTYe1Yk6TSR3p9glbTMj5L0l1wCp73uVRZPaUZv1ToL4edY4L0n2eOTB3rq6ispAAKDQn1EeptooR9QWKCkDYgMK0dZSZfqhcWnsl_8syPI9UjqRH8J3r_u3Jw0gO54NIVU0W022UV2xvCibwgPCJkoxmIE-UKyUj8y0yUKOljc8mxyVQDusjJ8B_R18WgvwqMW7VMxN5QVggOBtP8MYu1HR9LFZVJn401Pft-39x7OMYwOCFleDFJ0lRoi-uauZk9Q5GDF-i-krRM0BVPHIAKYdxpvmnRXIEOLk0UNmxp1UD4TLNxgjGOMdnjPbozgY3Gtk4gweKBtBfDQqECXhZKCV4mlbYvdAiylF7eGUWDyM0OIZOXy5g8i9PhCPo_YZL8_KrytQNyRNtUJtoartyq_HsZqiAqhePYbRyMIznYE5a3u9VyB7wNNlkpj5p_-IW4z0lvsCEYcQodh9ZijgI5tGuLYxq1dsOeO8-xrWDsJ9hklQzQHA2vP_etAIR5ExJQpmRri2IixvOzRPQhqxr1TzbqF0wc1jwnjYyBi-Fy4uuFD0ge_tR8WToaNkEP1hzttJUu5DaiwAvX9Ym_dYz8NA&cid=CAASUORoTsTM4iTBHuy07xhNPRGP_aApeuEiO4QaV8Zfq-OaZkYhPJcNv3xYrDDud_js2kDvEVkkvxGDTJmA8xwEJoDW2gELP9At20ttn4j_MBXu&rfl=1%2Chttps%253A%252F%252Fwww.wired.com%252Fstory%252Fpipedream-ics-malware%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:03:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
317
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 03 May 2022 17:03:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 9649 		0
27 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvQ27mEJZVobk0ZLqaVv8hkyxuPq7qqojk5TR44OnAIOtkepYOlmBomoT_3ACD1KCT73cuL98odLqa1c_3Yg1SUiZ6-6rYVslhePCouq_VWjueDPN7-8O8uCIcwxAvfqw9XTMk58K7yynvn2y3RaSfbU9e2oWMBnftvKETMdF1qXjPKs2ywsy8zkQhBtQrEYcnTm5Z07OEjNGHAZ0WfPcSqlcb98A-uf6dDaxfoJjBJ_nQb62Z-c3AZ4BFMlVFhAwT_fT_hXq05osx6qzFQ0ZtnadijtXLS6ErskN8EJdo12kxPCak9ecf5VKWN432XFLO1XdZ5eA100xgPPfBbsLVIjrOkCFsD9qW9R3_Sz73PQ9cExy0CE6DfOLxUdOIG4NzjQd7ACOoCd0UpW_H-Taedi7I7Nbn_RmOrYKKmkuIe0g1LqutRDHjwpe4AWgICpY4jmL4O9gE167ME77yVOhp2tQPpPmsgtWmC3Zs584QyIUx8p_Wh0Jdrw3Y67GUbesHsph9SnebxkX_8lKwRJlIKnt2tqBy9ngPrkfikxUE4OLe15pBFFRTz6PZkudXXGRPEr5lDlmkbPdC__s4jatXmjZJxVcoL9c23OloL9GlmfycIzBFi8QdrY6YR7rW1xlT2gz41DB6hdN6iaeMnpUmbOIkW5TVzM8CBq8l6x1eCUVzd1Dot4dYJbwN_UpMuvnOX4mOM5-07zHXzGtIXocj-PsRbjv7rLQPbuxmFf0qumusQYDZ5P8gQH5r00fM2KdIx9uekoqHYCV7EgWykFwqkD95wTetQ8fWhVWH0B2nYFEJhdmIKJkKOXcab1dLTBMZ2r2uem71Yc63MAilorb_xLJVETiGuoXa9AVqSJoAyXTTcZhdjflSimtrSiZpR78VqC7QCd_im167oM7W66_BM2AKoIptHDjkt7At-iZEeiW5tQkQN4Odqyy4JgNtKxE_qFECkCnMKuQrHu_Gn1oea8_dEcbcjnOmo-bO4ppWGdENH32BirJ3Zolbb_QRxFJ_-4d8U8JI3o3LaZbp_IbdIr9_47LecQGPbkgsMqyZPxuFD3rGs-EUOb1FFEclb_1nKALf6XI834LuU3XvkhwMrPpPfyYBM9vPUjAVW27q2n8zODnhqUwq2ndg6OLVAFQxY7FaIK4y7thx4kUkJFj0mXk7IUM6XIVtlS95kQ51swwUi9zlekaVKADyiiDKgeXO3R3cXw2FQglI-_uaM6r1gv9E9lw&sai=AMfl-YTZyH3mL0zG_QGU8ry9zWDYOfQsF4OpIDrj7BYNc7rAFk8z5EL9rmUbTh7_-e9CVp39YVkbHo1Z1sU5iOtuNjcwzwnFX3mac1m6833Tikd1CmWp3kYhdbUToWO8WynL06pimhtKBfXGfS_Zw7j6BDgW8XeoB6h_I75Sl-XxpocGvmB_hiezhKtW09R9m3SE-tH0TqS7lX96WOgonIm9-yPkljIx7FA_6sqVJgwwBT9W6-sGqOsQdW9KatIKIS9l_uQ0J9wIaZjkKoU2zeVa9Sx7bYd5Kn-yTEud&sig=Cg0ArKJSzPPiiIJ-Tt_TEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20220413.81784&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dj1JhmSPRAjTvNBjjXJR9bPVS9zQjDz9dSO_eNG-XN2MFZsiRA60MEnbTi5y-IpwZBrgrvKm73KmrkcRCs8ZGEg1a-MamkRAlxnbeCWkt-qNqWvgQ3SnSr_KvGrmz5sZtBGkNpIk0noWwcSZ1D7LJivPkjOg&dbm_d=AKAmf-ADaHd6KYXhuKdgI03gyNRDZRIKTazJtbnnfJK2gQ-c4Qgjvz7MjHlfNLsHoZtlFUVoith4zhxAuFyY0cXfWNyvSSu-YCkcocQ3slfWdI7mlQ7NnwDbM_IW67nxdZUfgL3d-bQR4IqDLY1OYvTpCNV8KgMIcn2ygsAyuanpO2v0J1Og8qk0YDvBZnCwHJ7UHsoxCQv2yyiduQ5zlCuNYiRK_Gw2acYjxAHDWdvUCcl1NLJibpg3KdzCNOgqT0YZ0evJPYTROJx__twFYsqP75P7dcreHXYs7W0mqpwJJRWS8Keodg0pBC37vw-OiUxJkvwems_NKY8VkPZIEysoXD0lpUfx1j1aLlQZR5_jMFMCX0TvGS6gBobTav_iJrKbbgu-vSZ8UL-7ic54hoYbiaTL-DCZXtAN2KhEIGj1Zm81uPLD20NmaQVb52dUNzeGHPsqJPp_3sVovlIv19IQLMfhocpz8wdmW9IiOJNpSctkiRblsXYZdsDZXVjbWY7tRlHuExokUROOULRZPK7qItJI0zcJK9VabBbr2aj2Xyczfzwre_pBN3RfZz7xvIDTnUcssPDgsngI0XX7cnw5cvZTAngL-FujIoZLtSlA6HfPknUK5UUp7XsUUDPNTMpYa1kwKLXFsR-gf0txrUZ5Mu3OeRB3PJKtSzP6_urRQmnyVfx3zaf5ydq8pIO7s9H_RC1Ar8MUHZArhEvmneWMJJ1lBDoXzu_-G3VJRIgaiCjKKbqTgN6B3aXqZT2VG8r3uBX4uiWFrTATZcCFoZGcvM94Q9uXrfFymdn9oCDVRd9Ia5abXM4j4EDMSGtOHYaZIMy0kJRCt-uf6sS6J-EEmCiFS_ZyKYHA7xx8P_IJ-c43vOYnDsqsoH-TnGobybBb4WB5_T8Z5l3qbdKnkHonU7aUI3Vt5bz1nU2bQPogPddHH4rD-fQKZgDXlJ0iYOGFePV_2yx3tEw7agde7rEC1N1g7mm2bgWopZmSVBlsOZpHpD3r2qO3CItymDt_9gM_ZlfKmWkEARuOmWIaLMB3AxcnFUKo_Mx1VhXmaF9W-uuiHa7Eksn4MtAD5iAesEiQflqquaAPh9KZIp9DBYpar2cxDMPvRpXXsDtM4PbQlcN2vfv1qi6ID-fJJiun30VP0g76jJ6x6D32oZdl3BGiKQZjMut50DmL60q7TfCV51IGhKSXsG2JP6sRfOwvfPybit0Ro1GvZuBbCXMZD33zZdVeFGemXYdcuh924iYFUYSxlQoQz6Z1NUeHkqq1LTywjdfhn8PI7JCO8jnUj_dnR_INe2-otWK-aSid29EdJNrvWhusPX_EUTbACQ-VosC5GHm5d0jnrFpWR7J1VMgnGY2j-5IDVaUsF9iBuVLWk7IJFxHBuCubql5z3X7p5LHK3IPCzKNMliLpsE45DznEEbJyrVA7ylbzbdhVKot_kVJEjcpgb7H0pyBAjqoPexLyCIQqChG5M0BDcxtFmGWjbGo1eRuUzQFSK15VFzwtlyMDk-uJG78Tj4sE8D9s6LgAs4FyCIjJdzUuX2uJK1y_mte92ze6a5LioX2QQ7yKI8ql3Wfc3HZ5KkamLk9jKbh8nN2jlB9M-6u93pdWnKkknrTmac9bRcEin7WiiBzioNNnuGD5e3NE9vlQPQdOTg5PjXRfEVnc8sdBnL7KCe8ApBoMO13-QMHsD4j5Ru3rik231MJ51DMYdpJZZGZJ2QBFtYGX2SxOSFQ9r1aXRzaK_ROEkKZgyOxG6UIpv2ye-5hbLBIH8bN83frlov7dvpOOo95rJv8ndUiZJPbLSzVKJ-grVCvzG46LG4AfEfcPlYVBI_suAd-A10mLhidA_hmofz5cRl-xPXF20pC78pnt8u1DzfbQYzmvTY_mPkY9aC3ttJkxKBWaAtH0NQOz1ZDnhrsFmwkpL6qnwxNA-gfPAi7hWmpJ7D7iocIsLl-IzNKAkpbKif-gdIYxAuRF1g0w6dD6Y93srbB5O5IqFQySnAHuIb1spfwyTPEqK-KmCIH95nWRi_pJjrkPGnatMV3h-uSCaYf6mQR6FyWROPeAwHYaLFHRs_c0rpGOn2MKIIoBE29lJUFSEtWppljtVfRBGlQyjwGs248c85OxxvB-ExUO3Bm9qk89U-0yc_QS-8FMP2bxOg25WSGoCUqoKo2RrVw23DBvwgGQhyBbNcHQWfJDUd_nSU7slMYqKRiHybm3IFbo7JjuyEFdYuAY7dyPzVe7AnHGWw4ZFjkT-jRnP54cBvZi6Bn4IUiym9gfl15KGizJWFox4giG4XlrvNifDZc0UbQOsN22IiG84HqQU7iztNk3VxC_TSSUebOAUJGASra9NMmr0h2HOzhrOoLjNLQd7_s6oK8OHtiuAMzyrB4lOSiWP08iQ-nUDOpXnT3chNIwNyPlZj5lNDz8zJLAwBz7UaPLj0crF1Lnb6SXLd3OcTW6ctZoWNLwrQrF3OBeoPhi0PGpcgaUIgLBKppmfsd9OGYJvV7NEdBQwJO8YSh3cc0rtmuHatDwBtkMQYP7b2slR9lx6rD0VIeJtajC-6qZM6HFIJec7RTTNy1rjahpyr7vfdMAUt7RIqu4QGXLPBos-Vro7LHlj1QQdBrnWI3JwVvXVsq6r7SxO5f4JRDH3lMm4WGR1PCxJK9q9OmDNEJX1dAaHXFbXzE2_79UDs5lIP4ywIX57OG2x7HWhfcietNxGfuj3Er2Ewoc6tEXGp2ODNmmNBdweBHoNG8y71Rv8lUYxvh3viWj2aIKOu6ravDSEKFHkYNQnZzgQGsxQaD3U74qi9UtigjV8oH_zhShDFtY0mdcmYEn-ApvwgEpLuQMl2ryGs9CFWbQabLM_bb52sJBGCFkCKpeOE-asF12xEhTYe1Yk6TSR3p9glbTMj5L0l1wCp73uVRZPaUZv1ToL4edY4L0n2eOTB3rq6ispAAKDQn1EeptooR9QWKCkDYgMK0dZSZfqhcWnsl_8syPI9UjqRH8J3r_u3Jw0gO54NIVU0W022UV2xvCibwgPCJkoxmIE-UKyUj8y0yUKOljc8mxyVQDusjJ8B_R18WgvwqMW7VMxN5QVggOBtP8MYu1HR9LFZVJn401Pft-39x7OMYwOCFleDFJ0lRoi-uauZk9Q5GDF-i-krRM0BVPHIAKYdxpvmnRXIEOLk0UNmxp1UD4TLNxgjGOMdnjPbozgY3Gtk4gweKBtBfDQqECXhZKCV4mlbYvdAiylF7eGUWDyM0OIZOXy5g8i9PhCPo_YZL8_KrytQNyRNtUJtoartyq_HsZqiAqhePYbRyMIznYE5a3u9VyB7wNNlkpj5p_-IW4z0lvsCEYcQodh9ZijgI5tGuLYxq1dsOeO8-xrWDsJ9hklQzQHA2vP_etAIR5ExJQpmRri2IixvOzRPQhqxr1TzbqF0wc1jwnjYyBi-Fy4uuFD0ge_tR8WToaNkEP1hzttJUu5DaiwAvX9Ym_dYz8NA&cid=CAASUORoTsTM4iTBHuy07xhNPRGP_aApeuEiO4QaV8Zfq-OaZkYhPJcNv3xYrDDud_js2kDvEVkkvxGDTJmA8xwEJoDW2gELP9At20ttn4j_MBXu&rfl=1%2Chttps%253A%252F%252Fwww.wired.com%252Fstory%252Fpipedream-ics-malware%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Tue, 19 Apr 2022 17:08:17 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 9649 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dj1JhmSPRAjTvNBjjXJR9bPVS9zQjDz9dSO_eNG-XN2MFZsiRA60MEnbTi5y-IpwZBrgrvKm73KmrkcRCs8ZGEg1a-MamkRAlxnbeCWkt-qNqWvgQ3SnSr_KvGrmz5sZtBGkNpIk0noWwcSZ1D7LJivPkjOg&dbm_d=AKAmf-ADaHd6KYXhuKdgI03gyNRDZRIKTazJtbnnfJK2gQ-c4Qgjvz7MjHlfNLsHoZtlFUVoith4zhxAuFyY0cXfWNyvSSu-YCkcocQ3slfWdI7mlQ7NnwDbM_IW67nxdZUfgL3d-bQR4IqDLY1OYvTpCNV8KgMIcn2ygsAyuanpO2v0J1Og8qk0YDvBZnCwHJ7UHsoxCQv2yyiduQ5zlCuNYiRK_Gw2acYjxAHDWdvUCcl1NLJibpg3KdzCNOgqT0YZ0evJPYTROJx__twFYsqP75P7dcreHXYs7W0mqpwJJRWS8Keodg0pBC37vw-OiUxJkvwems_NKY8VkPZIEysoXD0lpUfx1j1aLlQZR5_jMFMCX0TvGS6gBobTav_iJrKbbgu-vSZ8UL-7ic54hoYbiaTL-DCZXtAN2KhEIGj1Zm81uPLD20NmaQVb52dUNzeGHPsqJPp_3sVovlIv19IQLMfhocpz8wdmW9IiOJNpSctkiRblsXYZdsDZXVjbWY7tRlHuExokUROOULRZPK7qItJI0zcJK9VabBbr2aj2Xyczfzwre_pBN3RfZz7xvIDTnUcssPDgsngI0XX7cnw5cvZTAngL-FujIoZLtSlA6HfPknUK5UUp7XsUUDPNTMpYa1kwKLXFsR-gf0txrUZ5Mu3OeRB3PJKtSzP6_urRQmnyVfx3zaf5ydq8pIO7s9H_RC1Ar8MUHZArhEvmneWMJJ1lBDoXzu_-G3VJRIgaiCjKKbqTgN6B3aXqZT2VG8r3uBX4uiWFrTATZcCFoZGcvM94Q9uXrfFymdn9oCDVRd9Ia5abXM4j4EDMSGtOHYaZIMy0kJRCt-uf6sS6J-EEmCiFS_ZyKYHA7xx8P_IJ-c43vOYnDsqsoH-TnGobybBb4WB5_T8Z5l3qbdKnkHonU7aUI3Vt5bz1nU2bQPogPddHH4rD-fQKZgDXlJ0iYOGFePV_2yx3tEw7agde7rEC1N1g7mm2bgWopZmSVBlsOZpHpD3r2qO3CItymDt_9gM_ZlfKmWkEARuOmWIaLMB3AxcnFUKo_Mx1VhXmaF9W-uuiHa7Eksn4MtAD5iAesEiQflqquaAPh9KZIp9DBYpar2cxDMPvRpXXsDtM4PbQlcN2vfv1qi6ID-fJJiun30VP0g76jJ6x6D32oZdl3BGiKQZjMut50DmL60q7TfCV51IGhKSXsG2JP6sRfOwvfPybit0Ro1GvZuBbCXMZD33zZdVeFGemXYdcuh924iYFUYSxlQoQz6Z1NUeHkqq1LTywjdfhn8PI7JCO8jnUj_dnR_INe2-otWK-aSid29EdJNrvWhusPX_EUTbACQ-VosC5GHm5d0jnrFpWR7J1VMgnGY2j-5IDVaUsF9iBuVLWk7IJFxHBuCubql5z3X7p5LHK3IPCzKNMliLpsE45DznEEbJyrVA7ylbzbdhVKot_kVJEjcpgb7H0pyBAjqoPexLyCIQqChG5M0BDcxtFmGWjbGo1eRuUzQFSK15VFzwtlyMDk-uJG78Tj4sE8D9s6LgAs4FyCIjJdzUuX2uJK1y_mte92ze6a5LioX2QQ7yKI8ql3Wfc3HZ5KkamLk9jKbh8nN2jlB9M-6u93pdWnKkknrTmac9bRcEin7WiiBzioNNnuGD5e3NE9vlQPQdOTg5PjXRfEVnc8sdBnL7KCe8ApBoMO13-QMHsD4j5Ru3rik231MJ51DMYdpJZZGZJ2QBFtYGX2SxOSFQ9r1aXRzaK_ROEkKZgyOxG6UIpv2ye-5hbLBIH8bN83frlov7dvpOOo95rJv8ndUiZJPbLSzVKJ-grVCvzG46LG4AfEfcPlYVBI_suAd-A10mLhidA_hmofz5cRl-xPXF20pC78pnt8u1DzfbQYzmvTY_mPkY9aC3ttJkxKBWaAtH0NQOz1ZDnhrsFmwkpL6qnwxNA-gfPAi7hWmpJ7D7iocIsLl-IzNKAkpbKif-gdIYxAuRF1g0w6dD6Y93srbB5O5IqFQySnAHuIb1spfwyTPEqK-KmCIH95nWRi_pJjrkPGnatMV3h-uSCaYf6mQR6FyWROPeAwHYaLFHRs_c0rpGOn2MKIIoBE29lJUFSEtWppljtVfRBGlQyjwGs248c85OxxvB-ExUO3Bm9qk89U-0yc_QS-8FMP2bxOg25WSGoCUqoKo2RrVw23DBvwgGQhyBbNcHQWfJDUd_nSU7slMYqKRiHybm3IFbo7JjuyEFdYuAY7dyPzVe7AnHGWw4ZFjkT-jRnP54cBvZi6Bn4IUiym9gfl15KGizJWFox4giG4XlrvNifDZc0UbQOsN22IiG84HqQU7iztNk3VxC_TSSUebOAUJGASra9NMmr0h2HOzhrOoLjNLQd7_s6oK8OHtiuAMzyrB4lOSiWP08iQ-nUDOpXnT3chNIwNyPlZj5lNDz8zJLAwBz7UaPLj0crF1Lnb6SXLd3OcTW6ctZoWNLwrQrF3OBeoPhi0PGpcgaUIgLBKppmfsd9OGYJvV7NEdBQwJO8YSh3cc0rtmuHatDwBtkMQYP7b2slR9lx6rD0VIeJtajC-6qZM6HFIJec7RTTNy1rjahpyr7vfdMAUt7RIqu4QGXLPBos-Vro7LHlj1QQdBrnWI3JwVvXVsq6r7SxO5f4JRDH3lMm4WGR1PCxJK9q9OmDNEJX1dAaHXFbXzE2_79UDs5lIP4ywIX57OG2x7HWhfcietNxGfuj3Er2Ewoc6tEXGp2ODNmmNBdweBHoNG8y71Rv8lUYxvh3viWj2aIKOu6ravDSEKFHkYNQnZzgQGsxQaD3U74qi9UtigjV8oH_zhShDFtY0mdcmYEn-ApvwgEpLuQMl2ryGs9CFWbQabLM_bb52sJBGCFkCKpeOE-asF12xEhTYe1Yk6TSR3p9glbTMj5L0l1wCp73uVRZPaUZv1ToL4edY4L0n2eOTB3rq6ispAAKDQn1EeptooR9QWKCkDYgMK0dZSZfqhcWnsl_8syPI9UjqRH8J3r_u3Jw0gO54NIVU0W022UV2xvCibwgPCJkoxmIE-UKyUj8y0yUKOljc8mxyVQDusjJ8B_R18WgvwqMW7VMxN5QVggOBtP8MYu1HR9LFZVJn401Pft-39x7OMYwOCFleDFJ0lRoi-uauZk9Q5GDF-i-krRM0BVPHIAKYdxpvmnRXIEOLk0UNmxp1UD4TLNxgjGOMdnjPbozgY3Gtk4gweKBtBfDQqECXhZKCV4mlbYvdAiylF7eGUWDyM0OIZOXy5g8i9PhCPo_YZL8_KrytQNyRNtUJtoartyq_HsZqiAqhePYbRyMIznYE5a3u9VyB7wNNlkpj5p_-IW4z0lvsCEYcQodh9ZijgI5tGuLYxq1dsOeO8-xrWDsJ9hklQzQHA2vP_etAIR5ExJQpmRri2IixvOzRPQhqxr1TzbqF0wc1jwnjYyBi-Fy4uuFD0ge_tR8WToaNkEP1hzttJUu5DaiwAvX9Ym_dYz8NA&cid=CAASUORoTsTM4iTBHuy07xhNPRGP_aApeuEiO4QaV8Zfq-OaZkYhPJcNv3xYrDDud_js2kDvEVkkvxGDTJmA8xwEJoDW2gELP9At20ttn4j_MBXu&rfl=1%2Chttps%253A%252F%252Fwww.wired.com%252Fstory%252Fpipedream-ics-malware%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 13:39:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
98908
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 18 Apr 2023 13:39:49 GMT
e7c6de6c-4d66-4230-98ff-0af0d6fc3007
https://www.wired.com/ Frame BFCE 		63 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.wired.com/e7c6de6c-4d66-4230-98ff-0af0d6fc3007
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
87b2408523892f375c00a9d521c67f6eb516ecac25c479a7b15705bfab08fcd3

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Length
64606
Content-Type
application/javascript
8b3d4565-6e79-4f20-a3d2-7937fcddeeb1file-1422k-128-48000-768-00001.ts
dp8hsntg6do36.cloudfront.net/6230c6615577c237274617fc/ Frame BFCE 		892 KB
882 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dp8hsntg6do36.cloudfront.net/6230c6615577c237274617fc/8b3d4565-6e79-4f20-a3d2-7937fcddeeb1file-1422k-128-48000-768-00001.ts?requester=oo
Requested by
Host: d2c8v52ll5s99u.cloudfront.net
URL: https://d2c8v52ll5s99u.cloudfront.net/player/main-cbaabc24a9061ea5fbe1.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-31.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d975df10a87ceb7147bc1230a8cf267d99a488930e16135920960144ed82dcd8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 03:11:15 GMT
Content-Encoding
gzip
Vary
Accept-Encoding,Origin
Age
50223
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Access-Control-Allow-Origin
*
Last-Modified
Tue, 15 Mar 2022 19:14:05 GMT
Server
AmazonS3
ETag
W/"afbc5b876d06213b97de618cbb627d7f"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, HEAD
Content-Type
application/x-mpegURL
Via
1.1 bc4b5a0c950f70df08b33cfb9288c098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
JFK51-C1
X-Amz-Cf-Id
Z69x-KUgXHcoc8QEx6U1MVHzQ-Cht9htw0LvgSo87nlQ4o63uHTErQ==
usync.js
eus.rubiconproject.com/ Frame F481 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.78.168.242 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-78-168-242.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
18f25152e6157a80c22560120612d9f9c18790e176d7165194cf5ee62a7773d2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?us_privacy=1---
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:17 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=76472
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Wed, 20 Apr 2022 14:22:49 GMT
receive
pixel.tapad.com/idsync/ex/ Frame F9D4 		95 B
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1955&partner_device_id=b7ea3d8f-e13a-40db-8024-ee54693edb8f
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=92a42b2b-081a-4be8-96bc-8a959e4a3060&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.246.178.107.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
sync
ups.analytics.yahoo.com/ups/58294/ Frame F9D4
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=9e0a35ea-c8e3-4b1b-9efa-4af6f54a373e&r=https://pixel.advertising.com/ups/58294/sync?_origin=1&uid={OPENX_ID}
  • https://pixel.advertising.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea
  • https://pixel.advertising.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea&verify=true
  • https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea&apid=UP4ec5bf28-c003-11ec-87cc-0a0ae1b43cb9
0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea&apid=UP4ec5bf28-c003-11ec-87cc-0a0ae1b43cb9
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=92a42b2b-081a-4be8-96bc-8a959e4a3060&gdpr=0&us_privacy=1---
Protocol
H2
Server
3.218.90.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-218-90-66.compute-1.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:18 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea&apid=UP4ec5bf28-c003-11ec-87cc-0a0ae1b43cb9
date
Tue, 19 Apr 2022 17:08:18 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
396846.gif
idsync.rlcdn.com/ Frame F9D4
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D
  • https://id.rlcdn.com/464246.gif?partner_uid=e4523115-777a-4b3c-95bc-f67163297b5b
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
  • https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e4523115-777a-4b3c-95bc-f67163297b5b
42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e4523115-777a-4b3c-95bc-f67163297b5b
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=92a42b2b-081a-4be8-96bc-8a959e4a3060&gdpr=0&us_privacy=1---
Protocol
H3
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

date
Tue, 19 Apr 2022 17:08:18 GMT
content-encoding
gzip
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e4523115-777a-4b3c-95bc-f67163297b5b
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
sd
us-u.openx.net/w/1.0/ Frame F9D4
Redirect Chain
  • https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID
  • https://us-u.openx.net/w/1.0/sd?id=537072399&val=5068312605290501509
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072399&val=5068312605290501509
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=92a42b2b-081a-4be8-96bc-8a959e4a3060&gdpr=0&us_privacy=1---
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
9ec08f1e-cd39-42f6-9db4-cf7975b3f8a7
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://us-u.openx.net/w/1.0/sd?id=537072399&val=5068312605290501509
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame F9D4 		43 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=e942320e-a697-c6a6-0acb-f4153281d163
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=92a42b2b-081a-4be8-96bc-8a959e4a3060&gdpr=0&us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
B4ECTVK70K7JR2NDM0G0
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame F9D4
Redirect Chain
  • https://ad.turn.com/r/cs?pid=9&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=8304346631304572768&gdpr=0&gdpr_consent=&us_privacy=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073061&val=8304346631304572768&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=6&ph=92a42b2b-081a-4be8-96bc-8a959e4a3060&gdpr=0&us_privacy=1---
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537073061&val=8304346631304572768&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
receive
pixel.tapad.com/idsync/ex/ Frame 1151 		95 B
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1955&partner_device_id=b7ea3d8f-e13a-40db-8024-ee54693edb8f
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.246.178.107.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
sync
ups.analytics.yahoo.com/ups/58294/ Frame 1151
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=9e0a35ea-c8e3-4b1b-9efa-4af6f54a373e&r=https://pixel.advertising.com/ups/58294/sync?_origin=1&uid={OPENX_ID}
  • https://pixel.advertising.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea
  • https://pixel.advertising.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea&verify=true
  • https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea&apid=UP4ec5bf28-c003-11ec-87cc-0a0ae1b43cb9
0
405 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea&apid=UP4ec5bf28-c003-11ec-87cc-0a0ae1b43cb9
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?us_privacy=1---
Protocol
H2
Server
3.218.90.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-218-90-66.compute-1.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:18 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=9f50cdfa-6257-4715-99e2-b788cd11eeea&apid=UP4ec5bf28-c003-11ec-87cc-0a0ae1b43cb9
date
Tue, 19 Apr 2022 17:08:18 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
396846.gif
idsync.rlcdn.com/ Frame 1151
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D
  • https://id.rlcdn.com/464246.gif?partner_uid=e4523115-777a-4b3c-95bc-f67163297b5b
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
  • https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e4523115-777a-4b3c-95bc-f67163297b5b
42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e4523115-777a-4b3c-95bc-f67163297b5b
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?us_privacy=1---
Protocol
H3
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

date
Tue, 19 Apr 2022 17:08:18 GMT
content-encoding
gzip
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=e4523115-777a-4b3c-95bc-f67163297b5b
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
sd
us-u.openx.net/w/1.0/ Frame 1151
Redirect Chain
  • https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID
  • https://us-u.openx.net/w/1.0/sd?id=537072399&val=5068312605290501509
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072399&val=5068312605290501509
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?us_privacy=1---
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
0d1e5a60-220a-488b-9507-191712175c9f
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://us-u.openx.net/w/1.0/sd?id=537072399&val=5068312605290501509
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 1151 		43 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=e942320e-a697-c6a6-0acb-f4153281d163
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
CQDJ2MDZBX7FS7PYRHQK
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 1151
Redirect Chain
  • https://ad.turn.com/r/cs?pid=9&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=8304346631304572768&gdpr=0&gdpr_consent=&us_privacy=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073061&val=8304346631304572768&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?us_privacy=1---
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537073061&val=8304346631304572768&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
init1.js
api.bounceexchange.com/bounce/ 		90 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=1306&wklz=C4ewVgigvArgdgEwKYDMCWckIGQGNgDOUAjAGwCsADAMwActlAnAOy2m3bABeIUl2AdyQAjAmmBIA+mgRQATLTnlsAJyQEQAGxjA0IOCVKVKAD2Jzjq1EhVqVUAIYAHJ5qQA6TAIJ4HmzRgA5pIwKppQABbAwE4EAKTUAIJxcgBiKakCWe4CaGoI7rggALYZBKAqAJ4ZTmhOWGoOxQC0aLgEzcV+Ag5qGdgAbmhiwJJFIADWaEhQccwAQilymk5LCclyclEx8UpJKeRpB2lZAjl5WIUlx6nlIFU3tfUIjS1tHV2aPX1KR5spAGElio1vtNs5XB4vLs5HMACJ4ECTaazBZLAag5JozYEGDCYriCQIST6EZITEoPwEclyIGbJADGySTQgQKBLDSOAUqk0ulyXH4wkcpBdNCaSTCBy4Ca4CIOOCYTTczTUwFLAUE6LC0XiwIOBDs4CaByiZWq2nqvGaomSEUOMWSPXFdRm3mWwVa4l2h3AFTyghOe7AV1qnFWoVenWSCSyjDAAQgEMWsMem3e8UEXDTOC4GmwpKUlVulPW7X28XIKlJvkaiO2qMIcvVf4FnmhuS4XBOBxjPxoTG+mDFuRqYJ6iSSWue6vApBjhwT0JKluJQvmmvhz318uSQMIXAOcow9Zr8nMOHwwa9AgAbW77OjlXqAF0oKerypb-rJEMxMI3K+74DNeN69LouBuJIcBNEggE8h+X4qOBkEHhIgT3JUcFFghN5ypoKDdpUPT+D+wxoP+sFQIOSA4cIIDRCUkoqKRf4AW+8HAZ+d4OERfiaFh1I4SgMD+IRxHir+5FsUBIEBj2DJIHAowikKKgCTRnG3lONqkuIlEyVxLJshyGDqThCnMUZ7LEqZ7HYZpN4IARkgqP+IDSq+cD0S5SD6pUOHaWWDqStKsryoqZkOYFkY7nqBpIEaJoEJFsmbmmUZOuoKVcdF24+n6cABkG2VaWlQXijGERxgmJU3rl6aTlmim5rV9UNr5KqtWVMUOo2YqYXZgkOU4KhoMBEhudKLFSfpHEgcADjBEgbjOkptUjWNUqVLuIBODATjTRRtW4HAeUZnimajcINjHadZKThduBXTdg0aSBnbdr2ASvtROGgE4TGHdJc1cfcyDMSg9zFLVo6OguUjRbVCCVNBBK4NGi22itinADDc7DL6C56Kd4l4-Oi5hGTcMTriLhqAQYj6F1qblTt+6HoQkXICgN4fT2B7fVRKhDoM3M3rD45SEuZnjFMUigCAzK9Oyr3YMITh8NgCUazez7YE4hBQIixSuGg8q5pIKDGoEUBAA
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/br-ijs_all_modules_2d913b64e789f2bd268452855491ee94.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
d4520414af2a968a2935d13f1f9751897974d60d38ffa7bfec4dbae893fdfed7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
content-encoding
gzip
last-modified
Tue, 19 Apr 2022 17:08:17 GMT
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
30
content-type
text/javascript;charset=UTF-8
alt-svc
clear
via
1.1 google
expires
0
ibs:dpid=477&dpuuid=b580c7c021133a9aaa345bc07bf6c4540121ef7fb71b45a07532ec206137d066b0da87c991749652
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://idsync.rlcdn.com/365868.gif?partner_uid=51128452588216843153317871896908876551
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=b580c7c021133a9aaa345bc07bf6c4540121ef7fb71b45a07532ec206137d066b0da87c991749652
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=477&dpuuid=b580c7c021133a9aaa345bc07bf6c4540121ef7fb71b45a07532ec206137d066b0da87c991749652
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v028-01cfdbbb1.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
6a5wLkyqS/4=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date
Tue, 19 Apr 2022 17:08:17 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dpm.demdex.net/ibs:dpid=477&dpuuid=b580c7c021133a9aaa345bc07bf6c4540121ef7fb71b45a07532ec206137d066b0da87c991749652
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame FC78 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
146712
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 18 Apr 2022 00:23:05 GMT
expires
Tue, 18 Apr 2023 00:23:05 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=BPI1&hp=1&wf=1&ra=1&pxm=2&sgs=3&vb=14&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=https%3A%2F%2Fapple.news&t=1650388097904&de=6816706611&m=0&ar=bee2df476bf-clean&iw=23c8749&q=8&cb=0&ym=0&cu=1650388097904&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=11590170%3A27523353%3A525643043%3A169412062&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&bo=2568040&bd=332460082&zMoatOrigSlicer1=2568040&zMoatOrigSlicer2=332460082&gw=bpi100914419959&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A628%3A628%3A0%3A735&jh=-1&jm=-1&mr=0&ml=-&fs=198121&na=180906666&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:17 GMT
async_usersync
ib.adnxs.com/ Frame FE37 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.182 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
6637f689-25a7-42b0-b956-a9b6d4512371
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame FBF6 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.182 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
ea5e8bdd-a70d-4330-9e02-98d7205eb537
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1715062932&t=pageview&_s=1&dl=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&dr=https%3A%2F%2Fapple.news%2F&ul=en-us&de=UTF-8&dt=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking%20%7C%20WIRED&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCjACUI7BAQCAG~&jid=253601664&gjid=868635569&cid=145265742.1650388094&tid=UA-87198801-1&_gid=1549923057.1650388097&_r=1&_slc=1&cd1=709de7b3-ad72-41b0-a5a3-bee226fa562e&cd2=none&cd4=www.wired.com&cd5=%2Fstory%2Fpipedream-ics-malware%2F&cd6=Passive%20Tagger&cd7=cca944d7b99b42fb8487a82caff5e9f7&cd3=57&z=1122256035
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 9649 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvQ27mEJZVobk0ZLqaVv8hkyxuPq7qqojk5TR44OnAIOtkepYOlmBomoT_3ACD1KCT73cuL98odLqa1c_3Yg1SUiZ6-6rYVslhePCouq_VWjueDPN7-8O8uCIcwxAvfqw9XTMk58K7yynvn2y3RaSfbU9e2oWMBnftvKETMdF1qXjPKs2ywsy8zkQhBtQrEYcnTm5Z07OEjNGHAZ0WfPcSqlcb98A-uf6dDaxfoJjBJ_nQb62Z-c3AZ4BFMlVFhAwT_fT_hXq05osx6qzFQ0ZtnadijtXLS6ErskN8EJdo12kxPCak9ecf5VKWN432XFLO1XdZ5eA100xgPPfBbsLVIjrOkCFsD9qW9R3_Sz73PQ9cExy0CE6DfOLxUdOIG4NzjQd7ACOoCd0UpW_H-Taedi7I7Nbn_RmOrYKKmkuIe0g1LqutRDHjwpe4AWgICpY4jmL4O9gE167ME77yVOhp2tQPpPmsgtWmC3Zs584QyIUx8p_Wh0Jdrw3Y67GUbesHsph9SnebxkX_8lKwRJlIKnt2tqBy9ngPrkfikxUE4OLe15pBFFRTz6PZkudXXGRPEr5lDlmkbPdC__s4jatXmjZJxVcoL9c23OloL9GlmfycIzBFi8QdrY6YR7rW1xlT2gz41DB6hdN6iaeMnpUmbOIkW5TVzM8CBq8l6x1eCUVzd1Dot4dYJbwN_UpMuvnOX4mOM5-07zHXzGtIXocj-PsRbjv7rLQPbuxmFf0qumusQYDZ5P8gQH5r00fM2KdIx9uekoqHYCV7EgWykFwqkD95wTetQ8fWhVWH0B2nYFEJhdmIKJkKOXcab1dLTBMZ2r2uem71Yc63MAilorb_xLJVETiGuoXa9AVqSJoAyXTTcZhdjflSimtrSiZpR78VqC7QCd_im167oM7W66_BM2AKoIptHDjkt7At-iZEeiW5tQkQN4Odqyy4JgNtKxE_qFECkCnMKuQrHu_Gn1oea8_dEcbcjnOmo-bO4ppWGdENH32BirJ3Zolbb_QRxFJ_-4d8U8JI3o3LaZbp_IbdIr9_47LecQGPbkgsMqyZPxuFD3rGs-EUOb1FFEclb_1nKALf6XI834LuU3XvkhwMrPpPfyYBM9vPUjAVW27q2n8zODnhqUwq2ndg6OLVAFQxY7FaIK4y7thx4kUkJFj0mXk7IUM6XIVtlS95kQ51swwUi9zlekaVKADyiiDKgeXO3R3cXw2FQglI-_uaM6r1gv9E9lw&sai=AMfl-YTZyH3mL0zG_QGU8ry9zWDYOfQsF4OpIDrj7BYNc7rAFk8z5EL9rmUbTh7_-e9CVp39YVkbHo1Z1sU5iOtuNjcwzwnFX3mac1m6833Tikd1CmWp3kYhdbUToWO8WynL06pimhtKBfXGfS_Zw7j6BDgW8XeoB6h_I75Sl-XxpocGvmB_hiezhKtW09R9m3SE-tH0TqS7lX96WOgonIm9-yPkljIx7FA_6sqVJgwwBT9W6-sGqOsQdW9KatIKIS9l_uQ0J9wIaZjkKoU2zeVa9Sx7bYd5Kn-yTEud&sig=Cg0ArKJSzPPiiIJ-Tt_TEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=202&vt=11&dtpt=200&dett=2&cstd=0&cisv=r20220413.81784&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dj1JhmSPRAjTvNBjjXJR9bPVS9zQjDz9dSO_eNG-XN2MFZsiRA60MEnbTi5y-IpwZBrgrvKm73KmrkcRCs8ZGEg1a-MamkRAlxnbeCWkt-qNqWvgQ3SnSr_KvGrmz5sZtBGkNpIk0noWwcSZ1D7LJivPkjOg&dbm_d=AKAmf-ADaHd6KYXhuKdgI03gyNRDZRIKTazJtbnnfJK2gQ-c4Qgjvz7MjHlfNLsHoZtlFUVoith4zhxAuFyY0cXfWNyvSSu-YCkcocQ3slfWdI7mlQ7NnwDbM_IW67nxdZUfgL3d-bQR4IqDLY1OYvTpCNV8KgMIcn2ygsAyuanpO2v0J1Og8qk0YDvBZnCwHJ7UHsoxCQv2yyiduQ5zlCuNYiRK_Gw2acYjxAHDWdvUCcl1NLJibpg3KdzCNOgqT0YZ0evJPYTROJx__twFYsqP75P7dcreHXYs7W0mqpwJJRWS8Keodg0pBC37vw-OiUxJkvwems_NKY8VkPZIEysoXD0lpUfx1j1aLlQZR5_jMFMCX0TvGS6gBobTav_iJrKbbgu-vSZ8UL-7ic54hoYbiaTL-DCZXtAN2KhEIGj1Zm81uPLD20NmaQVb52dUNzeGHPsqJPp_3sVovlIv19IQLMfhocpz8wdmW9IiOJNpSctkiRblsXYZdsDZXVjbWY7tRlHuExokUROOULRZPK7qItJI0zcJK9VabBbr2aj2Xyczfzwre_pBN3RfZz7xvIDTnUcssPDgsngI0XX7cnw5cvZTAngL-FujIoZLtSlA6HfPknUK5UUp7XsUUDPNTMpYa1kwKLXFsR-gf0txrUZ5Mu3OeRB3PJKtSzP6_urRQmnyVfx3zaf5ydq8pIO7s9H_RC1Ar8MUHZArhEvmneWMJJ1lBDoXzu_-G3VJRIgaiCjKKbqTgN6B3aXqZT2VG8r3uBX4uiWFrTATZcCFoZGcvM94Q9uXrfFymdn9oCDVRd9Ia5abXM4j4EDMSGtOHYaZIMy0kJRCt-uf6sS6J-EEmCiFS_ZyKYHA7xx8P_IJ-c43vOYnDsqsoH-TnGobybBb4WB5_T8Z5l3qbdKnkHonU7aUI3Vt5bz1nU2bQPogPddHH4rD-fQKZgDXlJ0iYOGFePV_2yx3tEw7agde7rEC1N1g7mm2bgWopZmSVBlsOZpHpD3r2qO3CItymDt_9gM_ZlfKmWkEARuOmWIaLMB3AxcnFUKo_Mx1VhXmaF9W-uuiHa7Eksn4MtAD5iAesEiQflqquaAPh9KZIp9DBYpar2cxDMPvRpXXsDtM4PbQlcN2vfv1qi6ID-fJJiun30VP0g76jJ6x6D32oZdl3BGiKQZjMut50DmL60q7TfCV51IGhKSXsG2JP6sRfOwvfPybit0Ro1GvZuBbCXMZD33zZdVeFGemXYdcuh924iYFUYSxlQoQz6Z1NUeHkqq1LTywjdfhn8PI7JCO8jnUj_dnR_INe2-otWK-aSid29EdJNrvWhusPX_EUTbACQ-VosC5GHm5d0jnrFpWR7J1VMgnGY2j-5IDVaUsF9iBuVLWk7IJFxHBuCubql5z3X7p5LHK3IPCzKNMliLpsE45DznEEbJyrVA7ylbzbdhVKot_kVJEjcpgb7H0pyBAjqoPexLyCIQqChG5M0BDcxtFmGWjbGo1eRuUzQFSK15VFzwtlyMDk-uJG78Tj4sE8D9s6LgAs4FyCIjJdzUuX2uJK1y_mte92ze6a5LioX2QQ7yKI8ql3Wfc3HZ5KkamLk9jKbh8nN2jlB9M-6u93pdWnKkknrTmac9bRcEin7WiiBzioNNnuGD5e3NE9vlQPQdOTg5PjXRfEVnc8sdBnL7KCe8ApBoMO13-QMHsD4j5Ru3rik231MJ51DMYdpJZZGZJ2QBFtYGX2SxOSFQ9r1aXRzaK_ROEkKZgyOxG6UIpv2ye-5hbLBIH8bN83frlov7dvpOOo95rJv8ndUiZJPbLSzVKJ-grVCvzG46LG4AfEfcPlYVBI_suAd-A10mLhidA_hmofz5cRl-xPXF20pC78pnt8u1DzfbQYzmvTY_mPkY9aC3ttJkxKBWaAtH0NQOz1ZDnhrsFmwkpL6qnwxNA-gfPAi7hWmpJ7D7iocIsLl-IzNKAkpbKif-gdIYxAuRF1g0w6dD6Y93srbB5O5IqFQySnAHuIb1spfwyTPEqK-KmCIH95nWRi_pJjrkPGnatMV3h-uSCaYf6mQR6FyWROPeAwHYaLFHRs_c0rpGOn2MKIIoBE29lJUFSEtWppljtVfRBGlQyjwGs248c85OxxvB-ExUO3Bm9qk89U-0yc_QS-8FMP2bxOg25WSGoCUqoKo2RrVw23DBvwgGQhyBbNcHQWfJDUd_nSU7slMYqKRiHybm3IFbo7JjuyEFdYuAY7dyPzVe7AnHGWw4ZFjkT-jRnP54cBvZi6Bn4IUiym9gfl15KGizJWFox4giG4XlrvNifDZc0UbQOsN22IiG84HqQU7iztNk3VxC_TSSUebOAUJGASra9NMmr0h2HOzhrOoLjNLQd7_s6oK8OHtiuAMzyrB4lOSiWP08iQ-nUDOpXnT3chNIwNyPlZj5lNDz8zJLAwBz7UaPLj0crF1Lnb6SXLd3OcTW6ctZoWNLwrQrF3OBeoPhi0PGpcgaUIgLBKppmfsd9OGYJvV7NEdBQwJO8YSh3cc0rtmuHatDwBtkMQYP7b2slR9lx6rD0VIeJtajC-6qZM6HFIJec7RTTNy1rjahpyr7vfdMAUt7RIqu4QGXLPBos-Vro7LHlj1QQdBrnWI3JwVvXVsq6r7SxO5f4JRDH3lMm4WGR1PCxJK9q9OmDNEJX1dAaHXFbXzE2_79UDs5lIP4ywIX57OG2x7HWhfcietNxGfuj3Er2Ewoc6tEXGp2ODNmmNBdweBHoNG8y71Rv8lUYxvh3viWj2aIKOu6ravDSEKFHkYNQnZzgQGsxQaD3U74qi9UtigjV8oH_zhShDFtY0mdcmYEn-ApvwgEpLuQMl2ryGs9CFWbQabLM_bb52sJBGCFkCKpeOE-asF12xEhTYe1Yk6TSR3p9glbTMj5L0l1wCp73uVRZPaUZv1ToL4edY4L0n2eOTB3rq6ispAAKDQn1EeptooR9QWKCkDYgMK0dZSZfqhcWnsl_8syPI9UjqRH8J3r_u3Jw0gO54NIVU0W022UV2xvCibwgPCJkoxmIE-UKyUj8y0yUKOljc8mxyVQDusjJ8B_R18WgvwqMW7VMxN5QVggOBtP8MYu1HR9LFZVJn401Pft-39x7OMYwOCFleDFJ0lRoi-uauZk9Q5GDF-i-krRM0BVPHIAKYdxpvmnRXIEOLk0UNmxp1UD4TLNxgjGOMdnjPbozgY3Gtk4gweKBtBfDQqECXhZKCV4mlbYvdAiylF7eGUWDyM0OIZOXy5g8i9PhCPo_YZL8_KrytQNyRNtUJtoartyq_HsZqiAqhePYbRyMIznYE5a3u9VyB7wNNlkpj5p_-IW4z0lvsCEYcQodh9ZijgI5tGuLYxq1dsOeO8-xrWDsJ9hklQzQHA2vP_etAIR5ExJQpmRri2IixvOzRPQhqxr1TzbqF0wc1jwnjYyBi-Fy4uuFD0ge_tR8WToaNkEP1hzttJUu5DaiwAvX9Ym_dYz8NA&cid=CAASUORoTsTM4iTBHuy07xhNPRGP_aApeuEiO4QaV8Zfq-OaZkYhPJcNv3xYrDDud_js2kDvEVkkvxGDTJmA8xwEJoDW2gELP9At20ttn4j_MBXu&rfl=1%2Chttps%253A%252F%252Fwww.wired.com%252Fstory%252Fpipedream-ics-malware%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:18 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
pubcid.php
hbx.media.net/ Frame 76F8 		57 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hbx.media.net/pubcid.php?itype=HB&cb=window.advBidxc.mnetCoRtusId
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7b48a74fa0f94d83ae6d60c772f5e7aa66e7be1b63ccf223ca14e34d3d7b0d22
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
max-age=1800
content-length
18543
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:38:18 GMT
sync
gum.criteo.com/ Frame 76F8 		61 B
383 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sync?r=2&c=321&gdpr=0&gdpr_pd=0&gdpr_consent=&us_privacy=1---&j=window.advBidxc.mnetRtusId
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
f77f47058428a1c21dad5a75ac13fbfdeb9858947218fee2112fded5972a0b5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=3600
server-processing-duration-in-ticks
1851
strict-transport-security
max-age=31536000; preload;
content-length
175
expires
60
cksync.html
contextual.media.net/ Frame AEB5
Redirect Chain
  • https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Drkt%26refUrl%3D%26vid%3D038809808429338969714554290...
  • https://contextual.media.net/cksync.html?cs=8&vsid=2933896971455429000V10&type=rkt&refUrl=&vid=03880980842933896971455429000V10&ovsid=2810316552999491622
219 B
649 B 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/cksync.html?cs=8&vsid=2933896971455429000V10&type=rkt&refUrl=&vid=03880980842933896971455429000V10&ovsid=2810316552999491622
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
85af3052d288ffd9157258dfe4daf5309f0b64d0067ab8221cd0c62909c18419
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://contextual.media.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store
content-length
219
content-type
text/html;charset=UTF-8
date
Tue, 19 Apr 2022 17:08:18 GMT
expires
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
pragma
no-cache
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E

Redirect headers

Content-Length
0
Date
Tue, 19 Apr 2022 17:08:18 GMT
Location
https://contextual.media.net/cksync.html?cs=8&vsid=2933896971455429000V10&type=rkt&refUrl=&vid=03880980842933896971455429000V10&ovsid=2810316552999491622
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server
Jetty(9.3.29.v20201019)
cksync.php
contextual.media.net/ Frame 76F8
Redirect Chain
  • https://medianet-match.dotomi.com/match/bounce/current?version=1&networkId=57734&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dcon%26refUrl...
  • https://medianet-match.dotomi.com/match/bounce/current?DotomiTest=371e953be91e1237&is_secure=true&version=1&networkId=57734&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=con&refUrl=&vid=03880980842933896971455429000V10&ovsid=AAAGeExTYbUEWQNwZJXpAAAAAAA&expiration=1650474498&is_secure=true
45 B
459 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=con&refUrl=&vid=03880980842933896971455429000V10&ovsid=AAAGeExTYbUEWQNwZJXpAAAAAAA&expiration=1650474498&is_secure=true
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=con&refUrl=&vid=03880980842933896971455429000V10&ovsid=AAAGeExTYbUEWQNwZJXpAAAAAAA&expiration=1650474498&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
cksync.php
contextual.media.net/ Frame 76F8
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=64&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dmma%26refUrl%3D%26vid%3D038809808429338969714554...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=mma&refUrl=&vid=03880980842933896971455429000V10&ovsid=7638625e-ec82-4e00-a7ba-1a67b2d71719
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=mma&refUrl=&vid=03880980842933896971455429000V10&ovsid=7638625e-ec82-4e00-a7ba-1a67b2d71719
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
MT3 4335 2c68c00 master hkg-pixel-x20 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=mma&refUrl=&vid=03880980842933896971455429000V10&ovsid=7638625e-ec82-4e00-a7ba-1a67b2d71719
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 19 Apr 2022 17:08:17 GMT
cksync
cs.media.net/ Frame 76F8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=MjkzMzg5Njk3MTQ1NTQyOTAwMFYxMA%3D%3D&google_sc=1
  • https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEFhUEUKrv4bWnjFoSXWNSmE&google_cver=1
45 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEFhUEUKrv4bWnjFoSXWNSmE&google_cver=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
HTTP/1.1
Server
23.54.200.27 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-200-27.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
P3P
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
45
X-MNET-HL2
E
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEFhUEUKrv4bWnjFoSXWNSmE&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.php
contextual.media.net/ Frame 76F8
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Ddxu%26refUrl%3D%26vid%3D03880980842933896971455...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=dxu&refUrl=&vid=03880980842933896971455429000V10&ovsid=EJllit1C1NGRkR5
45 B
449 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=dxu&refUrl=&vid=03880980842933896971455429000V10&ovsid=EJllit1C1NGRkR5
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-007b7dbae3f126443@us-east-1d@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=dxu&refUrl=&vid=03880980842933896971455429000V10&ovsid=EJllit1C1NGRkR5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.php
contextual.media.net/ Frame 76F8
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=8bf42e93-8fcc-4a52-8842-f54b6a4099bd
45 B
615 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=8bf42e93-8fcc-4a52-8842-f54b6a4099bd
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
server
Kestrel
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=8bf42e93-8fcc-4a52-8842-f54b6a4099bd
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1862089
content-length
0
expires
Tue, 19 Apr 2022 00:00:00 GMT
cksync.php
contextual.media.net/ Frame 76F8
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
  • https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
  • https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=medianet&ssp_user_id=063a7caa-9fc5-4484-9d5d-a77bb0ad0283&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=74&&user_id=171119416&expires=5&ssp=medianet
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=063a7caa-9fc5-4484-9d5d-a77bb0ad0283&gdpr=&gdpr_consent=&gdpr_pd=
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=063a7caa-9fc5-4484-9d5d-a77bb0ad0283&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Location
//contextual.media.net/cksync.php?cs=1&type=bs&ovsid=063a7caa-9fc5-4484-9d5d-a77bb0ad0283&gdpr=&gdpr_consent=&gdpr_pd=
Date
Tue, 19 Apr 2022 17:08:18 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
cksync.php
contextual.media.net/ Frame 76F8
Redirect Chain
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dzem%26refUrl%3D%26vid%3D03880980842933896971455429...
  • https://stags.bluekai.com/site/23178?id=9IykJUvQmM6eWtT9fxrc&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TD...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPJZJF4WWSSVOZIW2TJWMVLXIVBZMZ4HE...
  • https://contextual.media.net/cksync.php?cs=8&ovsid=9IykJUvQmM6eWtT9fxrc&refUrl=&type=zem&vid=03880980842933896971455429000V10&vsid=2933896971455429000V10
45 B
454 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&ovsid=9IykJUvQmM6eWtT9fxrc&refUrl=&type=zem&vid=03880980842933896971455429000V10&vsid=2933896971455429000V10
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
P3p
CP="We do not support P3P header."
Location
https://contextual.media.net/cksync.php?cs=8&ovsid=9IykJUvQmM6eWtT9fxrc&refUrl=&type=zem&vid=03880980842933896971455429000V10&vsid=2933896971455429000V10
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
196
Expires
Thu, 01 Dec 1994 16:00:00 GMT
/
dmp.adblade.com/srv/sync/gateway/ Frame 76F8 		43 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.adblade.com/srv/sync/gateway/?cId=Medianet;__src=adblade
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.73.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-199-73-116.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:18 GMT
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
cksync.php
contextual.media.net/ Frame 76F8
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=2933896971455429000V10
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=2933896971455429000V10
  • https://contextual.media.net/cksync.php?type=mf&ovsid=1ca2402a-447e-42f8-8192-efc498510f38&cs=1
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?type=mf&ovsid=1ca2402a-447e-42f8-8192-efc498510f38&cs=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

location
//contextual.media.net/cksync.php?type=mf&ovsid=1ca2402a-447e-42f8-8192-efc498510f38&cs=1
date
Tue, 19 Apr 2022 17:08:18 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
710489.gif
id.rlcdn.com/ Frame 76F8 		42 B
318 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/710489.gif
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
cksync
cs.media.net/ Frame 76F8
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1
  • https://cs.media.net/cksync?cs=1&type=ttd&ovsid=5c721061-149d-4078-895c-afabf1a9fca0
45 B
621 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=5c721061-149d-4078-895c-afabf1a9fca0
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
HTTP/1.1
Server
23.54.200.27 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-200-27.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
P3P
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
45
X-MNET-HL2
E
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=5c721061-149d-4078-895c-afabf1a9fca0
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
199
sync
ups.analytics.yahoo.com/ups/58222/ Frame 76F8
Redirect Chain
  • https://cs.media.net/scksync?cs=1&type=brx&ovsid=setstatuscode&redirect=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58222%2Fsync%3F_origin%3D1%26uid%3D%3CDSP_USER_ID%3E
  • https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2933896971455429000V10
0
150 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2933896971455429000V10
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
3.218.90.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-218-90-66.compute-1.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:18 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=15724800; includeSubDomains
Date
Tue, 19 Apr 2022 17:08:18 GMT
P3P
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
Location
https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2933896971455429000V10
Cache-Control
max-age=0, no-cache, no-store
Connection
close
Expires
Tue, 19 Apr 2022 17:08:18 GMT
ibs:dpid=358&dpuuid=5068312605290501509
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
  • https://dpm.demdex.net/ibs:dpid=358&dpuuid=5068312605290501509
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=358&dpuuid=5068312605290501509
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-1-v028-0286b540f.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
Ci3v5AzRTh8=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
808d8c45-6e69-4970-91f1-db3d5cca9709
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dpm.demdex.net/ibs:dpid=358&dpuuid=5068312605290501509
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pubcid.php
hbx.media.net/ Frame A94A 		57 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hbx.media.net/pubcid.php?itype=HB&cb=window.advBidxc.mnetCoRtusId
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7b48a74fa0f94d83ae6d60c772f5e7aa66e7be1b63ccf223ca14e34d3d7b0d22
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
max-age=1800
content-length
18543
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:38:18 GMT
sync
gum.criteo.com/ Frame A94A 		61 B
382 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sync?r=2&c=321&gdpr=0&gdpr_pd=0&gdpr_consent=&us_privacy=1---&j=window.advBidxc.mnetRtusId
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
f77f47058428a1c21dad5a75ac13fbfdeb9858947218fee2112fded5972a0b5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:17 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=3600
server-processing-duration-in-ticks
2136
strict-transport-security
max-age=31536000; preload;
content-length
175
expires
60
cksync
cs.media.net/ Frame A94A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?cs=8&google_nid=media&google_cm=1&google_hm=MjkzMzg5Njk3MTQ1NTQyOTAwMFYxMA%3D%3D&google_sc=1
  • https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEFhUEUKrv4bWnjFoSXWNSmE&google_cver=1
45 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEFhUEUKrv4bWnjFoSXWNSmE&google_cver=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
HTTP/1.1
Server
23.54.200.27 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-200-27.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
P3P
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
45
X-MNET-HL2
E
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cs.media.net/cksync?type=g&cs=8&google_gid=CAESEFhUEUKrv4bWnjFoSXWNSmE&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.html
contextual.media.net/ Frame B315
Redirect Chain
  • https://p.rfihub.com/cm?pub=19967&in=1&forward=https%3A%2F%2Fcontextual.media.net%2Fcksync.html%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Drkt%26refUrl%3D%26vid%3D038809812429338969714554290...
  • https://contextual.media.net/cksync.html?cs=8&vsid=2933896971455429000V10&type=rkt&refUrl=&vid=03880981242933896971455429000V10&ovsid=1783777312386555910
219 B
649 B 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/cksync.html?cs=8&vsid=2933896971455429000V10&type=rkt&refUrl=&vid=03880981242933896971455429000V10&ovsid=1783777312386555910
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
85af3052d288ffd9157258dfe4daf5309f0b64d0067ab8221cd0c62909c18419
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://contextual.media.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store
content-length
219
content-type
text/html;charset=UTF-8
date
Tue, 19 Apr 2022 17:08:18 GMT
expires
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
pragma
no-cache
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E

Redirect headers

Content-Length
0
Date
Tue, 19 Apr 2022 17:08:18 GMT
Location
https://contextual.media.net/cksync.html?cs=8&vsid=2933896971455429000V10&type=rkt&refUrl=&vid=03880981242933896971455429000V10&ovsid=1783777312386555910
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server
Jetty(9.3.29.v20201019)
cksync.php
contextual.media.net/ Frame A94A
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40
  • https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=2c93b7ae-5cfe-4e6d-b3c8-e58bb2e82134
45 B
614 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=2c93b7ae-5cfe-4e6d-b3c8-e58bb2e82134
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
server
Kestrel
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://contextual.media.net/cksync.php?cs=1&type=crt&ovsid=2c93b7ae-5cfe-4e6d-b3c8-e58bb2e82134
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1671027
content-length
0
expires
Tue, 19 Apr 2022 00:00:00 GMT
cksync.php
contextual.media.net/ Frame A94A
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
  • https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=medianet&bsw_param=063a7caa-9fc5-4484-9d5d-a77bb0ad0283&google_hm=MDYzYTdjYWEtOWZjNS00NDg0LTlkNWQtYTc3YmIwYWQwMjgz
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEAET3AleqSZXRb97kjdUQ0k&google_cver=1&ssp=medianet&bsw_param=063a7caa-9fc5-4484-9d5d-a77bb0ad0283
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=063a7caa-9fc5-4484-9d5d-a77bb0ad0283&gdpr=&gdpr_consent=&gdpr_pd=
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=063a7caa-9fc5-4484-9d5d-a77bb0ad0283&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Location
//contextual.media.net/cksync.php?cs=1&type=bs&ovsid=063a7caa-9fc5-4484-9d5d-a77bb0ad0283&gdpr=&gdpr_consent=&gdpr_pd=
Date
Tue, 19 Apr 2022 17:08:18 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
/
dmp.adblade.com/srv/sync/gateway/ Frame A94A 		43 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.adblade.com/srv/sync/gateway/?cId=Medianet;__src=adblade
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.73.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-199-73-116.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:18 GMT
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
cksync.php
contextual.media.net/ Frame A94A
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=2933896971455429000V10
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=2933896971455429000V10
  • https://contextual.media.net/cksync.php?type=mf&ovsid=1ca2402a-447e-42f8-8192-efc498510f38&cs=1
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?type=mf&ovsid=1ca2402a-447e-42f8-8192-efc498510f38&cs=1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

location
//contextual.media.net/cksync.php?type=mf&ovsid=1ca2402a-447e-42f8-8192-efc498510f38&cs=1
date
Tue, 19 Apr 2022 17:08:18 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
via
1.1 google
710489.gif
id.rlcdn.com/ Frame A94A 		42 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/710489.gif
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
cksync
cs.media.net/ Frame A94A
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1
  • https://cs.media.net/cksync?cs=1&type=ttd&ovsid=5c721061-149d-4078-895c-afabf1a9fca0
45 B
621 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=5c721061-149d-4078-895c-afabf1a9fca0
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
HTTP/1.1
Server
23.54.200.27 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-200-27.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
P3P
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
45
X-MNET-HL2
E
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=5c721061-149d-4078-895c-afabf1a9fca0
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
199
sync
ups.analytics.yahoo.com/ups/58222/ Frame A94A
Redirect Chain
  • https://cs.media.net/scksync?cs=1&type=brx&ovsid=setstatuscode&redirect=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F58222%2Fsync%3F_origin%3D1%26uid%3D%3CDSP_USER_ID%3E
  • https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2933896971455429000V10
0
133 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2933896971455429000V10
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
3.218.90.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-218-90-66.compute-1.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:18 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=15724800; includeSubDomains
Date
Tue, 19 Apr 2022 17:08:18 GMT
P3P
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
Location
https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2933896971455429000V10
Cache-Control
max-age=0, no-cache, no-store
Connection
close
Expires
Tue, 19 Apr 2022 17:08:18 GMT
cksync.php
contextual.media.net/ Frame A94A
Redirect Chain
  • https://medianet-match.dotomi.com/match/bounce/current?version=1&networkId=57734&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dcon%26refUrl...
  • https://medianet-match.dotomi.com/match/bounce/current?DotomiTest=2c4cf754f1b11237&is_secure=true&version=1&networkId=57734&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=con&refUrl=&vid=03880981242933896971455429000V10&ovsid=AAAGd_FgUeIZiQMvtTsDAAAAAAA&expiration=1650474498&is_secure=true
45 B
458 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=con&refUrl=&vid=03880981242933896971455429000V10&ovsid=AAAGd_FgUeIZiQMvtTsDAAAAAAA&expiration=1650474498&is_secure=true
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=con&refUrl=&vid=03880981242933896971455429000V10&ovsid=AAAGd_FgUeIZiQMvtTsDAAAAAAA&expiration=1650474498&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
cksync.php
contextual.media.net/ Frame A94A
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=64&redir=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dmma%26refUrl%3D%26vid%3D038809812429338969714554...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=mma&refUrl=&vid=03880981242933896971455429000V10&ovsid=8328625e-ec82-4100-8d9d-2a3f9ab9d1e0
45 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=mma&refUrl=&vid=03880981242933896971455429000V10&ovsid=8328625e-ec82-4100-8d9d-2a3f9ab9d1e0
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
MT3 4335 2c68c00 master hkg-pixel-x17 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=mma&refUrl=&vid=03880981242933896971455429000V10&ovsid=8328625e-ec82-4100-8d9d-2a3f9ab9d1e0
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 19 Apr 2022 17:08:17 GMT
cksync.php
contextual.media.net/ Frame A94A
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Ddxu%26refUrl%3D%26vid%3D03880981242933896971455...
  • https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=dxu&refUrl=&vid=03880981242933896971455429000V10&ovsid=EJllit1C1NGRkR5
45 B
449 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=dxu&refUrl=&vid=03880981242933896971455429000V10&ovsid=EJllit1C1NGRkR5
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:17 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-0d17746c8d7c20569@us-east-1b@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://contextual.media.net/cksync.php?cs=8&vsid=2933896971455429000V10&type=dxu&refUrl=&vid=03880981242933896971455429000V10&ovsid=EJllit1C1NGRkR5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.php
contextual.media.net/ Frame A94A
Redirect Chain
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D8%26vsid%3D2933896971455429000V10%26type%3Dzem%26refUrl%3D%26vid%3D03880981242933896971455429...
  • https://stags.bluekai.com/site/23178?id=LSFN4nM5o-e6yiWDFWp8&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TD...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6Y3PNZ2GK6DUOVQWYLTNMVSGSYJONZSXIL3DNNZXS3TDFZYGQ4B7MNZT2OBGMV4GG2DBNZTWKPLNMVSGSYLOMV2CM33WONUWIPKMKNDE4NDOJU2W6LLFGZ4WSV2EIZLXA...
  • https://contextual.media.net/cksync.php?cs=8&ovsid=LSFN4nM5o-e6yiWDFWp8&refUrl=&type=zem&vid=03880981242933896971455429000V10&vsid=2933896971455429000V10
45 B
453 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=8&ovsid=LSFN4nM5o-e6yiWDFWp8&refUrl=&type=zem&vid=03880981242933896971455429000V10&vsid=2933896971455429000V10
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Server
23.50.78.169 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-50-78-169.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 19 Apr 2022 17:08:18 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
P3p
CP="We do not support P3P header."
Location
https://contextual.media.net/cksync.php?cs=8&ovsid=LSFN4nM5o-e6yiWDFWp8&refUrl=&type=zem&vid=03880981242933896971455429000V10&vsid=2933896971455429000V10
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
196
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usermatch
ssum-sec.casalemedia.com/ Frame F831 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0d50f67263714ab1e9f117b72c16f9dde48db1d35115c838278d61df26365a3a

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1732
Content-Type
text/html
Date
Tue, 19 Apr 2022 17:08:18 GMT
Dropped-Udsids
46|73|206|88|131|4|123|190
Expires
Tue, 19 Apr 2022 17:08:18 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&pxm=2&sgs=3&vb=14&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fs0.2mdn.net%2Fsimgad%2F3826706485224955577&i=BPI1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%23Vyt9.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-3gPfcs6wZ10QbMk%2BqjMratT%2F8IKBUGMSV3D%2B4hwCudYVWqlJ9ew2bEg%3D&rs=1-8mrC8H1EcAEJWg%3D%3D&sc=1&os=1-8Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=0&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&f=0&j=https%3A%2F%2Fapple.news&t=1650388097904&de=6816706611&cu=1650388097904&m=26&ar=bee2df476bf-clean&iw=23c8749&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=6434&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A628%3A628%3A0%3A735&as=0&ag=3&an=0&gf=3&gg=0&ix=3&ic=3&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=3&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=6&cd=0&ah=6&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=11590170%3A27523353%3A525643043%3A169412062&bo=2568040&bd=332460082&gw=bpi100914419959&zMoatOrigSlicer1=2568040&zMoatOrigSlicer2=332460082&hv=DOMSEARCH&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jh=-1&jm=-1&mr=0&ml=-&tc=0&fs=198121&na=507633363&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:18 GMT
usermatch
ssum-sec.casalemedia.com/ Frame 2062 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
21f716dba56c2a7a1ac88928e7299d8a5021eb45340f2bb10a3ee71733adf2c8

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1627
Content-Type
text/html
Date
Tue, 19 Apr 2022 17:08:18 GMT
Dropped-Udsids
73|46|130|88|191|190|31|221
Expires
Tue, 19 Apr 2022 17:08:18 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync
collect
stats.g.doubleclick.net/j/ 		4 B
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-87198801-1&cid=145265742.1650388094&jid=253601664&gjid=868635569&_gid=1549923057.1650388097&_u=aCjACUI7BAQCAG~&z=760537123
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 19 Apr 2022 17:08:18 GMT
content-type
text/plain
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 9649 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
10b8eecbae91b7dddfd8c8a0c4f7f3a72d2138be467287084aa0e85a7ee79e86

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
visit
events.bouncex.net/track.gif/ 		42 B
174 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLppGRl1AA4ATlVGF3o2AGUUADMUJBAneld3VQAyUAgYJAQ65D6kHBRzS0ZMBCEu8ChoCj4eNFN0BFgkUhw0yEhTYWpW4xp6OmO6AQvGARA+3kZ47LPaMEgCJABPJ9MQUwRePpQWQAtCB4mAgVkUKQBI1cidaDMetA+mACKRYJAQARMLocJJVMxmIi5ii0RisZh3nidETunN4vBXllgI0QCgbJYwDhKC5tNQVhgAPqQd6-GjUeRHajUBqkRDikLilC8QV0jm5CVyKUyqHy6WK6WNTHxSyCzCAjWS8WyvUS6ihQ1IY2m+IoSAINBvT76rXW3WW+3itJQuord4w8iq2bqhW+6WQJCwAMO6g2Ag7bI2RpRiAxn3am3J8VhiOkWMF-0KwPSuqwcglqGkHMgPOaityovSsArQUIYBYSC9rJQd1Ict+jtVlNgWA2Yc7P6C7E9S1xnWT-XV6ikAhoDAqnjjmuVzcpvvIQU7veLw-5ie2g3UXihwVIDkERJH6iYdOvhDK707WnWd53dFUEEhMhBSzRJ4mDTBJjLO9jw3IDxRnOcR0XCCUCgtBlQwSAKBsfY23vTtqAw0DsMgpt8JyUirRQh8tyorDwNo4VUEwbs3kgL9CyndCQPYodcKbd04J4SABAIASTzQrsRIXDjxMFMB4hALB4lXdsWOAzCVLEqDeH-OV5NQx82KMnCTPEwCmPXfTiyaFl3XfRJm1bRzBNPcVIHQXtLBybALOc6VTFclB4neQVTAIUxYFMLzLDCij4kwYymwwjSmhsZA0qE6UMvUqAEHU2dcpbArkKc9L4h7V1wi-BMkyK6hXlMLMkBS3TyPat5TJ6uo3iyQq-OlPo0EFfD3QqwywPGxSn3ec1h3iYVAoQYKByWx8pvABM3QpQVSz2rcppmt1yvWJCyOYijLtm8qZ3MFEIGxc6DOo1SoPi3hXReRi118iUXAAEWJGAHgICItO5XlxWAcdEYhx86mAfj83xehmDkIoimYEoXEfUBeHLHG8YJomXBKdRJHoSQSa3FA5PzVgt1IUwv22XZ9kOJ4nguAQrhuP57keA46BeL0vh+P4AWBUFwUhaFYUFibqBQYHjA5lNgFMZHscfcnatN5ax1q0YLAQCYpkYrd4kxinVFx-HCeJqyQHNyUgUkR80HiS223oIpHzG9mTe9r9JCZ6hVFcZhXbkdRmEkdQSmYen2tIZ3sddqmPZJiGOngZBVmwaAbEyIRkBwdJMhyUvEFQDBK-7JAPswPFCRYRhijKCp6Gb8u25gCw3RGpAshwFR+CEKQiTL1uB2gUzQB0kVfhwUywAiTqOgZGWciQaBgw07EO7AnAiQwAhoAeWBsA+B5TPr4wOjvh+CCfhN3lfhAch34iE-gge+j9n6rQtPXFA5peAoFAffA62IcAAEVgiIORB6Cka0EBoKTPleImDNIinwNiBMZlMHxReFCABOAfByBiMQ8hPABx0JEB-LIBA35EgELYFc3scDUCKAcKGgjKbuxpnTBmTMOjr1BAgcRccE4uCTq0VO6dM70w6AKPsWlri8DxB0RAABHJMmAdKCKJCaLS2BMQMQClkUweIC6SJKCI6gJRD7hAHKMEAHcu44ACmgOQci9E6R3sYn+SAIl8JsB0CuuBl5AA
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
clear
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pageview
events.bouncex.net/track.gif/ 		42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdPDKhACZMDGA9gLb1CuXqgCe9YDGCd2IfgFoY3Qgv4h08EO3oAyUJFgJE3ZMIFRtMEACN0EQpmIB2AELUqBiAH1cYmR5klFRUAGYahBCBVADCHiAc3rCEMHZRIUEe4eiR0XEh2rjK9t4AdvLpVJkh2bkZsfGoRdwl3CC4EGCiEhkUWRGV1PlU2BqhoGJa6OhJMClpgX0huKjIgw0hNrz4Ajbas-P2i8FhA3keE1Pox-0568OhyNOXGjPJqUe9J7X3HoSg3mgEFKuEB-Bg+AgqBuNTO9WGhGQNnBkMSvFKKQ6MNOd3OIXQvDAkESMFK2J+eKoQNQ3gJRM43lJ5LhVQ2VA4428qDsvG4AGtsaVtlyIAkeqyEUiUR1EhB1DAZnt+dxRqVShBrl9bnUJX8pRCZWCQArvGAEpBcOhbCQtbDcfC9ciDQy5caZmb+A5mfbdSFEU7UUaTSsQBjgKJcN6dUNHdKXfKZh0VaTcPBeFHfn79YHXSbCNw4KVuIMljjo2z-XHZQnvBxRTkM5TK87q27a27xdUy5nPKgYJYOjz+QcPiXviyY8twID7J6QY2HSFgH3LNwxN5w8BkMARwtbd3KdxSkGZv7832bFCF76qEfvJifGfuBer-uKYvb9wAW10DBsSs1kpERgD2Gl3j3KpS3fG9RDrGlQlEQQ3wnNl2DAU12kfbMZWvSd2TEcpwW4Xxpw1OVgUjZCfTwtC5hDIp0W8K5cNQzoMI6bw0E1SDx2o1j0LNDjEWAZcHBSdEWMlANDVzGZww4NphBtHjtUGZwABF9HAaA4CQPheD5OAUgALwgTAADZzIABl0fheDrTAbPgCAbAfGAOEwKgAA4qAAVl0d4ig8gBGczfKs0gvK8qyAE5nBigAWYLfOC5xdDrWBi3czBgtSqhzNIZwrLC0gEqs4KEpiqykq0wxdOy4LdEiABHNYiwgBrdBaQt8BgT1hHkYAcrCiKotinzSCoLrfwokApCgKFxNKTBcHAUh0p04tMA4JreDQLbnJsXRtJBTAzChIA
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
clear
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
article_view
events.bouncex.net/track.gif/ 		42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/article_view?wklz=IYJwLglgxgNgpgXgKQHYBCSBMmkBYAMYAngA5xY4DMAghaJLOdlgMIXFkVI13jTxdMbbJDADmPbAAUIZACYg4wALZZ8AWWAwA7qHKT8AMThyAzmoCqAOygB7AG5wQagOQBlbRFPnM+aiGUiNQBpKwgAMzgXNXDbZ18ASSs5AFdTMBAILTU3InS4VV8ACWAoAGsIKwBzQWFMFJAYLklMAAswMBJzSUMsQ20BgDpPRTlBu0LDdLigzEMSWRNFFQBaaFMV5S1dRT7aiggtqqYqWmx2zu6z3rnlEyzhiFHx20mSVtswWx9DADZMACsAA4UCgAJy4YByIG-X7AXBQAEAgBG4OwUD6AEYwZjuNRMfh8H1tAB9TGYIFEoRQEkwQ4QMB9NwAURJbjgNIA4nAOkQEkc4BtyZRKLgwUDMChMIMAFYkGrMIQUEgpZFyYBgE54ii+bArfC4FaYygAFUxALxAKJNFwQMGAMl+tweMJ+2wckFUEyJEgtiszTOmBNrSY+C2Oj0ai+thgFUZSt8ZSstm0-t8wB8+Bk8mWhWE+C8ajIIFawC6UZDamU33j+EcIFMGog4kIthjajg9arUNDXyjoGOta9DOg2V8lXCIAzGRSUDADVDdLKoZIKacaiqmTMamAyTUtmbakU4UqTgggsGbswwBSYA+8VOFGoyVm+E5ijgVmRTgVOATmGXIhtDibcJFoAEMHRIhvynDpSjKTNdzkNRS3KHw-zqKwmz9Md8FMDkGgZWYMIoKBoKcfCoEI4gr3DHYtX-VCKmqK8QDSUwsivTUAA8wGAZEHDgeBwjAUxwyaRU6m0OBkS4AEABFWAoSjfTTR9sEo6jiKU7BkWWOQvRSZRkXQ7UIKQBSdMwGBdyqFJgGOAMKE-FYLDcLgUHkgAyasPQQfAvOkkyGTgCA5AQClAS8+wvBHcLMV+K1KCBSkwXBXBzUxFAvI9GKoFC+KsswX5KBQfBEtFfBMTFA1MS8kgHM7c9PHirz8IARxST98rCiKvNgc8rA6Q5BT45QSAQBKkpS-BxUwUV+rpT8+IWesOL9BA+KqSgcqa-KEDkNrbAafagq8xqhoQNInCAA
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
clear
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 2123 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
146713
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 18 Apr 2022 00:23:05 GMT
expires
Tue, 18 Apr 2023 00:23:05 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
365868.gif
idsync.rlcdn.com/ Frame D96F 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/365868.gif?partner_uid=51128452588216843153317871896908876551
Requested by
Host: condenast.demdex.net
URL: https://condenast.demdex.net/dest5.html?d_nsid=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-87198801-1&cid=145265742.1650388094&jid=253601664&_u=aCjACUI7BAQCAG~&z=1176302769
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-87198801-1&cid=145265742.1650388094&jid=253601664&_u=aCjACUI7BAQCAG~&z=1176302769
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame F481
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&us_privacy=1---
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=erGdqNmFSXyrqyGa_wTDSg&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=erGdqNmFSXyrqyGa_wTDSg
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=erGdqNmFSXyrqyGa_wTDSg
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
1MDCJ0HF1QC5X7BKY03V
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=erGdqNmFSXyrqyGa_wTDSg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
8f31d5fb12ac7ec11f837ad8263e0f6c
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame F481
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&us_privacy=1---
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/0guA-N7ElaCAvcVse6GmAcn5EUdSAgOZEtemQ7w0kco?csrc=&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6647128864047092937
42 B
703 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6647128864047092937
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
8f31d5fb12ac7ec11f837ad8263e0f6c
Content-Type
image/gif

Redirect headers

date
Tue, 19 Apr 2022 17:08:18 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6647128864047092937
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
pixel
cm.g.doubleclick.net/ Frame F481
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n&us_privacy=1---
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Mjc4MWQyNjNmMzUzNTcwNTk0YTg0ZGE2ODVlNTY4Yjk5MTI2NDAyYw&us_privacy=1---
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Mjc4MWQyNjNmMzUzNTcwNTk0YTg0ZGE2ODVlNTY4Yjk5MTI2NDAyYw&us_privacy=1---
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Server
142.251.40.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=Mjc4MWQyNjNmMzUzNTcwNTk0YTg0ZGE2ODVlNTY4Yjk5MTI2NDAyYw&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a414d61fde5a538d1bc5c621aec59518
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
709414.gif
id.rlcdn.com/ Frame F481 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif?us_privacy=1---
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
pixel
cm.g.doubleclick.net/ Frame F481
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470&us_privacy=1---
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDI2RUdKREMtMUstOFRaSQ==&us_privacy=1---
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDI2RUdKREMtMUstOFRaSQ==&us_privacy=1---
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Server
142.251.40.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDI2RUdKREMtMUstOFRaSQ==&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a414d61fde5a538d1bc5c621aec59518
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
dcm
aax-eu.amazon-adsystem.com/s/ Frame F481 		43 B
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&us_privacy=1---
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.125.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
08P4FNR5SQGSP87DJYRZ
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
v1
ads.yahoo.com/cms/ Frame F481
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594&us_privacy=1---
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L26EGJDC-1K-8TZI&sigv=1&esig=2~51fe7cad0952da05831a58ff45dc467c18ac36f1&us_privacy=1---
0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L26EGJDC-1K-8TZI&sigv=1&esig=2~51fe7cad0952da05831a58ff45dc467c18ac36f1&us_privacy=1---
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
2001:4998:14:800::1001 , United States, ASN14777 (YAHOO, US),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:18 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L26EGJDC-1K-8TZI&sigv=1&esig=2~51fe7cad0952da05831a58ff45dc467c18ac36f1&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a414d61fde5a538d1bc5c621aec59518
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame F481
Redirect Chain
  • https://match.adsrvr.org/track/cmf/rubicon?us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=5c721061-149d-4078-895c-afabf1a9fca0&gdpr=0&gdpr_consent=&expires=30
42 B
703 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=5c721061-149d-4078-895c-afabf1a9fca0&gdpr=0&gdpr_consent=&expires=30
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
8f31d5fb12ac7ec11f837ad8263e0f6c
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=5c721061-149d-4078-895c-afabf1a9fca0&gdpr=0&gdpr_consent=&expires=30
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
289
crum
dsum-sec.casalemedia.com/ Frame F831
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5068312605290501509
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5068312605290501509
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
1048ab92-d5ec-44b9-8895-f44a9fa7216f
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5068312605290501509
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame F831 		43 B
988 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB?gdpr_consent=&us_privacy=&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a07:3856:31e7:dd7:3c3d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:18 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame F831
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB&gdpr_consent=&us_privacy=&gdpr=
  • https://pr-bh.ybp.yahoo.com/sync/casale/Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB
43 B
988 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Server
2600:1f18:4e9:5a07:3856:31e7:dd7:3c3d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:18 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff

Redirect headers

location
https://pr-bh.ybp.yahoo.com/sync/casale/Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB
date
Tue, 19 Apr 2022 17:08:18 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
rum
dsum-sec.casalemedia.com/ Frame F831
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yl7sfwAAAHRrhARA
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yl7sfwAAAHRrhARA
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 varnish
server
Varnish
x-timer
S1650388098.331330,VS0,VE0
x-served-by
cache-yul12832-YUL
x-cache
HIT
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yl7sfwAAAHRrhARA
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
crum
dsum-sec.casalemedia.com/ Frame F831
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b20&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&cm_callback_url=https%3A%2F%2Fdsum-sec.casa...
  • https://s.tribalfusion.com/z/i.match?p=b20&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&cm_callback_url=https%3A%2F%2Fdsum-sec.ca...
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=131&external_user_id=18072662286960592625
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=131&external_user_id=18072662286960592625
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
cf-cache-status
DYNAMIC
x-function
209
server
cloudflare
x-reuse-index
13
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6fe73dcf99a7ca53-YUL
p3p
CP="NOI DEVo TAIa OUR BUS"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=131&external_user_id=18072662286960592625
cache-control
no-cache, private
content-type
text/html
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame F831
Redirect Chain
  • https://ad.turn.com/r/cs?pid=21
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8304346631304572768
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8304346631304572768
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8304346631304572768
pragma
no-cache
date
Tue, 19 Apr 2022 17:08:17 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
rum
dsum-sec.casalemedia.com/ Frame F831
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=68
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=5to5rgL6Q2h9Yby7FOQQFZU4mbo
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=5to5rgL6Q2h9Yby7FOQQFZU4mbo
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=5to5rgL6Q2h9Yby7FOQQFZU4mbo
Date
Tue, 19 Apr 2022 17:08:18 GMT
Connection
keep-alive
Content-Length
122
Content-Type
text/html; charset=utf-8
crum
dsum.casalemedia.com/ Frame F831
Redirect Chain
  • https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID
  • https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=5068312605290501509
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=5068312605290501509
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
1d0cd163-c85f-49d3-8d1f-ae820d445580
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=5068312605290501509
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
htw-pixel.gif
js-sec.indexww.com/ht/ Frame F831 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?Yl7sgEQk4ZWFQV1vkhZJgwAA%26464
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:18 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"902a3d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=1377
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:31:15 GMT
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CONDEVIDEOCONTENT1&hp=1&wf=1&ra=2&pxm=3&vz=-&zp=0&sgs=2&vb=14&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=8&f=0&j=https%3A%2F%2Fapple.news&t=1650388097944&de=940517206906&m=0&ar=bee2df476bf-clean&iw=6ed63da&q=11&cb=0&ym=0&cu=1650388097944&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=A%20Timeline%20of%20Russian%20Cyberattacks%20on%20Ukraine%3A%2F3379%2Fconde.wired%2Frail-player%2Fsecurity%2Farticle%3Aundefined%3Aundefined&zMoatVideoId=6230c6615577c237274617fc&zMoatAP=true&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&zMoatOrigSlicer1=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&zMoatOrigSlicer2=N%2FA&zMoatDomain=wired.com&zMoatSubdomain=wired.com&gw=condenastjsvideocontent160527792519&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A628%3A628%3A0%3A735&fs=198121&na=211929952&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:18 GMT
l2o4cWLNalU19nN7vA12WZhb1qS4KDqIWPmZT-glBuk.js
pagead2.googlesyndication.com/bg/ Frame FC78 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/l2o4cWLNalU19nN7vA12WZhb1qS4KDqIWPmZT-glBuk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
976a387162cd6a5535f6737bbc0d7659985bd6a4b8283a8858f9994fe82506e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 01:37:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
574269
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13574
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 13 Apr 2023 01:37:09 GMT
Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 2062 		43 B
988 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/Yl7sgEQk4ZWFQV1vkhZJgwAAAdAAAAIB?gdpr_consent=&us_privacy=&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a07:3856:31e7:dd7:3c3d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:18 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
crum
dsum-sec.casalemedia.com/ Frame 2062
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5068312605290501509
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5068312605290501509
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
459289e4-bff8-4cf0-8ec0-1b4ebcf5c1d9
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5068312605290501509
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 2062
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ie
  • https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AADaN07EvdkAADk7cukj0Q&expiration=1651597698
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AADaN07EvdkAADk7cukj0Q&expiration=1651597698
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AADaN07EvdkAADk7cukj0Q&expiration=1651597698
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
rum
dsum-sec.casalemedia.com/ Frame 2062
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yl7sfwAAAHRrhARA
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yl7sfwAAAHRrhARA
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 varnish
server
Varnish
x-timer
S1650388098.374833,VS0,VE0
x-served-by
cache-yul12832-YUL
x-cache
HIT
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yl7sfwAAAHRrhARA
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
rum
dsum-sec.casalemedia.com/ Frame 2062
Redirect Chain
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=96de184a-9f77-a3df-5de641ec
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=96de184a-9f77-a3df-5de641ec
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
server
nginx/1.20.2
access-control-allow-origin
*
p3p
CP='This is not a P3P policy!'
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=96de184a-9f77-a3df-5de641ec
cache-control
max-age=3600
content-type
text/html; charset=utf-8
alt-svc
clear
content-length
146
crum
dsum.casalemedia.com/ Frame 2062
Redirect Chain
  • https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID
  • https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=5068312605290501509
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=5068312605290501509
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
d022c0a7-0bc4-472d-b1d0-9824ef145cca
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=5068312605290501509
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 2062
Redirect Chain
  • https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ7036744981805404043&uid=Q7036744981805404043&ref=%2Feucm%2Fp%2Fcc
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=31&external_user_id=Q7036744981805404043
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=31&external_user_id=Q7036744981805404043
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:18 GMT

Redirect headers

Date
Tue, 19 Apr 2022 17:08:18 GMT
Server
Apache/2.4.6 (CentOS)
X-Powered-By
PHP/7.3.33
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=31&external_user_id=Q7036744981805404043
Cache-Control
max-age=31239
Connection
keep-alive
Content-Type
text/html
Content-Length
154
qmap
sync.crwdcntrl.net/ Frame 2062
Redirect Chain
  • https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=Yl7sgEQk4ZWFQV1vkhZJgwAA%26464&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=Yl7sgEQk4ZWFQV1vkhZJgwAA%26464&gdpr=&gdpr_consent=&us_privacy=&ct=y
49 B
543 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=Yl7sgEQk4ZWFQV1vkhZJgwAA%26464&gdpr=&gdpr_consent=&us_privacy=&ct=y
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Server
18.207.82.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-207-82-126.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.14.83
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://sync.crwdcntrl.net/qmap?c=6725&tp=INDX&tpid=Yl7sgEQk4ZWFQV1vkhZJgwAA%26464&gdpr=&gdpr_consent=&us_privacy=&ct=y
cache-control
no-cache
x-server
10.40.0.123
content-length
0
expires
0
htw-pixel.gif
js-sec.indexww.com/ht/ Frame 2062 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?Yl7sgEQk4ZWFQV1vkhZJgwAA%26464
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?us_privacy=1---&d=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:18 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"902a3d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=1377
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:31:15 GMT
ads
pubads.g.doubleclick.net/gampad/ Frame FFC4 		47 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?slotname=%2F3379%2Fconde.wired%2Frail-player%2Fsecurity%2Farticle&sz=640x360%7C480x70&ciu_szs=300x60&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dmoat_unsafe%252Cgv_crime%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26env_device_type%3Ddesktop%26ctx_template%3Dmt_article_two_column%26content_type%3Darticle%26ctx_page_channel%3Dsecurity%26ctx_page_sub_channel%3Dcyberattacks-and-hacks%26sub_sub_channel%3D%26env_server%3Dproduction%26ctx_cns_version%3D6.57.0%26ctx_page_slug%3Dpipedream-ics-malware%26cnt_copilotid%3D6256eb35dcd4a10f9e523401%26cnt_tags%3Dcybersecurity%252Cmalware%252Chacking%252Crussia%252Ccyberattacks-and-hacks%252Cnational-security%26fastly_geo%3Dca%26usr_bkt_eva%3D21%26usr_bkt_ses%3D82%26usr_bkt_pv%3D57%26usr_pvc_bs%3D1%26usr_pvc_24hr%3D1%26usr_pvc_30d%3D1%26usr_svc_30d%3D1%26ctx_ses_soc%3Dnone%26ctx_ref_soc%3Dnone%26ctx_ref_url%3Dapple.news%26usr_auth%3Dfalse%26usr_segments%3Dco.w2216%26cn_metrics%3Dcmr_high%26vnd_prx_segments%3D121100%252C131100%252C131127%252C230163%252C230003%252C230161%252C300003%252C210001%252C240000%252C240002%252C240004%252C240001%252C240005%252C240006%252C240007%252C240008%252C240009%252C240011%252C240012%252C240013%252C240014%252C240017%252C240015%252C240016%252C240018%252C240019%252Cmiovit%252Ceuwba9%252Czlqtg4%252Chz8lgh%26vnd_4d_cached%3D0%26vnd_4d_ctx_sg%3D%26vnd_4d_ctx_topics%3D%26vnd_4d_ctx_entities%3D%26vnd_4d_ctx_keywords%3D%26vnd_4d_usr_topics%3D%26vnd_4d_usr_wt%3D%26vnd_4d_xid%3Dc0aa10cc-32ef-4371-a838-e477580f9efd%26cnt_cm%3Dcm_pay_ent_sample%252Ccm_pay_scope_none%252Ccm_pay_ent_sample_cnt_1%252Ccm_pay_ent_sample_max_4%26vnd_4d_sid%3D8eaeadd8-b23f-4df8-8692-888f7fc5dce8%26vnd_4d_pid%3Db8c5454f-ed15-4054-8d4c-c698d3ec1f22%26ctx_line_items%3D%26timeout%3D500%26height%3D208%26muted%3D1%26right_rail%3D1%26sensitive%3D0%26series%3D5e30812e42b5f06e7765e942%26width%3D370%26feature_flags%3Dsticky-player-rail&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&unviewed_position_start=1&output=xml_vast4&env=vp&gdfp_req=1&ad_rule=0&video_url_to_fetch=https%3A%2F%2Fwww.wired.com%2Fvideo%2Fwatch%2Fwired-news-and-science-a-timeline-of-russian-cyber-attacks-on-ukraine&useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F100.0.4896.75%20Safari%2F537.36%2Cgzip(gfe)&vad_type=linear&vpos=preroll&pod=1&pmnd=0&pmxd=30000&pmad=2&max_ad_duration=30000&vrid=1187211&ppid=c0aa10cc32ef4371a838e477580f9efd&correlator=2476003462275936&cmsid=1495&video_doc_id=6230c6615577c237274617fc&kfa=0&tfcd=0&sdkv=h.3.510.1&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&u_so=l&ctv=0&us_privacy=1---&sdki=44d&ptt=20&adk=1550838534&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.510.1&sid=2A2B0175-414C-410C-823B-11E06384C7A2&nel=0&eid=44758348%2C44761692&dlt=1650388095002&idt=2515&dt=1650388098319&cookie=ID%3Db1d44f49b8b413d5%3AT%3D1650388093%3AS%3DALNI_Mbp1e38ciDp26q0_SlcWfCK-cav3A&scor=3623685854296622&ged=ve4_td3_tt0_pd3_la3000_er1477.1067.1630.1367_vi0.0.1200.1600_vp0_eb16619
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.510.1_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
cafe /
Resource Hash
6139a33881ea05e49f7b9472cbcd2263a1ea6b9473058a19aab1587561fd4c7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:18 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6863
x-xss-protection
0
google-lineitem-id
5297377134,5277835878
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138300140330,138363094784
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
log
c21lg-d.media.net/ Frame A94A 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c21lg-d.media.net/log?logid=kfk&evtid=cs&origin=1&pvgid=data-con&ovsid=e17f9c0d-739d-4247-8863-a8ca08947a4c&cs=15&vsid=2933896971455429000V10
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.35.v20201120) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
server
Jetty(9.4.35.v20201120)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Tue, 19 Apr 2022 17:08:18 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 8918 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstQKTpA7WicwwEzb4kMQvnH73b677It7dJmQ4E5eZa0ER5xK6bKSvfyB-_6sSA2Fm_ohaiT18fvbOEd1ZmoMQOg4p8hh1k6lsbcAHSIBVz8f5kDP2hI&sig=Cg0ArKJSzPDySIA0PfWgEAE&id=lidar2&mcvt=1047&p=42,1228,236,1528&mtos=1047,1047,1047,1047,1047&tos=1047,0,0,0,0&v=20220418&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3527217923&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650388096311&rpt=919&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame E9EF 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsugWyd4HJa7X-sUtulPiDlbRzo8eplD4nhePMpzpTQTCBUB5fclL7QVkQkHDqsBInSAIktW9SfWmTknnp10q5W_43U9pDdwBcuKNUCvdW13TbNt5xPM&sig=Cg0ArKJSzJ3VS3eRhANxEAE&id=lidar2&mcvt=1050&p=8,1448,48,1528&mtos=1050,1050,1050,1050,1050&tos=1050,0,0,0,0&v=20220418&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=2667067849&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650388096223&rpt=989&isd=0&lsd=0&met=ce&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
log
c21lg-d.media.net/ Frame 76F8 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c21lg-d.media.net/log?logid=kfk&evtid=cs&origin=1&pvgid=data-con&ovsid=e17f9c0d-739d-4247-8863-a8ca08947a4c&cs=15&vsid=2933896971455429000V10
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU65UN7R&prvid=2033%2C2030%2C273%2C2027%2C159%2C2026%2C117%2C97%2C99%2C56%2C59%2C3012%2C3011%2C3010%2C201%2C3007%2C246%2C4%2C126%2C203%2C326%2C9%2C171%2C173%2C251%2C175%2C132%2C178%2C3018%2C3017%2C214%2C3016%2C3015%2C337%2C338%2C77%2C182%2C184%2C261%2C141%2C188%2C222%2C225%2C226%2C10000%2C80%2C108%2C229%2C307&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-72-10.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.35.v20201120) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://contextual.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
server
Jetty(9.4.35.v20201120)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Tue, 19 Apr 2022 17:08:18 GMT
ibs:dpid=481&dpuuid=L26EGJDC-1K-8TZI
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://token.rubiconproject.com/token?pid=6404&puid=51128452588216843153317871896908876551&gdpr=0&gdpr_consent=
  • https://dpm.demdex.net/ibs:dpid=481&dpuuid=L26EGJDC-1K-8TZI?gdpr=0
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=481&dpuuid=L26EGJDC-1K-8TZI?gdpr=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-1-v028-0a9c8e5c6.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
OD7KK2i+TtE=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=481&dpuuid=L26EGJDC-1K-8TZI?gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a414d61fde5a538d1bc5c621aec59518
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
jCkUzW4MJun-Op3iOFNjK-GGKJG_m8_dpwU-GZUxlWM.js
pagead2.googlesyndication.com/bg/ Frame 2123 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/jCkUzW4MJun-Op3iOFNjK-GGKJG_m8_dpwU-GZUxlWM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8c2914cd6e0c26e9fe3a9de23853632be1862891bf9bcfdda7053e1995319563
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 01:01:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
403632
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13627
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 15 Apr 2023 01:01:06 GMT
ibs:dpid=134096&dpuuid=2022041917081800066670765697
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://x.dlx.addthis.com/e/demdex_sync?na_exid=51128452588216843153317871896908876551&ru=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%3Cna_id%3E%20
  • https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022041917081800066670765697
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022041917081800066670765697
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-1-v028-09a8bf43f.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
7kqM1z/BT5Y=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022041917081800066670765697
pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
cache-control
max-age=0, no-cache, no-store
content-length
0
strict-transport-security
max-age=2628000
expires
Tue, 19 Apr 2022 17:08:18 GMT
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A18.530Z&_t=impressionViewable&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6400&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22nav-cta%22%2C%22size%22%3A%2280x40%22%7D&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:18 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A18.543Z&_t=impressionViewable&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6400&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22nav-rollover%22%2C%22size%22%3A%22300x200%22%7D&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:18 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
activeview
pagead2.googlesyndication.com/pcs/ Frame 3419 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsveBXsb4pqgs-z3Ijoh5KqnSPiArz8a7lmtFCblhkL1LO5nlivzVZbIzxnR62pJ1K9P7ssLu15_dS--KNtbwVctIn-oMdAb3qZj4oPRVOgW8PWLVkhA&sig=Cg0ArKJSzF-_zV2GkI0gEAE&id=lidar2&mcvt=1042&p=900,0,1200,1600&mtos=1042,1042,1042,1042,1042&tos=1042,0,0,0,0&v=20220418&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1058725820&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650388096265&rpt=1219&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ibs:dpid=540&dpuuid=2fd282df-41d0-44d6-9e93-1cf49faa06bc
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D540%26dpuuid%3D%24%7BTA_DEVICE_ID%7D&partner_device_id=51128452588216843153317871896...
  • https://dpm.demdex.net/ibs:dpid=540&dpuuid=2fd282df-41d0-44d6-9e93-1cf49faa06bc
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=540&dpuuid=2fd282df-41d0-44d6-9e93-1cf49faa06bc
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-1-v028-0bb5da5d5.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
8N4cY694RIk=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=540&dpuuid=2fd282df-41d0-44d6-9e93-1cf49faa06bc
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A18.710Z&_t=impressionViewable&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6400&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22cm%22%2C%22size%22%3A%221280x300%22%7D&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:18 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
gen_204
pagead2.googlesyndication.com/pagead/ Frame FC78 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B9iQxgOxeYuikMaKUoPMP9ouIiAsAAAAAOAHgBAI&bg=!wsGlwYXNAAZvJBiFTyQ7ACkAdvg8WowfAzIXG1SgPhdMWycz_bo0nx870GWbi5RGhL-bU8uI-chdGQIAAAD8UgAAAANoAQeZArMK01lC-4H3-J6kyN-Zlxl-4jCz0dtTAP4lwcEofdJ3oLIS1-xOWx2TMMUwrtQcBgR2GRhWoLVB3ZI85a3XIzHfadvtSWDr0mTOUnVUXZ32RubUCQ1n7tBeVZG_3BWYlN0gGfXw-LOh84NRvgXmoIsOvnlZGO3lyQhEdU27hLvbveT50CQwRwUbBiiuL-dmLZ1QHXgcF-REfOKyhzZJgpCfGlovugX3VmVEthWSRGlnx4AiqwRMhfWi2ksx39UVRwRXBx-6FoBV8o8MBOtwstZvXPzAFteRnzqZYGsJA06N4wtjuHWMcPYoVYo1KgI4wE8dlF7s_UI9eEd-KkCGnx7KSeba3TVL0Xjq2JsphpTM155bZ3neLZtV2_2j9rXdf7kKbpzfy10cOr8bmJOtpbdICepxZX4tRIKAnPkkS9PEjqrcJ5xNocgxWlZ9eBT80pOYFelQE5X8KSfgStJ0GatweGYMkWiLbCZ8Zyw2SS6UPjMF2Rs5G1ua5TWb0CepatX_qmO58Cg0yReIQAYLyOQ73pP-sdxsCj0krVZUKh8g7gmEKcKAmj3eqRYJqNYfmDqXvQzhjcasygOKcEu2BFN1vLh26UwM0fSffbuWfZ6mInRwwqzVJ6D9aqA8PRMaZtOV1mqb5uigfl4EksMt10RcchbfiMCrHaDf6lm8PnzqW2zxBWDYavpuiozzK9kSlS9HuG4Yyeu6HxqwC4k19zJKGR2300iBDIWcgde4FNmOj60qxKwI9lZUX6kTmZwAMnVLs8oDMxK9-xeGjQXwU7C4vYces7ApmFkfHdgt55GpSQgS8UX0NTabRh8cZPPK1KYtpS03sBEIMhP58vZubENUQKdUYu-_fE9ePaz9xjVWRtZDO_wiBWi8kNTQ1FdSyWunar7fWwx7dGJSX-rxbr5I9hkG
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 3DF1 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuYMS5MwtCFJ_Elqnxpk-581UseK7wVcfx06m1-KKr5mOLLHR_mJYCu7PsKh7X2fgU_HrhLgzLBwhsKNSMWZ_zrZcbFKW_f&sig=Cg0ArKJSzJ1keSWHz2hIEAE&id=lidar2&mcvt=1022&p=0,0,90,728&mtos=1022,1022,1022,1022,1022&tos=1022,0,0,0,0&v=20220418&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=32&adk=545849083&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650388095165&rpt=2534&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 3DF1 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst9joE0HnBr25l45x7McFU_gylozaEiZFus3P2lYo_gyUaM6NOBM8nkSCfwFN73im3KhzG2wwpE3dbHq0AUz41adeqamaAJyO2KwOYuNbcgiCb7KeBv&sig=Cg0ArKJSzFn-Bs39SIPPEAE&id=lidar2&mcvt=1024&p=61,436,151,1164&mtos=1024,1024,1024,1024,1024&tos=1024,0,0,0,0&v=20220418&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=2032318971&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650388095165&rpt=2532&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ibs:dpid=601&dpuuid=2039278594377&random=1650388099
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://dp2.33across.com/ps/?pid=897&random=1537207210
  • https://dpm.demdex.net/ibs:dpid=601&dpuuid=2039278594377&random=1650388099
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=601&dpuuid=2039278594377&random=1650388099
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v028-0effab19a.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
ucZGV+EaSgA=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:19 GMT
referrer-policy
unsafe-url
server
33XP005
x-33x-status
200004000C
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://dpm.demdex.net/ibs:dpid=601&dpuuid=2039278594377&random=1650388099
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2123 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BsqoqgexeYq21JfWRoPwPmfWAmAoAAAAAOAHgBAI&bg=!lpWlldHNAAZvJBiFTyQ7ACkAdvg8WjNYGUphdP6W1VGI0ZdTdvDjoZ6VTyBHuIrPMEc4vTWXrAC7DwIAAAEEUgAAAAJoAQeZAvIyHfJFa7lF2nmD5355PX6x-eI2pIat8yHB4E1e8LemfW_6YMFLchyat612csSvVSvrSn3eoayuDMsWxdj2xaWegfn9WWqRPcXW5-B1q7LXM3FuTDm7jKZ7pV5UVgWsXI2rTg-yNbODvD3LyBzINXi1fC4FXAHIBKfe19x67fYNRUl7AxlpxH1HArRfXE0DHEFZuJ7KWYHZPinjH43OZ5QdbiADLrlNjqBjnwV7niUwCWVaOzy5487Rll5n30vulCUhZzc9UuPVMQbFP05tQ_T-fguwYOsRj9ml_T80aM5StRJE0A9YIDryIW3wF2RFkuws4rbhAD0Ffj03PBBJsSSlJWoe9fMfeBWQKxsLZhjPrNZC6hREL9rqnZrJUNqSl5UzsLx0rv4fvduMSjRC-3NjWjocz_-tSgi-5e-WEPDwS7_XVTfin_4zm93Z1XrTgDaGlcQczo_1fKeB2stcTK_8f88SQJbwd7SVS2Ra8b4sJIk-7c4alpF8iQ_7nKUXWKtnMfEsWsfGQtYBOVKDbF4E11ruoEcYPVjBi6Bcmc-gUcJ666DE1cZAAEtNw3jryQ9XCAYTdOzcYw1M1vk4-dOeMJiA3dlZZU-7k11t7xFfEbU8p5tW7_RwFcAoh3ABNzbngGrHZfC5x_NHbrKcHM2cVH6n-7X186H5SR8_P4zI4JiFR6VLDpYe6fdnJytrEq-9oYfEJRza5ouPZdFiD4F1_VjQzjscv4SDSdc0O7hiRbqsUZRW3yNlzPmem13My7ZU8KXfPa2q7SHVhoxhIkRGCmtm96CmEcfBKc5Zbr_46KzhS_F55_FjLGQSgIjt-oMUyg5J5BMtgt50OzOb0riQuwkLEGReuucatX0MDaKf_G6Q2Xe9TNc6Yy9NrlXT7EB5tLm6SJsb58uonKTigh_I_aDa1aAAqzN0rODLG4gI-eys2qRJhoNUQJfFJNDqq_NrmNx_ziKt24K-XeDYKjqz-8UnrsUo4PIxpnjsF8jkfGc1
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
2825
dfp.bouncex.net/pub/ 		6 B
177 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dfp.bouncex.net/pub/2825?li=5960647119|4884048123|5276770044|5966601000|5966601018|5968630460|5968630454
Requested by
Host: api.bounceexchange.com
URL: https://api.bounceexchange.com/bounce/init1.js?wklzs=1306&wklz=C4ewVgigvArgdgEwKYDMCWckIGQGNgDOUAjAGwCsADAMwActlAnAOy2m3bABeIUl2AdyQAjAmmBIA+mgRQATLTnlsAJyQEQAGxjA0IOCVKVKAD2Jzjq1EhVqVUAIYAHJ5qQA6TAIJ4HmzRgA5pIwKppQABbAwE4EAKTUAIJxcgBiKakCWe4CaGoI7rggALYZBKAqAJ4ZTmhOWGoOxQC0aLgEzcV+Ag5qGdgAbmhiwJJFIADWaEhQccwAQilymk5LCclyclEx8UpJKeRpB2lZAjl5WIUlx6nlIFU3tfUIjS1tHV2aPX1KR5spAGElio1vtNs5XB4vLs5HMACJ4ECTaazBZLAag5JozYEGDCYriCQIST6EZITEoPwEclyIGbJADGySTQgQKBLDSOAUqk0ulyXH4wkcpBdNCaSTCBy4Ca4CIOOCYTTczTUwFLAUE6LC0XiwIOBDs4CaByiZWq2nqvGaomSEUOMWSPXFdRm3mWwVa4l2h3AFTyghOe7AV1qnFWoVenWSCSyjDAAQgEMWsMem3e8UEXDTOC4GmwpKUlVulPW7X28XIKlJvkaiO2qMIcvVf4FnmhuS4XBOBxjPxoTG+mDFuRqYJ6iSSWue6vApBjhwT0JKluJQvmmvhz318uSQMIXAOcow9Zr8nMOHwwa9AgAbW77OjlXqAF0oKerypb-rJEMxMI3K+74DNeN69LouBuJIcBNEggE8h+X4qOBkEHhIgT3JUcFFghN5ypoKDdpUPT+D+wxoP+sFQIOSA4cIIDRCUkoqKRf4AW+8HAZ+d4OERfiaFh1I4SgMD+IRxHir+5FsUBIEBj2DJIHAowikKKgCTRnG3lONqkuIlEyVxLJshyGDqThCnMUZ7LEqZ7HYZpN4IARkgqP+IDSq+cD0S5SD6pUOHaWWDqStKsryoqZkOYFkY7nqBpIEaJoEJFsmbmmUZOuoKVcdF24+n6cABkG2VaWlQXijGERxgmJU3rl6aTlmim5rV9UNr5KqtWVMUOo2YqYXZgkOU4KhoMBEhudKLFSfpHEgcADjBEgbjOkptUjWNUqVLuIBODATjTRRtW4HAeUZnimajcINjHadZKThduBXTdg0aSBnbdr2ASvtROGgE4TGHdJc1cfcyDMSg9zFLVo6OguUjRbVCCVNBBK4NGi22itinADDc7DL6C56Kd4l4-Oi5hGTcMTriLhqAQYj6F1qblTt+6HoQkXICgN4fT2B7fVRKhDoM3M3rD45SEuZnjFMUigCAzK9Oyr3YMITh8NgCUazez7YE4hBQIixSuGg8q5pIKDGoEUBAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
d4d6ee18b175d8f77363e8f808318647db65946d39017de8fdc0c4f81b64f392

Request headers

Accept
*/*
Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.wired.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
alt-svc
clear
content-length
6
ibs:dpid=771&dpuuid=CAESENQZNKxqoDmOjNd2884tZPg&google_cver=1
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTExMjg0NTI1ODgyMTY4NDMxNTMzMTc4NzE4OTY5MDg4NzY1NTE=
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESENQZNKxqoDmOjNd2884tZPg&google_cver=1?gdpr=0&gdpr_consent=
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESENQZNKxqoDmOjNd2884tZPg&google_cver=1?gdpr=0&gdpr_consent=
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-1-v028-05be91d80.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
tbb8mroOT6g=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESENQZNKxqoDmOjNd2884tZPg&google_cver=1?gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame FE37 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.182 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
305d94d7-4722-49c0-ad4f-c577c7fa31d1
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame FBF6 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.182 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:18 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
28313016-3bce-44d3-9322-6b6adb647d77
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ibs:dpid=992&dpuuid=1qbe7ydb3bzlv
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://idpix.media6degrees.com/orbserv/hbpix?pixId=16873&pcv=70&ptid=66&tpuv=01&tpu=51128452588216843153317871896908876551
  • https://dpm.demdex.net/ibs:dpid=992&dpuuid=1qbe7ydb3bzlv
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=992&dpuuid=1qbe7ydb3bzlv
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v028-0800c7ad5.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
ZM3wg8IqTlg=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:19 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://dpm.demdex.net/ibs:dpid=992&dpuuid=1qbe7ydb3bzlv
cache-control
no-cache
cf-ray
6fe73dd33da87150-YUL
content-length
0
action_links.json
fr-actions.trackonomics.net/prod/www.wired.com/story/pipedream-ics-malware/ 		243 B
587 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fr-actions.trackonomics.net/prod/www.wired.com/story/pipedream-ics-malware/action_links.json
Requested by
Host: cdn-magiclinks.trackonomics.net
URL: https://cdn-magiclinks.trackonomics.net/client/static/v2/condenast_eujdmc753_wired.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.223.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-223-20.jfk51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e580b6e7eeebcf178b3f14abacceb237ca89bf84515f000792c21318dc044172

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:19 GMT
via
1.1 4ffd9afb636b7eb92e42cf2534136d50.cloudfront.net (CloudFront)
server
AmazonS3
x-amz-cf-pop
JFK51-C1
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache
Error from cloudfront
content-type
application/xml
access-control-allow-origin
*
access-control-allow-methods
GET
x-amz-cf-id
b1XpwiimRO9mqqIfoNyY6BPv3hxD7klV8kPwJUkbMlc4_Fim1F7LdA==
i.png
trx-hub.com/i/m/ 		128 B
446 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trx-hub.com/i/m/i.png?q=N4IghgLhBOD6BmB7aB3M0AmBLAdgcxAC5gBfAGhAFsBTCMDSMI0AY0Rwmo4EkARIkADYATAFZB1AEYBmURhYYALGACMABngBOaqOHTFalSAptEAayzUAwgDkBLNWFVqWLALTTh1eG8XSA7CpuYAAc0iFu1Ir+-qIhGtrwGMYgbAAOWAA2iBCwWMmEQmISMnIKyupaOnoGRhR4YLAsmZYceQUgAOIAgioAdMJ9Koq6gqL+ioMqY2rh8ZqKKQDOaejQiCiwAK5L1HD5AoIqksIsopoYbiHwwpeKR9RX8PD+bhj+GCETIQrH1MuraDrTa7JZLLDsdoCELUMCwjCfNwnaQ+RQYeAREKCTTCK4ha7+eBneTUEIpXDwXBYCAATyhhQcTnUrg8XlRASCoXCkWisXiVSSIHIIAgWEouAIxGFW2gmSWzBA0G8eyV0AEAAsoGkloQAPS6sBpNKZah9HDUFDyihYJawGAAD1gSvgKr2RHgYDl1GFkBgsENaS4BVIFFWeGodugYBY-0IAG1QEtEDKYxqtTr9Sgs30UFglRg+mxKLqlhBkDTdRlAxglWBKG4sCwlm5KJ60ErdSlna61YVNRBtXqDUaTWaLUtOxRfXAkKh0Nh8MwSCQALomHZlyiwGh0Jeh9aB6C0+kgAAKACUAPKngCi54AKgBNWB8FIsDeIGj7DpsHAYLhgKWsDUFsABWGCUCwsTSLAub5m++RpEYDLsP+OCAbkIHgZB0EIRgaTCAIcHUMkFBJimsYgP2g6ZtmxEFkWJZltAFZViRtb1o2zatpk7bUJOIDUAAblwuS0oGAhimkSpghCOBdsqQJun26ZDgGo7mpab7sJwPD8IUIjiFIsjyEozhVLo+iGNp5iWLY9iOM4LKeN4vgcsEYQRFEMRxAk3ikakiAZNkuQHAZxTGWUZmVNolm1CkDRNC0oknj0-RTCMwhjBMUwzHMagLACawbNsuzfocxynOclzXLcvgPE8LxvB8XyKD8GB-EVQIlaC4KQmFIAwnC9CIsiqLopi2K4viBJEmUpLkjglI4NSdIDYyTnuC57KBB53LeXyfmCiYyVtKKNACMIajCLiaiKG4KiaPeKj+IQaghIQj19HdagAFopGGEaihAJoCKeWDVhxAAEACybboNQhBQwAYiRSxQwAqjgbAidAUMAOQAMq5mCUPdNAlA0lDADSK0uvjUOzlD3B-hu0BYJ6UOEzSpbUJQUMABLRhY+BQwAPlDADq3Dnje-DWgNWD5NMoizPiBWaD9LAHCQQA
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.209.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-209-110.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a4d450d9f67e06c84c82a9a8c58cfc96fd91795b935201dace82e858732ddea6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 00:20:09 GMT
via
1.1 0c2947bdc7b8340f8e04a5a58d570236.cloudfront.net (CloudFront)
last-modified
Mon, 24 Aug 2020 04:40:25 GMT
server
AmazonS3
age
60491
etag
"90eb1bf3b49429bde87a3b5f0b53e6a5"
x-cache
Hit from cloudfront
content-type
image/png
x-amz-cf-pop
EWR50-C1
accept-ranges
bytes
content-length
128
x-amz-cf-id
REfHp9owRqL-1vpm6CFdYTWOJwm1w7fpzsqr-aIh9KSqOfRHGqzSzA==
i.png
trx-hub.com/i/x/ 		128 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trx-hub.com/i/x/i.png?q=N4IgDglgJiBcIGMD2A7KBTFBDAzgFwH10BXAKygFsEB2AVgGYCB3CAJ3RgBoQJo4foARgBstAAz0AHJLEBOWWIAsYhH24APaDjigAZqxHipM+RNqkEpfgAs8eMDlgB6J0zcA6LBSwAvVO+QKJwAVViwEdFYcAFoAESxWAGtogHEAGyQAIyw06IBhVggKdHzWAE8wPCQEYlZ2FAQypygwJwlJWlpFE1ondl0AXjwKCgJrVigCHCYsPARrAjEAfiQ8HAHBADI8LABzAaYxcUzogCYxTbSIFES8pAwD8U2iBvvr-YBVYIAxSU2AR2gG2EilknUU9Gosk2OFYG2ighAAF8kUA
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.209.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-209-110.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a4d450d9f67e06c84c82a9a8c58cfc96fd91795b935201dace82e858732ddea6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:23:22 GMT
via
1.1 0c2947bdc7b8340f8e04a5a58d570236.cloudfront.net (CloudFront)
last-modified
Mon, 24 Aug 2020 04:40:42 GMT
server
AmazonS3
age
35098
etag
"90eb1bf3b49429bde87a3b5f0b53e6a5"
x-cache
Hit from cloudfront
content-type
image/png
x-amz-cf-pop
EWR50-C1
accept-ranges
bytes
content-length
128
x-amz-cf-id
U7VWucD-WAyM4mWtD3M538Yuoqz46dwTUyaYiIwsRlnye04nC6M-Wg==
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&ra=1&pxm=2&sgs=3&vb=14&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=BPI1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%23Vyt9.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-3gPfcs6wZ10QbMk%2BqjMratT%2F8IKBUGMSV3D%2B4hwCudYVWqlJ9ew2bEg%3D&rs=1-8mrC8H1EcAEJWg%3D%3D&sc=1&os=1-8Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=4&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&f=0&j=https%3A%2F%2Fapple.news&t=1650388097904&de=6816706611&cu=1650388097904&m=1147&ar=bee2df476bf-clean&iw=23c8749&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=6434&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A628%3A628%3A0%3A735&as=1&ag=1129&an=275&gi=1&gf=1129&gg=275&ix=1129&ic=1129&ez=1&ck=1129&kw=925&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1129&bx=275&ci=1129&jz=925&dj=1&aa=0&ad=990&cn=136&gk=990&gl=136&ik=990&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=925&cd=278&ah=925&am=278&xd=00&rf=0&re=1&ft=990&fv=136&fw=136&wb=1&cl=0&at=0&d=11590170%3A27523353%3A525643043%3A169412062&bo=2568040&bd=332460082&gw=bpi100914419959&zMoatOrigSlicer1=2568040&zMoatOrigSlicer2=332460082&hv=DCM%20ins&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jh=-1&jm=-1&mr=2&ml=27523353&tc=0&fs=198121&na=966703371&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:19 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:19 GMT
adsct
analytics.twitter.com/i/ Frame D96F 		43 B
115 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?p_user_id=51128452588216843153317871896908876551&p_id=38594
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
5
date
Tue, 19 Apr 2022 17:08:18 GMT
server
tsa_b
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
c65b8d729d7104a06072062b47f109a1eed3c4a790829519ea1a595feb96ba72
content-length
43
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&ra=1&pxm=2&sgs=3&vb=14&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=BPI1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%23Vyt9.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-3gPfcs6wZ10QbMk%2BqjMratT%2F8IKBUGMSV3D%2B4hwCudYVWqlJ9ew2bEg%3D&rs=1-8mrC8H1EcAEJWg%3D%3D&sc=1&os=1-8Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=5&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&f=0&j=https%3A%2F%2Fapple.news&t=1650388097904&de=6816706611&cu=1650388097904&m=1148&ar=bee2df476bf-clean&iw=23c8749&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=6434&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A628%3A628%3A0%3A735&as=1&ag=1129&an=1129&gi=1&gf=1129&gg=1129&ix=1129&ic=1129&ez=1&ck=1129&kw=925&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1129&bx=1129&ci=1129&jz=925&dj=1&aa=0&ad=990&cn=990&gk=990&gl=990&ik=990&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=925&cd=925&ah=925&am=925&xd=00&rf=0&re=1&ft=990&fv=990&fw=136&wb=1&cl=0&at=0&d=11590170%3A27523353%3A525643043%3A169412062&bo=2568040&bd=332460082&gw=bpi100914419959&zMoatOrigSlicer1=2568040&zMoatOrigSlicer2=332460082&hv=DCM%20ins&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jh=-1&jm=-1&mr=2&ml=27523353&tc=0&fs=198121&na=1096592289&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:19 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:19 GMT
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&ra=1&pxm=2&sgs=3&vb=14&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=BPI1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%23Vyt9.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-3gPfcs6wZ10QbMk%2BqjMratT%2F8IKBUGMSV3D%2B4hwCudYVWqlJ9ew2bEg%3D&rs=1-8mrC8H1EcAEJWg%3D%3D&sc=1&os=1-8Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=6&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&f=0&j=https%3A%2F%2Fapple.news&t=1650388097904&de=6816706611&cu=1650388097904&m=1149&ar=bee2df476bf-clean&iw=23c8749&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=6434&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A628%3A628%3A0%3A735&as=1&ag=1129&an=1129&gi=1&gf=1129&gg=1129&ix=1129&ic=1129&ez=1&ck=1129&kw=925&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1129&bx=1129&ci=1129&jz=925&dj=1&aa=0&ad=990&cn=990&gk=990&gl=990&ik=990&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=925&cd=925&ah=925&am=925&xd=00&rf=0&re=1&ft=990&fv=990&fw=136&wb=1&cl=0&at=0&d=11590170%3A27523353%3A525643043%3A169412062&bo=2568040&bd=332460082&gw=bpi100914419959&zMoatOrigSlicer1=2568040&zMoatOrigSlicer2=332460082&hv=DCM%20ins&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jh=-1&jm=-1&mr=2&ml=27523353&tc=0&fs=198121&na=409737697&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:19 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:19 GMT
ibs:dpid=1175&gdpr=0&dpuuid=9qH2j6Xw9IztpvPc8qfu0_nw9dLt9aDaovW-YSzf
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://dpm.demdex.net/ibs:dpid=1175&gdpr=0&dpuuid=9qH2j6Xw9IztpvPc8qfu0_nw9dLt9aDaovW-YSzf
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=1175&gdpr=0&dpuuid=9qH2j6Xw9IztpvPc8qfu0_nw9dLt9aDaovW-YSzf
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v028-03d725ce5.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
xTH2vagqQN8=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:19 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://dpm.demdex.net/ibs:dpid=1175&gdpr=0&dpuuid=9qH2j6Xw9IztpvPc8qfu0_nw9dLt9aDaovW-YSzf
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&wf=1&ra=1&pxm=2&sgs=3&vb=14&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=BPI1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%23Vyt9.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-3gPfcs6wZ10QbMk%2BqjMratT%2F8IKBUGMSV3D%2B4hwCudYVWqlJ9ew2bEg%3D&rs=1-8mrC8H1EcAEJWg%3D%3D&sc=1&os=1-8Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=10&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&f=0&j=https%3A%2F%2Fapple.news&t=1650388097904&de=6816706611&cu=1650388097904&m=1357&ar=bee2df476bf-clean&iw=23c8749&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=6434&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A628%3A628%3A0%3A735&as=1&ag=1339&an=1129&gi=1&gf=1339&gg=1129&ix=1339&ic=1339&ez=1&ck=1129&kw=925&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1339&bx=1129&ci=1129&jz=925&dj=1&aa=1&ad=1200&cn=990&gn=1&gk=1200&gl=990&ik=1200&co=1200&cp=1132&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1132&cd=1132&ah=1132&am=1132&xd=00&rf=0&re=1&ft=1200&fv=990&fw=136&wb=1&cl=0&at=0&d=11590170%3A27523353%3A525643043%3A169412062&bo=2568040&bd=332460082&gw=bpi100914419959&zMoatOrigSlicer1=2568040&zMoatOrigSlicer2=332460082&hv=DCM%20ins&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jh=-1&jm=-1&mr=2&ml=27523353&tc=0&fs=198121&na=1593545896&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:19 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:19 GMT
px
p.adsymptotic.com/d/ Frame D96F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.adsymptotic.com/d/px?_pid=11693&_psign=bf265992ae7fbdc1ab4b39651c157974&_puuid=51128452588216843153317871896908876551&_rand=1583046326&_pp=adobeXtest&_redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=1524%26dpuuid=${UUID}
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.98.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A19.355Z&_t=impressionViewable&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6400&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=ad_metrics&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&dim1=%7B%22channel%22%3A%22security%22%2C%22platform%22%3A%22verso%22%2C%22template%22%3A%22mt_article_two_column%22%2C%22viewport%22%3A%22desktop%22%2C%22isOverride%22%3Afalse%2C%22position%22%3A%22hero%22%2C%22size%22%3A%22728x90%22%7D&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:19 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
ibs:dpid=22069&dpuuid=2026962838431
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://tag.yieldoptimizer.com/ps/ps?t=i&p=2233
  • https://tag.yieldoptimizer.com/ps/ps?tc=855847203&t=i&p=2233
  • https://dpm.demdex.net/ibs:dpid=22069&dpuuid=2026962838431
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=22069&dpuuid=2026962838431
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-1-v028-098327567.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
3iKAcDwDS6M=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:19 GMT
via
1.1 google
server
Apache-Coyote/1.1
p3p
CP="NON DSP COR TAIo PSAo PSDo HISo OUR BUS UNI INT DEM OTC"
location
https://dpm.demdex.net/ibs:dpid=22069&dpuuid=2026962838431
cache-control
no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
ibs:dpid=575&dpuuid=-840862286238626073
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://fei.pro-market.net/engine?site=141472;size=1x1;mimetype=img;du=67;csync=51128452588216843153317871896908876551
  • https://dpm.demdex.net/ibs:dpid=575&dpuuid=-840862286238626073
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=575&dpuuid=-840862286238626073
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-1-v028-077ceb5e7.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
rY958VX8SHk=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:18 GMT
via
1.1 google
server
Apache-Coyote/1.1
access-control-allow-origin
*
anserver
gapp4.c.datonics-gcp-01.internal
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location
https://dpm.demdex.net/ibs:dpid=575&dpuuid=-840862286238626073
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
clear
content-length
0
expires
Mon, 1 Jan 1990 0:0:0 GMT
ibs:dpid=53196&dpuuid=Q7036744981805404043
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID)
  • https://dpm.demdex.net/ibs:dpid=53196&dpuuid=Q7036744981805404043
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=53196&dpuuid=Q7036744981805404043
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v028-0eba9eccc.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
ITt5Wwq9RXE=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Date
Tue, 19 Apr 2022 17:08:19 GMT
Server
Apache/2.4.6 (CentOS)
X-Powered-By
PHP/7.3.33
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://dpm.demdex.net/ibs:dpid=53196&dpuuid=Q7036744981805404043
Cache-Control
max-age=78248
Connection
keep-alive
Content-Type
text/html
Content-Length
154
ibs:dpid=73426&dpuuid=51128452588216843153317871896908876551
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://ads.scorecardresearch.com/p?c1=9&c2=6034944&c3=2&cs_xi=51128452588216843153317871896908876551&rn=1650388095218&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D511284525882168...
  • https://dpm.demdex.net/ibs:dpid=73426&dpuuid=51128452588216843153317871896908876551
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=73426&dpuuid=51128452588216843153317871896908876551
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v028-04d43c697.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
tD0hEfsqRvI=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=73426&dpuuid=51128452588216843153317871896908876551
date
Tue, 19 Apr 2022 17:08:19 GMT
via
1.1 b0a0e0d22a21f33ff74219a7ecf1d55e.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK51-C1
content-length
0
x-amz-cf-id
F7LxKTVueNNnNUS2jU5_ahpjKfvr8xZ2kdwWq4Xx3ZPFFrIb-3Pazw==
x-cache
Miss from cloudfront
sn.ashx
dpm.demdex.net/ibs:dpid=75557&dpuuid=R1B342_EE958283_44839BCA&redir=https://abp.mxptint.net/ Frame D96F
Redirect Chain
  • https://abp.mxptint.net/sn.ashx
  • https://dpm.demdex.net/ibs:dpid=75557&dpuuid=R1B342_EE958283_44839BCA&redir=https://abp.mxptint.net/sn.ashx?ak=1
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=75557&dpuuid=R1B342_EE958283_44839BCA&redir=https://abp.mxptint.net/sn.ashx?ak=1
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v028-00f5c48fa.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
LO2IIcPOToY=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=75557&dpuuid=R1B342_EE958283_44839BCA&redir=https://abp.mxptint.net/sn.ashx?ak=1
Date
Tue, 19 Apr 2022 17:08:20 GMT
Cache-Control
private
P3P
CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE", CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length
237
Strict-Transport-Security
max-age=-333374900; includeSubDomains
Content-Type
text/html; charset=utf-8
reloadCampaigns.js
api.bounceexchange.com/bounce/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/reloadCampaigns.js?wklzs=1816&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDYBWABgGYAOS0gTlsvwCZNgAvEKUzAdwFMARjlTA+AfVQATKE0pNimAE58cIADZw0GAoVKkAHsz1K+MPouWKoAQwAOttXwB0CPjxzZratagQBzMThFNSgAC2BgWxwAUnIAQWimADFEpJ50px5UZUknJBAAW1ScUEUAT1TbVFs+SWVrAoBaVCQcRoKvHmtlVMwAN1RhYDF8kABrVD4oaIB2ACFEpjVbRdiEpiZwyJj5eMTiZP3k9J5M7Nq8wqOkkpBy66qaur4G5tb2zu6+a9WmAGFFopVnsNnYHM5XO5VjMACLYEDjSbTeaLPrAhIojY4OACAoiUSSMQYIbfDZrGBeHCkgEbPh9cxiNQgPx+WoSBDoilqKmJGlMbG4-FsvgdVBqMQCaxIMZIULWBCuNScynUxYCvERYWi8V+aySVnANTWITK7mqrE4jUEsQi6xisS6goqU08-5qy1Cwm2+3ARTynC2O7AF3m-kezVe7ViUSy3zAHggEO892CiM2qM4JCTZCkpjklXJi2p63e8WSF7cpNuotWrV2sv1ipk+Jc118pBIWzWEZeVDoxa+uC5wtMZQBXWiMTqz1Vvljh3WSdBJXN9ZMVvD6th4t1+2ByRIawlHZ5lsF2EjmB9YOrohkKg0WgzEcDSTou8Uah0Ga0AAs+GIfBny3axE1XUgR2WfsNi2KJ9hBA4UnkY4MiyHJLiKZCblKJtEMeWp6iaFo2g6NQuh6LDfj5I90Qgrc+lsNFbxHN9V0WVi8y3IE2NBexHBcNwTxHJBr3fEhP0fYC+WEDi1k4vk-CQbjTziYhKBHTCVLovlJCkaCmHwICmEIcgZlIEhyF-Uh8F-WhSH-KjFjUUTb3Eh9v1mOE+m6HAAG0u1ZaMyhqABdGxFDQJBHH6HzfL1MQBmEARHDCjcYsUPzukixwxAQBo+DCpJah2UgAFVkBAeluNIaxEjomYAGUshwEq4kUAom1IABpBBUDMRJgNIGA7jqgAJKUJn8OqAEkEEkOASkUVAvDqhqyhKEUPG8jK4oilocsPUQ-DuMowvSvy5TUGAuzKLpvASwZUGSgqoEHPhzt8gQQAiQpJUUB6kpS2AVQ+m67rUVKQe2vz4G8MGvHFRKnqBtLod8gNuzpPgEGGEUhUUSGzQ+6c02JEQXtR2KmRZNlfEJqkPqx-7qdZQk6eBom0cka6xEUZKQGlMKEZAHhifDEso0laVZXlRV6fetGSYl+sF31PhDWNHB5bFndIxVx0VG1xXxd3cVfX9QMIqN2KldN6M+FjHGE2tnbbb1+1M2zJAKahm2TfdssKy1jmGeN3X0xVyRGxdvzbCW7zRH56UAeRn3Odi4BrACPhHCdHGY-8+OpTKMRA1sOBbBT56C6QBAI49nFMyWgRzBruuSSnRulKe1uQ4V2KOy7HsfDCt6PtAWw-qrlHfZ2u5y3+4b2oL+cJ3EN2C8kMo8rxJBoyzm1c+x4AV74PxBnNrQ6-B0-x0XcRl1vhdJ2xexlBa9AEALt36-FfdD2PNrUYExxCgBAIyborI+6YAELYLgmB1ZwN8iFTAthgB4HhAUBwy0cxiBgEaPwUBMDc1sMgqAxBaC6EIL+GYhlaDEOumQ381ArLMOYOQBhpCwoHBmIQGYZl7K-k4WQihhAxHWT0NwEhIjKHiPwNZSgwjuGUMoCZeyuglHkJUWo38xAhF9DlPAxiUgCBKDUMAYKUxLrXWsLdBG08+AABoSG8yTmMRxAVQGWMcVlfa4gd5ON8VFcQh0z4nWcTzPmTJpRmICVAbay1npAA
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/br-ijs_all_modules_2d913b64e789f2bd268452855491ee94.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
98fb1364924680e5f65931984f0592a7d249c9e136e07e1c70d5f03ef265e1a7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:19 GMT
content-encoding
gzip
last-modified
Tue, 19 Apr 2022 17:08:19 GMT
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
29
content-type
text/javascript;charset=UTF-8
alt-svc
clear
via
1.1 google
expires
0
reloadcampaigns
events.bouncex.net/track.gif/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/reloadcampaigns?wklz=E4UwNg9ghgJgxlAtgBygSwOYDsDOAuOAVxwBcJEA3KYNKAIzBBwF4BSAdgCFWAmH1DCAD6JAJ7IQvHqwDMAQSnUSaOIym8AwophCKaHGgaS+shXwBmUMDmPSeWvkpWMhWJLdNSAYiBg5eAAwAqlhwEBQgwIFQgQDkAMoA7vr+PAFywIiigQDSWGjmILGB5hBRaQASUHAA1mhYGIEAklgwxCQ0VoHxoqQgiKl2DjxOqsIIJCAYZdkm8uom9lIAFlbmqKKJVmC6+oZqc2Y8HYQeS3x0ECRkiHTUuwZG6vMWVjYLwxtbYGDPR5bWM7DcyEH5fbYPfYeF48AHvRbDHCoIQgCJYEgoxBoa6RP5SOFAqQ4Qh0LE4nQQXDY6H-N6EviQDCCHT1PGvQEfKSoyJCRnMoSsw74umcvgwdZCYAMCC1NkjH4QRKinjE0nYyY6froHZ3WpwVZYLDgOUE5WqskazHaoQYWCCEhgeiDTzs+FDIkki2+K1oHa2xBME0ihEetXkn07DpQXDIMokIMckN8c3q71a30iED6+okRIQBNuzShr2axDWnBwNAgUI04WJ93Jz2p0vWmAgN4F+kqpvh9M7GDa2bSGGmpP8GhUSbS2qQp5C11dkhQDAoxgB9Gd5XICfVURCWPIQjIWcHYe0+tFvhwLARoSqis0Oi4+ew4MNnjXu-Uu8kh+GZ9nnWhbnB+cDIggYBoHKJyLhAyB3MAJ61guyplG2iGlJkm5jqAK62pMP5hhq2HvjAohuFicAiMuq79NW8YvqO764foUbKJSQjfL8jFvpePC4TaUAEYQwDcYBKE4VMgkEcSyDbkwBiUiRfEpr2ZYZrG8BQKQzojrx7AACIAGSgJAsAICg6DYPgFEgMwVCdEYJngNAWmWZguB4GIEjMKsYDrFAmwQnojwHBo4rHlKkCyvYAjCN5xgaKMLi2ZoyXjEJUwzJoEWStONRGYgEBtswARGYkIB0AYkxoDAzA8AAHDwACsRkhditXMAAjAAbM1AQyA1DUBAAnOwI0ACxdc1XXsEZbZ6HAICdV1s08D1MjsAEfUyBNARdRNI0BFNRlxXoIDJHVXVGTYACOpw1p1MhGaoVbosoAakEgyDdX1A1DaNI0NQdL2QfRUDIGgETAIpWDMEuGDPQtKh2TAN0QCJS3MBVdBGcu9HMMQkRAA
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:19 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
clear
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
ibs:dpid=79908&dpuuid=c:40346a10a306d38de9ccdb1d292aef26
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://aorta.clickagy.com/pixel.gif?ch=124&cm=51128452588216843153317871896908876551&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D79908%26dpuuid%3D%7Bvisitor_id%7D
  • https://dpm.demdex.net/ibs:dpid=79908&dpuuid=c:40346a10a306d38de9ccdb1d292aef26
42 B
959 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=79908&dpuuid=c:40346a10a306d38de9ccdb1d292aef26
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-1-v028-0b7fee03d.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-Error
300
X-TID
CI7i/pn2ReM=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date
Tue, 19 Apr 2022 17:08:20 GMT
server
Aorta/20220310.de5380a
access-control-allow-origin
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
Location
https://dpm.demdex.net/ibs:dpid=79908&dpuuid=c:40346a10a306d38de9ccdb1d292aef26
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
X-Aorta-Region
us-east-1
Connection
keep-alive
X-Aorta-Host
ip-10-42-20-173.ec2.internal
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
Content-Length
0
usermatch.gif
beacon.krxd.net/ Frame D96F
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=adobe&id=51128452588216843153317871896908876551
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=51128452588216843153317871896908876551
0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=51128452588216843153317871896908876551
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
52.0.204.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-0-204-120.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:20 GMT
cache-control
private, no-cache, no-store
x-request-time
D=44 t=1650388100
x-served-by
beacon-n035-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=adobe&id=51128452588216843153317871896908876551
date
Tue, 19 Apr 2022 17:08:20 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a008-ash-prod.krxd.net
ibs:dpid=121998&dpuuid=47be9ae4901b809e83480da9e85b94fd
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=51128452588216843153317871896908876551?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
  • https://dpm.demdex.net/ibs:dpid=121998&dpuuid=47be9ae4901b809e83480da9e85b94fd
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=47be9ae4901b809e83480da9e85b94fd
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v028-097f761f4.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
Ar/ADbZcRT4=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:20 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=47be9ae4901b809e83480da9e85b94fd
cache-control
no-cache
x-server
10.40.14.56
content-length
0
expires
0
u
dmp.v.fwmrm.net/ad/ Frame D96F 		0
411 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D796%26dpuuid%3D%23%7Buser.id%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:6593:f606:ee73:d59a:4018:6dc2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:20 GMT
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control
no-store
Connection
keep-alive
Content-Type
text/html
Keep-Alive
timeout=300
Content-Length
0
Expires
0
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=1&hp=1&zMoatAdUnit1=conde.wired.native&zMoatAdUnit2=in-content&zMoatAdUnit3=security&zMoatAdUnit4=article&wf=1&ra=3&pxm=3&sgs=3&vb=14&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=CONDENAST_PREBID_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%23Vyt9.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-3gPfcs6wZ10QbMk%2BqjMratT%2F8IKBUGMSV3D%2B4hwCudYVWqlJ9ew2bEg%3D&rs=1-8mrC8H1EcAEJWg%3D%3D&sc=1&os=1-8Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&g=2&h=125&w=125&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&rm=1&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&f=0&j=https%3A%2F%2Fapple.news&t=1650388093410&de=811794565249&rx=878667589509&cu=1650388093410&m=6840&ar=bee2df476bf-clean&iw=5eeb72d&cb=0&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=6434&le=1&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A628%3A628%3A0%3A735&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&aj=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&dj=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5129&cd=1894&ah=5129&am=1894&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=4660981638%3A2443012271%3A5276770044%3A138301071698&bo=conde.wired.native&bd=1&gw=condenastprebidheader987326845656&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&tc=0&fs=198121&na=2021629822&cs=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:20 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:20 GMT
pixel
cm.g.doubleclick.net/ Frame D96F
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWw3c2Z3QUFBSFJyaEFSQQ==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWw3c2Z3QUFBSFJyaEFSQQ==
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Server
142.251.40.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:20 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1650388100.288920,VS0,VE0
x-served-by
cache-yul12832-YUL
x-cache
HIT
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWw3c2Z3QUFBSFJyaEFSQQ==
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
t
elsa.memoinsights.com/ 		107 B
349 B 		Script
General
Check archive.org
Download Go to
Full URL
https://elsa.memoinsights.com/t?pid=5c058a6070cdcc676efa61c4&url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&date=2022-04-13T19%3A50%3A48.527Z&title=Feds%20Uncover%20a%20%27Swiss%20Army%20Knife%27%20for%20Hacking%20Industrial%20Systems&channels=tags&authors=Cond%C3%A9%20Nast&referrer=https%3A%2F%2Fapple.news%2F&ref_url=https%3A%2F%2Fapple.news%2F&page_url=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&cb=MEMO.API.callbacks.cbyvadymkaq&v=v3.0.5&t=5000&e=5000&s=0
Requested by
Host: cdn.memo.co
URL: https://cdn.memo.co/js/memo.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.85.177.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-85-177-101.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
01c80620c23ff10fb69ca52bc002cd34e5d77d80d068b9b1f7258cb28345b8ab

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:20 GMT
x-envoy-upstream-service-time
1
server
istio-envoy
Connection
keep-alive
Content-Length
107
x-request-id
2f372c30e70fac4af2923817cc2dfc61
content-type
application/javascript
tap.php
pixel.rubiconproject.com/ Frame D96F
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
  • https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yl7sfwAAAHRrhARA&expires=90
42 B
703 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yl7sfwAAAHRrhARA&expires=90
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
8f31d5fb12ac7ec11f837ad8263e0f6c
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1650388100.389712,VS0,VE0
x-served-by
cache-yul12832-YUL
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yl7sfwAAAHRrhARA&expires=90
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
rum
dsum-sec.casalemedia.com/ Frame D96F
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yl7sfwAAAHRrhARA
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yl7sfwAAAHRrhARA
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:20 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Apr 2022 17:08:20 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1650388100.490837,VS0,VE0
x-served-by
cache-yul12832-YUL
x-cache
HIT
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yl7sfwAAAHRrhARA
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
setuid
ib.adnxs.com/ Frame D96F
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
  • https://ib.adnxs.com/setuid?entity=158&code=Yl7sfwAAAHRrhARA
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=158&code=Yl7sfwAAAHRrhARA
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
68.67.161.182 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:20 GMT
X-Proxy-Origin
149.56.153.186; 149.56.153.186; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
0f9834cb-a636-4471-a688-434f79be920c
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1650388101.603234,VS0,VE0
x-served-by
cache-yul12832-YUL
x-cache
HIT
location
https://ib.adnxs.com/setuid?entity=158&code=Yl7sfwAAAHRrhARA
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
sd
us-u.openx.net/w/1.0/ Frame D96F
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yl7sfwAAAHRrhARA
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yl7sfwAAAHRrhARA
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:20 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1650388101.694879,VS0,VE0
x-served-by
cache-yul12832-YUL
x-cache
HIT
location
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yl7sfwAAAHRrhARA
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
Pug
image2.pubmatic.com/AdServer/ Frame D96F
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yl7sfwAAAHRrhARA
1 B
413 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yl7sfwAAAHRrhARA
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:20 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug012:0:493
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1650388101.795029,VS0,VE0
x-served-by
cache-yul12832-YUL
x-cache
HIT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yl7sfwAAAHRrhARA
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
partner
sync.search.spotxchange.com/ Frame D96F
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yl7sfwAAAHRrhARA&img=1
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yl7sfwAAAHRrhARA&img=1&__user_check__=1&sync_id=5089fcd8-c003-11ec-ae78-17ac3e130303
43 B
549 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yl7sfwAAAHRrhARA&img=1&__user_check__=1&sync_id=5089fcd8-c003-11ec-ae78-17ac3e130303
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
192.35.249.120 Ashburn, United States, ASN11742 (SPOTX-IAD, US),
Reverse DNS
Software
nginx /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Tue, 19 Apr 2022 17:08:21 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
159
Connection
keep-alive
Content-Length
43

Redirect headers

Date
Tue, 19 Apr 2022 17:08:21 GMT
Server
nginx
Location
/partner?adv_id=6409&uid=Yl7sfwAAAHRrhARA&img=1&__user_check__=1&sync_id=5089fcd8-c003-11ec-ae78-17ac3e130303
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
357
Connection
keep-alive
Content-Length
0
b.php
www.facebook.com/fr/ Frame D96F
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
  • https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yl7sfwAAAHRrhARA&t=2592000&o=0
43 B
68 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yl7sfwAAAHRrhARA&t=2592000&o=0
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
H3
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 10:08:21 PDT
content-encoding
br
x-content-type-options
nosniff
document-policy
force-load-at-top
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-fb-rlafr
0
pragma
public
x-fb-debug
nA+T151r8UFII0/FXQEyECSLydaZ4Owj5FGtgPHQPKyZI8JZp9RTzThfbnMjgTY/Ogbvii/q/jkuA4GrwfYbCA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
strict-transport-security
max-age=15552000; preload
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
image/gif
vary
Accept-Encoding
cache-control
public, max-age=0
priority
u=3,i
expires
Tue, 19 Apr 2022 10:08:21 PDT

Redirect headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1650388101.997280,VS0,VE0
x-served-by
cache-yul12832-YUL
x-cache
HIT
location
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yl7sfwAAAHRrhARA&t=2592000&o=0
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
ibs:dpid=161033&dpuuid=
dpm.demdex.net/ Frame D96F
Redirect Chain
  • https://pixel.onaudience.com/?partner=130&mapped=51128452588216843153317871896908876551&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D161033%26dpuuid%3D%25m
  • https://dpm.demdex.net/ibs:dpid=161033&dpuuid=
42 B
963 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=161033&dpuuid=
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Server
54.187.199.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-199-115.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v028-0800c7ad5.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-Error
300,104
X-TID
Ti8DIUHbS40=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=161033&dpuuid=
content-length
0
image.sbxx
ib.mookie1.com/ Frame D96F
Redirect Chain
  • https://global.ib-ibi.com/image.sbix?go=244346&pid=268&xid=51128452588216843153317871896908876551
  • https://ib.mookie1.com/image.sbix?go=244346&pid=268&xid=51128452588216843153317871896908876551
  • https://dpm.demdex.net/ibs:dpid=285689&dpuuid=51128452588216843153317871896908876551&redir=https%3A%2F%2Fglobal.ib-ibi.com%2Fimage.sbxx%3Fgo%3D244346%26pid%3D268%26xid%3D%24%7BDD_UUID%7D
  • https://global.ib-ibi.com/image.sbxx?go=244346&pid=268&xid=51128452588216843153317871896908876551
  • https://ib.mookie1.com/image.sbxx?go=244346&pid=268&xid=51128452588216843153317871896908876551
120 B
918 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.mookie1.com/image.sbxx?go=244346&pid=268&xid=51128452588216843153317871896908876551
Protocol
HTTP/1.1
Server
64.58.232.180 , United States, ASN13649 (ASN-VINS, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://condenast.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:21 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3p
CP=\"DSP COR ADM DEV PSA PSD OUR\", CP="DSP COR ADM DEV PSA PSD OUR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
X-Server
LAS14
Content-Type
image/png
Content-Length
120
Expires
-1

Redirect headers

Date
Tue, 19 Apr 2022 17:08:21 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Location
https://ib.mookie1.com:443/image.sbxx?go=244346&pid=268&xid=51128452588216843153317871896908876551
p3p
CP="DSP COR ADM DEV PSA PSD OUR"
Access-Control-Allow-Origin
*
Cache-Control
private
X-Server
LAS15
Content-Type
text/html; charset=utf-8
Content-Length
223
track
capture.condenastdigital.com/ 		48 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capture.condenastdigital.com/track?_ts=2022-04-19T17%3A08%3A21.424Z&_t=timespent&cBr=Wired&cCh=security&cSch=cyberattacks%20and%20hacks&cTi=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking&cTy=article&cTp=ALLBRANDS_70%2C%20ALLBRANDS_7%2C%20ALLBRANDS_63%2C%20ALLBRANDS_38%2C%20ALLBRANDS_31%2C%20ALLBRANDS_283%2C%20ALLBRANDS_274%2C%20ALLBRANDS_258%2C%20ALLBRANDS_167%2C%20ALLBRANDS_134&cTpw=0.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816%2C%200.42457584769980816&cEnt=malware%2C%20industrial%20control%20systems%2C%20hacker%2C%20sergio%20caltagirone%2C%20omron%2C%20schneider%20electric%2C%20dragos%2C%20oil%20refinery%2C%20swiss%20army%20knife%2C%20cisa%2C%20biden%2C%20cybersecurity%2C%20us%2C%20russia%2C%20russian%2C%20united%20states%2C%20mandiant%2C%20department%20of%20energy%2C%20ukrainian%2C%20fbi&cEnw=1%2C%200.872941569807454%2C%200.7738264247059433%2C%200.7448887112625757%2C%200.7435026835426927%2C%200.7032574634747577%2C%200.6479090766261459%2C%200.6471979025914351%2C%200.6209965006782172%2C%200.5208951755271362%2C%200.5069505591015793%2C%200.502900900507039%2C%200.47264716170626636%2C%200.46274270311057425%2C%200.45182604754329503%2C%200.44915774726196367%2C%200.44075707275100234%2C%200.4321428735540074%2C%200.4252873420938626%2C%200.41035570255532583&cCu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&org_id=4gKgcErvvpkwWft3fSWg7c2niGQB&org_app_id=5QYt5Xy87uNBXaR4Wj3U2pPoRCBTTVrMHp8wN1h4BcXHZVYmf6sxzCnLQC&cCl=2&cId=6256eb35dcd4a10f9e523401&cPd=2022-04-13T19%3A50%3A48.527Z&ccS=web&cPv=all&cAu=Andy%20Greenberg&pHr=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware&pRt=referral&pHp=%2Fstory%2Fpipedream-ics-malware%2F&pRr=https%3A%2F%2Fapple.news%2F&pWw=1600&pWh=1200&pPw=1600&pPh=6400&pSw=1600&pSh=1200&uID=61b2c59d-8f2d-461e-8ff7-d7d8748cd1be&sID=8eaeadd8-b23f-4df8-8692-888f7fc5dce8&pID=b8c5454f-ed15-4054-8d4c-c698d3ec1f22&uDt=desktop&_o=wired&_c=general&xID=c0aa10cc-32ef-4371-a838-e477580f9efd&_v=5000&environment=prod&origin=wired&cKh=malware%2Cindustrial%20control%20systems%2Chacker%2Csergio%20caltagirone%2Comron%2Cschneider%20electric%2Cdragos%2Coil%20refinery%2Csystem%2Cswiss%20army%20knife%2Ctoolkit
Requested by
Host: www.wired.com
URL: https://www.wired.com/story/pipedream-ics-malware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.21.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-21-92.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Apr 2022 17:08:21 GMT
Connection
keep-alive
Content-Length
48
Content-Type
image/gif
/
id.sv.rkdms.com/identity/ 		66 B
348 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.sv.rkdms.com/identity/?vendor=idsv2&sv_cid=5274_04512&sv_pubid=CONDENAST&sv_domain=www.wired.com
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183973-93942139695505.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.90.196.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-90-196-139.compute-1.amazonaws.com
Software
nginx/1.20.2 /
Resource Hash
87f092007482ef1a2d684d510d2ec56798f86ad8096159150f892d2191072ef1

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
https://www.wired.com
date
Tue, 19 Apr 2022 17:08:21 GMT
access-control-allow-credentials
true
server
nginx/1.20.2
content-length
66
vary
Origin
content-type
application/json
headerstats
as-sec.casalemedia.com/ 		0
428 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/headerstats?s=383250&u=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&v=3
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/183973-93942139695505.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Tue, 19 Apr 2022 17:08:21 GMT
X-AK-INITIAL-GEO
CC:[CA], RC:[QC], CN:[NA], CIP:[149.56.153.186], XFF:[]
Server
Apache
Access-Control-Allow-Origin
https://www.wired.com
X-CS-CLIENT-GEO
19
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-AK-CLIENT-GEO
19
Expires
Tue, 19 Apr 2022 17:08:21 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		13 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022041301&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
48cf0140646048ac033d10f1500038ae9708b17e9eeab246da6ccb362d6e570e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 17:08:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10434
x-xss-protection
0
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=228464857488266&ev=Spire-Studio-Segment&dl=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&rl=https%3A%2F%2Fapple.news%2F&if=false&ts=1650388102106&cd[code]=&sw=1600&sh=1200&v=2.9.57&r=stable&ec=2&o=30&fbp=fb.1.1650388096709.592063518&it=1650388095330&coo=false&dpo=&tm=2&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:22 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Tue, 19 Apr 2022 17:08:22 GMT
cs.js
sb.scorecardresearch.com/internal-c2/default/
Redirect Chain
  • https://sb.scorecardresearch.com/c2/6035094/cs.js
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
0
350 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/internal-c2/default/cs.js
Protocol
H2
Server
99.84.118.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-118-11.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 16:44:48 GMT
via
1.1 b9e793c57a48521c3ff94fb625d228a0.cloudfront.net (CloudFront)
etag
"d41d8cd98f00b204e9800998ecf8427e"
last-modified
Mon, 01 Mar 2021 20:42:20 GMT
server
AmazonS3
age
1415
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
EWR52-C3
accept-ranges
bytes
content-length
0
x-amz-cf-id
7b3A2vF90ZcmwEghM-RIz_wLUCbpKbobVx0ASI0hEmyp5UvUh93HWA==

Redirect headers

location
/internal-c2/default/cs.js
date
Tue, 19 Apr 2022 17:08:22 GMT
via
1.1 b9e793c57a48521c3ff94fb625d228a0.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C3
content-length
0
x-amz-cf-id
wUhWDVnMNYNB2kYuflir0hbbNP_8I0abiyjMsHzqF6nNCe4443HPnQ==
x-cache
Miss from cloudfront
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 19 Apr 2022 17:08:22 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 72C5 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
25401
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 10:05:01 GMT
expires
Wed, 19 Apr 2023 10:05:01 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame DBEB 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
80b0836522160ff5db2c7f98f0e59c6ebd7a584db4a5e76f38425c41b8a2686d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-n6hkysVdEYNe58v3wBGnhA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-n6hkysVdEYNe58v3wBGnhA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 17:08:22 GMT
expires
Tue, 19 Apr 2022 17:08:22 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
jCkUzW4MJun-Op3iOFNjK-GGKJG_m8_dpwU-GZUxlWM.js
pagead2.googlesyndication.com/bg/ Frame 72C5 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/jCkUzW4MJun-Op3iOFNjK-GGKJG_m8_dpwU-GZUxlWM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8c2914cd6e0c26e9fe3a9de23853632be1862891bf9bcfdda7053e1995319563
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 01:01:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
403636
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13627
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 15 Apr 2023 01:01:06 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame DBEB 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022041301&jk=4240033368257457&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 72C5 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?aD3icA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 17:08:22 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
event
condenast.demdex.net/ 		9 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://condenast.demdex.net/event?d_dil_ver=9.4&_ts=1650388102599
Requested by
Host: apple.news
URL: https://apple.news/AV7wePdNjTPeFy5q5BdpmIQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.224.186.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-224-186-170.compute-1.amazonaws.com
Software
/
Resource Hash
0c749e1f1e821ca6667474791993e9e04c5e2f2ca9a7fc9976c47ed448d34b37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-va6-2-v031-00e741aac.edge-va6.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
g1m9W2sbR1k=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.wired.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
2288
Expires
Thu, 01 Jan 1970 00:00:00 UTC
collect
analytics.google.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-P1P55J3LNW&gtm=2oe4d0&_p=1715062932&_z=ccd.NLB&cid=145265742.1650388094&ul=en-us&sr=1600x1200&_s=2&dl=%2Fstory%2Fpipedream-ics-malware%2F&dr=https%3A%2F%2Fapple.news%2F&sid=1650388096&sct=1&seg=0&dt=Pipedream%20Malware%3A%20Feds%20Uncover%20%27Swiss%20Army%20Knife%27%20for%20Industrial%20System%20Hacking%20%7C%20WIRED
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P1P55J3LNW&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.wired.com/story/pipedream-ics-malware/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:22 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.wired.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022041301&jk=4240033368257457&bg=!1Nel15PNAAZvJBiFTyQ7ACkAdvg8WnbHiSoZcf3h6kzIZEM6-0ic68wCu2GZ1itaK79a-kDa4sbN6wIAAABYUgAAAAJoAQeZAqWnNVRceyEaWfN1u8hJ5uIJIJOhHeIhdl2bYKSmt3YfZ_sXHskWMJH47a8ezWivpVQ03CHBAHtiy-0hox-seBIh8Cq01k8vtA04cRco31YPpuO8kFOtClVzBoRYdbOOvh7WUJobWP3hs59TivJ0llv5OWwhATm6vfPiW7h0rtxaSKrjcGIuC5vaTIfJlADE4cPrWd7lhDyda-316Oox3pFyli3npjkSONcwyW39NPDrcbRKzVR6FR1wLKDaQW8QnPHzQ-Q9EtL0TdBCog-tPXJGVdZeLHcWuIoTaknfUSBmdJyTf51qbj_15kE6qnOtwI0kNef-qcMZB7Rtz1tSGnBULw88S7cEFFIyHfMRiIEyiaeSuai7KQBDkKLUVD5IpHOFS9i0h-tjcGZm1D_SAchBbRDqElP8q2Z9WP8M2x_91sD5VoZx4-48tRBCGPiqVp97DW2cY59j___O4SMrtN1r4vLwrzGvkg7G6GutL6UIqVjbLDIhu1lsKNfccZZakBJroT4eM4IECldcliBEEljqODHdu53Nn8DwBnwe_ud9w-S9Nb_QDCtT_wNxakO9-wqBKI3TxUjbVIm7ZClAXJJ8jSM-DiYmb9GSMfVVVXj4QiJimehV7z1xAsPWnLfXMKPg4mNBLs5RhJumHeaTBd7txNR6B2qmvKOUj1RA4ACcMo-e8PvGoR3U3M6onpRldr7qmrCFCtvNS4TRaXhsTeeZ-pN-B-b1s50rs1uThWIcp4sC6WrmPt4_ycWJPQUNipk0vCFQFOLbj0vm3acjNA-a428oMp-At7RhpkJVA7Qhu4yYzKqkyAiW-8sBC6KIPl0x3zQO9wbxBC6tMjtjWRpcbn4A1LxvsnbmT4DA9J5GgQzTEY6UTIk_xionMq2a42DodXHMOQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
pixel.gif
px.moatads.com/ 		43 B
253 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&ra=1&pxm=2&sgs=3&vb=14&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=BPI1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B987jmPgh_%3CXT%23Vyt9.aS%3B4oD%7D%60%3Fjc!L2LmqMs%3Cex1bxNTK7%2BuCTpY%3CZ.T%5B%2B%22gbzbSSr1r4YvKUntB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-3gPfcs6wZ10QbMk%2BqjMratT%2F8IKBUGMSV3D%2B4hwCudYVWqlJ9ew2bEg%3D&rs=1-8mrC8H1EcAEJWg%3D%3D&sc=1&os=1-8Q%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=11&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&id=1&ii=4&f=0&j=https%3A%2F%2Fapple.news&t=1650388097904&de=6816706611&cu=1650388097904&m=5190&ar=bee2df476bf-clean&iw=23c8749&cb=0&ym=0&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=6434&le=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A628%3A628%3A9568%3A735&as=1&ag=5173&an=1339&gi=1&gf=5173&gg=1339&ix=5173&ic=5173&ez=1&ck=1129&kw=925&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5173&bx=1339&ci=1129&jz=925&dj=1&aa=1&ad=5034&cn=1200&gn=1&gk=5034&gl=1200&ik=5034&co=1200&cp=1132&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4975&cd=1132&ah=4975&am=1132&xd=00&rf=0&re=1&ft=4934&fv=1200&fw=136&wb=2&cl=0&at=0&d=11590170%3A27523353%3A525643043%3A169412062&bo=2568040&bd=332460082&gw=bpi100914419959&zMoatOrigSlicer1=2568040&zMoatOrigSlicer2=332460082&hv=DCM%20ins&ab=3&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jh=-1&jm=-1&mr=2&ml=27523353&tc=0&fs=198121&na=264588574&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.167.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-167-40.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.wired.com/story/pipedream-ics-malware/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 17:08:23 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
Apache
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Tue, 19 Apr 2022 17:08:23 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
condenastus-d.openx.net
URL
https://condenastus-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=ffd77d01-7e0d-4c2f-a9b4-9476428ffcad%2Cffd77d01-7e0d-4c2f-a9b4-9476428ffcad&nocache=1650388093892&us_privacy=1---&pubcid=6238712a-13ba-42ab-9013-be6a3e95297e&aus=300x250%2C300x600%7C300x250%2C300x600&divids=rail_300x250_300x600%2Crail_300x250_300x600&aucs=%2C&auid=541000882%2C541000850&aumfs=50%2C50

Verdicts & Comments Add Verdict or Comment

241 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| cns function| getCookie function| setCookie function| setGPC function| OptanonWrapper object| googletag object| sparrowQueue object| cnBus object| PARSELY object| __PRELOADED_STATE__ object| dataLayer string| CN_STACK_TEMP object| _perfRefForUserTimingPolyfill object| fastdom function| moatYieldReady object| BOOMR_mq object| apstag object| pbjs function| pbjsChunk object| _pbjsGlobals object| mnet object| OneTrustStub function| __uspapi object| usPrivacyCookie object| gamoo object| otCcpaOptOut function| dnsfeed undefined| ct undefined| et undefined| hourElapsed undefined| msg undefined| pixelDomain undefined| isDomless undefined| documentReferrer undefined| isBeta undefined| viewHash undefined| tagType undefined| pxSrc undefined| moat_px object| Moat#G26 object| MoatSuperV26 object| MoatNadoAllJsonpRequest_69026041 object| Moat#PML#26#1.2 boolean| Moat#EVA object| moatPrebidApi object| headertag boolean| apstagLOADED object| gapi object| ___jsl object| UrlCache object| SUBSCRIPTIONS object| SWG object| ggeac object| google_tag_data object| google_js_reporting_queue string| beaconHostname function| setOptions object| cookie function| ajax function| resetOurXid function| propagateXid function| pixel object| experiments object| __otccpaooLocation undefined| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| gaGlobal string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| adsbygoogle object| ats object| webpackJsonpVerso function| setImmediate function| clearImmediate function| CNE_onReady_16503880943020 object| journeyDataGateway object| dfpDataGateway object| paymentGateway object| paywallGateway object| _cne object| ruriaoe object| jBus object| Optanon object| OneTrust function| setupInterlude1 function| onIframeReady16503880946570 object| google_tag_manager function| postscribe object| google_tag_manager_external string| queryString object| performanceConsent object| functionalConsent object| targetingConsent function| e object| visitor object| adobe function| Visitor object| s_c_il number| s_c_in function| DIL object| dilInstance object| urlParams string| fullUrl object| myParam object| publishDate object| now string| GoogleAnalyticsObject function| ga object| _qevents function| fbq function| _fbq object| __adIq_Config object| __memo_config string| b object| h function| twq function| rdt function| getVisitNumCustom number| d function| addPixel string| _linkedin_partner_id object| _linkedin_data_partner_ids function| hj object| _hjSettings string| TiktokAnalyticsObject object| ttq string| eventMethod function| eventer string| messageEvent object| scrEm object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| _aam_dataLayer undefined| userId boolean| _aam_spa object| SparrowConfigV2 object| core object| gaplugins object| twttr function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| bouncex object| blingbyJson object| MEMO object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| SparrowCache function| Sparrow boolean| sparrowInitialize object| _4d object| sparrow function| get_real_link object| __SKIM_JS_GLOBAL__ object| skimlinksAPI object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels function| lintrk boolean| _already_called_lintrk object| Sailthru function| isAnExcludedLink object| trx function| md5 function| _typeof object| _google_rum_ns_ object| google_persistent_state_async number| google_global_correlator object| closure_lm_569465 object| google object| module$contents$ima$CompanionAdSelectionSettings_CompanionAdSelectionSettings object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge object| auvars object| goog_ddm_ps object| ampInaboxIframes object| ampInaboxPendingMessages object| gaData function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie boolean| __halo__loaded__ object| OneTagNadoscallback_14653336 function| docReady object| au object| autag object| closure_lm_740846 undefined| $ function| jQuery function| close_bouncex_ad object| GoogleGcLKhOms

240 Cookies

Domain/Path Name / Value
www.wired.com/story Name: pay_events
Value: grant-new-smp
.wired.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.wired.com/ Name: CN_xid_refresh
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
www.wired.com/ Name: xid1
Value: 1
www.wired.com/ Name: verso_bucket
Value: 72
.wired.com/ Name: CN_geo_country_code
Value: CA
.wired.com/ Name: CN_segments
Value: co.w2216
www.wired.com/ Name: usprivacy
Value: 1---
www.wired.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.wired.com/ Name: _pubcid
Value: 6238712a-13ba-42ab-9013-be6a3e95297e
.condenastdigital.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
www.wired.com/ Name: OneTrustWPCCPAGoogleOptOut
Value: true
.gq.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.gq.com/ Name: CN_geo_country_code
Value: CA
.allure.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.allure.com/ Name: CN_geo_country_code
Value: CA
.newyorker.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.newyorker.com/ Name: CN_geo_country_code
Value: CA
.architecturaldigest.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.architecturaldigest.com/ Name: CN_geo_country_code
Value: CA
.cntraveler.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.cntraveler.com/ Name: CN_geo_country_code
Value: CA
.epicurious.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.epicurious.com/ Name: CN_geo_country_code
Value: CA
.glamour.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.glamour.com/ Name: CN_geo_country_code
Value: CA
.self.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.self.com/ Name: CN_geo_country_code
Value: CA
.bonappetit.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.bonappetit.com/ Name: CN_geo_country_code
Value: CA
.pitchfork.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.pitchfork.com/ Name: CN_geo_country_code
Value: CA
.vogue.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.vogue.com/ Name: CN_geo_country_code
Value: CA
.teenvogue.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.teenvogue.com/ Name: CN_geo_country_code
Value: CA
.them.us/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.them.us/ Name: CN_geo_country_code
Value: CA
.openx.net/ Name: i
Value: 6238712a-13ba-42ab-9013-be6a3e95297e|1650388093
.vanityfair.com/ Name: CN_xid
Value: c0aa10cc-32ef-4371-a838-e477580f9efd
.vanityfair.com/ Name: CN_geo_country_code
Value: CA
.rubiconproject.com/ Name: khaos
Value: L26EGJDC-1K-8TZI
.adnxs.com/ Name: icu
Value: ChgIi7xmEAoYASABKAEw_tj7kgY4AUABSAEQ_tj7kgYYAA..
.yahoo.com/ Name: A3
Value: d=AQABBH3sXmICEIeCWK4JlugocCbuDU2nfVMFEgEBAQE9YGJoYgAAAAAA_eMAAA&S=AQAAAj0u-MrzffIXCvSf5XpGBtg
.adnxs.com/ Name: uuid2
Value: 5068312605290501509
.wired.com/ Name: __gpi
Value: UID=0000044500e5e7cf:T=1650388093:RT=1650388093:S=ALNI_MawNgb8jh0LRUguYvVEiSwFFk6zCA
www.wired.com/ Name: _lr_geo_location
Value: CA
.wired.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Tue+Apr+19+2022+17%3A08%3A14+GMT%2B0000+(GMT)&version=6.32.0&hosts=&consentId=ca0da381-57f7-4890-a4f1-20679236d0cc&interactionCount=0&landingPath=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpipedream-ics-malware%2F&groups=C0001%3A1%2CC0003%3A1%2CC0004%3A1%2CC0002%3A1
.amazon-adsystem.com/ Name: ad-id
Value: A9W4XkffBE4Ri5sJwI03frY
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.wired.com/ Name: _gcl_au
Value: 1.1.1428269685.1650388095
www.wired.com/ Name: CN_visits_m
Value: 1651363200834%26vn%3D1
www.wired.com/ Name: CN_in_visit_m
Value: true
.doubleclick.net/ Name: IDE
Value: AHWqTUn2aMckQG_Kn3PBGngmGyuubb1tYnO2sDtD_gT3BFdc49IodeX_UvSz-_0Bkgw
.turn.com/ Name: uid
Value: 8304346631304572768
.wired.com/ Name: __gads
Value: ID=b1d44f49b8b413d5:T=1650388093:S=ALNI_Mbp1e38ciDp26q0_SlcWfCK-cav3A
.tapad.com/ Name: TapAd_TS
Value: 1650388095200
.tapad.com/ Name: TapAd_DID
Value: 2fd282df-41d0-44d6-9e93-1cf49faa06bc
.scorecardresearch.com/ Name: UID
Value: 1504464f40a2c7442d3c29c1650388095
.demdex.net/ Name: demdex
Value: 51128452588216843153317871896908876551
.wired.com/ Name: AMCVS_F7093025512D2B690A490D44%40AdobeOrg
Value: 1
.quantserve.com/ Name: mc
Value: 625eec7f-50624-99c68-fc0bf
www.wired.com/ Name: __srret
Value: 1
.wired.com/ Name: sID
Value: 8eaeadd8-b23f-4df8-8692-888f7fc5dce8
www.wired.com/ Name: pID
Value: b8c5454f-ed15-4054-8d4c-c698d3ec1f22
www.wired.com/ Name: CN_sp
Value: 61b2c59d-8f2d-461e-8ff7-d7d8748cd1be
www.wired.com/ Name: CN_su
Value: 145d491f-569a-4b66-bc34-587f4457f2cc
.adsrvr.org/ Name: TDID
Value: 5c721061-149d-4078-895c-afabf1a9fca0
.doubleclick.net/ Name: DSID
Value: NO_DATA
.pippio.com/ Name: did
Value: 6rQkmBTy_jpzxmbz
.pippio.com/ Name: didts
Value: 1650388095
.pippio.com/ Name: nnls
Value:
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Yl7sfwAAAHRrhARA
.ad.gt/ Name: au_id
Value: 709de7b3-ad72-41b0-a5a3-bee226fa562e
.ad.gt/ Name: au_idmatch
Value: eyJhcG4iOiAxNjUwMzg4MDk1NDk4LCAidHRkIjogMTY1MDM4ODA5NTQ5OCwgInB1YiI6IDE2NTAzODgwOTU0OTgsICJhZHgiOiAxNjUwMzg4MDk1NDk4LCAiaGFsbyI6IDE2NTAzODgwOTU0OTgsICJnb28iOiAxNjUwMzg4MDk1NDk4LCAic21hcnQiOiAxNjUwMzg4MDk1NDk4LCAic29uIjogMTY1MDM4ODA5NTQ5OCwgInVucnVseSI6IDE2NTAzODgwOTU0OTh9
.wired.com/ Name: _rdt_uuid
Value: 1650388095563.ed395cdc-6036-4447-b9a4-d90b361dee5c
www.wired.com/ Name: sailthru_pageviews
Value: 1
.wired.com/ Name: CN_ad_block
Value: 0
.t.co/ Name: muc_ads
Value: 5aadb057-a8e5-48bf-a3e1-2543d965dc45
.dpm.demdex.net/ Name: dpm
Value: 51128452588216843153317871896908876551
.twitter.com/ Name: personalization_id
Value: "v1_64H+Gi4WM8qaJCEL+5e+cg=="
.linkedin.com/ Name: li_sugr
Value: 0302ae64-220c-44e7-90c8-11aca3d9147c
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&2526ea1b-b5cb-443d-89e8-dbc1baac5cc6"
.linkedin.com/ Name: lidc
Value: "b=TGST02:s=T:r=T:a=T:p=T:g=2765:u=1:x=1:i=1650388095:t=1650474495:v=2:sig=AQFVQSx6tEkoJq75cuXgsd46lNwbM4e1"
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!2633
.pippio.com/ Name: pxrc
Value: CP/Y+5IGEgQIAhAAEgYI7OsBEAA=
.wired.com/ Name: _parsely_session
Value: {%22sid%22:1%2C%22surl%22:%22https://www.wired.com/story/pipedream-ics-malware/%22%2C%22sref%22:%22https://apple.news/%22%2C%22sts%22:1650388096029%2C%22slts%22:0}
.wired.com/ Name: _parsely_visitor
Value: {%22id%22:%22pid=2a04e4fbe6d11a793ae8f38ef0778425%22%2C%22session_count%22:1%2C%22last_session_ts%22:1650388096029}
.contextweb.com/ Name: V
Value: WA8xlpgJfgLf
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 70b7cf4f56726c08
.3lift.com/ Name: tluid
Value: 279427031869946490122
.casalemedia.com/ Name: CMID
Value: Yl7sgEQk4ZWFQV1vkhZJgwAA
.casalemedia.com/ Name: CMPS
Value: 468
.wired.com/ Name: AMCV_F7093025512D2B690A490D44%40AdobeOrg
Value: -408604571%7CMCIDTS%7C19102%7CMCMID%7C50963508801483244823334611347637241822%7CMCAAMLH-1650992895%7C9%7CMCAAMB-1650992895%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1650395295s%7CNONE%7CMCSYNCSOP%7C411-19109%7CvVersion%7C4.6.0
.casalemedia.com/ Name: CMPRO
Value: 464
.smartadserver.com/ Name: pid
Value: 7635925066268763285
.linkedin.com/ Name: UserMatchHistory
Value: AQKolO8262Mb_gAAAYBCy9TSCKgZjjHO8a77ujRzPBa-Tcv74-JRNlpq9YP4dcivUc9cVyLMbOTs1g
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLAhUgoIdn5OgAAAYBCy9TTsbzLz8iLNU-VfrQM8k1vQPiS-7Jkaf0siNueankGzrc4udmNleOO8hOG30ynfg
.wired.com/ Name: pay_ent_smp
Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsInZlciI6MX0.eyJ1cmxzIjpbIi9zdG9yeS9waXBlZHJlYW0taWNzLW1hbHdhcmUiXSwiY250IjoxLCJtYXgiOjEsImV4cCI6MjAyMjA0LCJpc3MiOiJ3aXJfaGlnaF9wcm9wIn0.fFSOUVaFyDUZ1L8UQwUUoMdFvQofO3ujE-rgpxLhPDY
www.wired.com/ Name: cneplayercount
Value: 1
.pubmatic.com/ Name: KTPCACOOKIE
Value: true
.linksynergy.com/ Name: rmuid
Value: bcd8c4b4-2bf0-4e12-8e50-b05d750e7085
.linksynergy.com/ Name: icts
Value: 2022-04-19T17:08:16Z
.go.sonobi.com/ Name: __uis
Value: 25def852-866c-4d5c-9ec5-2d11780385bc
.go.sonobi.com/ Name: HAPLB8S
Value: s8757|Yl7se
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: pbw
Value: %24b%3d16100%3b%24o%3d11100
.ad.gt/ Name: last_seeng_hosted
Value: 1650388096472
.ad.gt/ Name: g_hosted
Value:
www.wired.com/ Name: sailthru_content
Value: 31e44b6880dcc399b98e570799178d90
www.wired.com/ Name: sailthru_visitor
Value: 3efc06ad-d8c4-407c-86d7-597b30e12d47
.ad.gt/ Name: last_seentd
Value: 1650388096656
.ad.gt/ Name: first_seentd
Value: 1650388096657
.wired.com/ Name: _fbp
Value: fb.1.1650388096709.592063518
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 399F1BBB-5F36-413A-B5AF-6A196DD6CC89
.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.www.linkedin.com/ Name: bscookie
Value: "v=1&2022041917081649739750-d684-4111-87b3-64017ffa2d99AQFqW8bQvgLHDqc7071FGwJke3D5eilN"
.ad.gt/ Name: last_seenadnxs
Value: 1650388096782
.ad.gt/ Name: first_seenadnxs
Value: 1650388096782
.ad.gt/ Name: last_seenadx
Value: 1650388096781
.ad.gt/ Name: first_seenadx
Value: 1650388096781
.ad.gt/ Name: last_seenson
Value: 1650388096823
.facebook.com/ Name: fr
Value: 05uw04G54tH9AeQWk..BiXuyA...1.0.BiXuyA.
.wired.com/ Name: AMP_TOKEN
Value: %24NOT_FOUND
.wired.com/ Name: _gid
Value: GA1.2.1549923057.1650388097
.wired.com/ Name: _dc_gtm_UA-8293713-27
Value: 1
.wired.com/ Name: bounceClientVisit2825v
Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0xAlgE4CmAJmQMYD2AtkSgi9QJ5ERKEBnQCGbALSUmKCW1FhioukRAAaENRghRECGFpkAdrWIoQAXyA
www.wired.com/ Name: __srui
Value: 4d7fe2b9-c003-11ec-878e-6e91bbde326c
.agkn.com/ Name: ab
Value: 0001%3AJHuAR0d6RPHUwhPrxcMiqlTze1Cn7Zob
.ad.gt/ Name: last_seenpbm
Value: 1650388097153
.ad.gt/ Name: first_seenpbm
Value: 1650388097153
.ad.gt/ Name: last_seenunruly
Value: 1650388097156
.adgrx.com/ Name: ADGRX_UID
Value: 4e490e58-c003-11ec-a2c2-79feb162e037
.sitescout.com/ Name: ssi
Value: db199c4e-400a-4380-a79d-834916fac0f2#1650388097242
.w55c.net/ Name: wfivefivec
Value: EJllit1C1NGRkR5
.wired.com/ Name: __qca
Value: P0-1657309964-1650388096618
.wired.com/ Name: _hjSessionUser_1537182
Value: eyJpZCI6IjhmNzhhZDQ0LTg2YjEtNWY3Yy1hYmQyLWM4YTQ0MWFlZDAzOSIsImNyZWF0ZWQiOjE2NTAzODgwOTY2MzcsImV4aXN0aW5nIjpmYWxzZX0=
.wired.com/ Name: _hjFirstSeen
Value: 1
www.wired.com/ Name: _hjIncludedInSessionSample
Value: 1
.wired.com/ Name: _hjSession_1537182
Value: eyJpZCI6IjVmMjZlYzljLWI5OWUtNDYxNS05ZDBiLWQzODlkZmUwYzUyZiIsImNyZWF0ZWQiOjE2NTAzODgwOTc0MTYsImluU2FtcGxlIjp0cnVlfQ==
.wired.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
www.wired.com/ Name: _lr_sampling_rate
Value: 100
.adgrx.com/ Name: ADGRX_CM_CASALE_BRIDGED
Value: 1
.sitescout.com/ Name: _ssuma
Value: eyI0IjoxNjUwMzg4MDk3NTI0LCIyNyI6MTY1MDM4ODA5NzUyNCwiMzkiOjE2NTAzODgwOTc1MjR9
.w55c.net/ Name: matchcasale
Value: 5
.ad.gt/ Name: last_seenconde_nast_xid
Value: 1650388097541
.openx.net/ Name: univ_id
Value: 537072971|5c721061-149d-4078-895c-afabf1a9fca0|1650388097583728
.ad.gt/ Name: last_seenhaloid
Value: 1650388097570
.ad.gt/ Name: first_seenhaloid
Value: 1650388097570
www.wired.com/ Name: _lr_retry_request
Value: true
www.wired.com/ Name: _lr_env_src_ats
Value: false
.exelator.com/ Name: EE
Value: "99030824981529f2bff62b9362338fd1"
.wired.com/ Name: _ga_P1P55J3LNW
Value: GS1.1.1650388096.1.0.1650388097.59
.openx.net/ Name: pd
Value: v2|1650388096.1|iKvMgakWgy.bwuYvPhEgKg2
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQcHS0sDYwMLIxNLC0NTIMs0oKS3NzCjJ0tjMyNjYIi3FcHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDAYEl%252BUWb6ImfHxUUpaQyLSopPBR9QTAMATcEo8g%253D%253D"
.media.net/ Name: visitor-id
Value: 2933896971455429000V10
.adsymptotic.com/ Name: U
Value: edac0a428f128e924c46fa2f1448938d
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1dd0|2N.0.AAAGeExTYbUELQNScM2JAAAAAAA|3oy.0.db199c4e-400a-4380-a79d-834916fac0f2-625eec81-4341|4is.0.CAESEH_Rtpn8G6A04fttShO-asU|7TY.0
.addthis.com/ Name: ouid
Value: 625eec810001447608813b88072efc24a94fde51aa71e50d962b
.addthis.com/ Name: um
Value: g.'51128452588216843153317871896908876551'
.addthis.com/ Name: uid
Value: 625eec81fadc6195
.bounceexchange.com/ Name: bounceClientVisit2825c
Value: %7B%22vid%22%3A1650388097941517%2C%22did%22%3A%221172637065340149041%22%7D
.wired.com/ Name: _gat_auPassiveTagger
Value: 1
.wired.com/ Name: _ga
Value: GA1.2.145265742.1650388094
.advertising.com/ Name: APID
Value: UP4ec5bf28-c003-11ec-87cc-0a0ae1b43cb9
.w55c.net/ Name: matchmedianet
Value: 5
.rlcdn.com/ Name: rlas3
Value: F/Brpvy2Y9+oHPSgpZSTJlXTLYpiyeU2gph+uH46MIk=
.criteo.com/ Name: uid
Value: 8bf42e93-8fcc-4a52-8842-f54b6a4099bd
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjS3MDY3Nzc2NDK2MDM1NbU0NBDiM9R1MyhNNwirMPXxKAwAAIq0siIlAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjS3MDY3Nzc2NDK2MDM1NbU0NBDiM9R1MyhNNwirMPXxKAyQ4jU0MzUwtrAwsLQwtDQBAG9m4DU0AAAA
.bidswitch.net/ Name: c
Value: 1650388098
.bidswitch.net/ Name: tuuid_lu
Value: 1650388098
.dotomi.com/ Name: DotomiTest
Value: 2c4cf754f1b11237
.mfadsrvr.com/ Name: c
Value: 1650388098
.mfadsrvr.com/ Name: tuuid_lu
Value: 1650388098
.mfadsrvr.com/ Name: tuuid
Value: 1ca2402a-447e-42f8-8192-efc498510f38
.bidswitch.net/ Name: tuuid
Value: 063a7caa-9fc5-4484-9d5d-a77bb0ad0283
.zemanta.com/ Name: zuid
Value: LSFN4nM5o-e6yiWDFWp8
.adsrvr.org/ Name: TDCPM
Value: CAESFAoFdGFwYWQSCwiK2pydp4zROhAFEhUKBmNhc2FsZRILCIzNpK2njNE6EAUSFgoHcnViaWNvbhILCLr7zbanjNE6EAUYASACKAIyCwjijPnhvYzROhAFOAFaBzhtMzN6azRgAg..
.media.net/ Name: data-xu
Value: EJllit1C1NGRkR5~~8
.mfadsrvr.com/ Name: ssh
Value: !medianet,1650388098
.media.net/ Name: data-c-ts
Value: 1650388098
.media.net/ Name: data-g
Value: CAESEFhUEUKrv4bWnjFoSXWNSmE~~8
.media.net/ Name: data-rk
Value: 1783777312386555910~~8
.rlcdn.com/ Name: pxrc
Value: CP/Y+5IGEgUI6AcQABIFCOhHEAASBgjx6wEQAg==
.media.net/ Name: data-c
Value: 8bf42e93-8fcc-4a52-8842-f54b6a4099bd~~1
.media.net/ Name: data-ttd
Value: 5c721061-149d-4078-895c-afabf1a9fca0~~1
.analytics.yahoo.com/ Name: IDSYNC
Value: "18y3~24f5:18za~24f5:175w~24f5:18xa~24f5"
.mathtag.com/ Name: uuid
Value: 8328625e-ec82-4100-8d9d-2a3f9ab9d1e0
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-e6da39ae-02fa-4368-7d61-bcbb14e41015.lg5E2fofimog%2FcE9pMCuYGPY5QyeaBQwGRR12oDuhJ0
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A5to5rgL6Q2h9Yby7FOQQFZU4mbo.ff3T1bGGFvJpymEojQwyU7ycWrxi7XkQrH6vuOUwfVM
.media.net/ Name: data-mf
Value: 1ca2402a-447e-42f8-8192-efc498510f38~~1
.owneriq.net/ Name: si
Value: Q7036744981805404043
.media.net/ Name: data-co
Value: AAAGd_FgUeIZiQMvtTsDAAAAAAA~~8
.media.net/ Name: data-mm
Value: 8328625e-ec82-4100-8d9d-2a3f9ab9d1e0~~8
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: 47be9ae4901b809e83480da9e85b94fd
.bidr.io/ Name: bito
Value: AADaN07EvdkAADk7cukj0Q
.bidr.io/ Name: bitoIsSecure
Value: ok
.media.net/ Name: data-bs
Value: 063a7caa-9fc5-4484-9d5d-a77bb0ad0283~~1
.tribalfusion.com/ Name: ANON_ID
Value: aXnr6iOZb3VhUEjUAvMil3VvnZb7qnd23xLQEc3PosZadZdInF8cHEmpl5MZbFZbWBmwX1BITdLsKy
.media.net/ Name: data-ze
Value: 9IykJUvQmM6eWtT9fxrc~~8
.brand-display.com/ Name: _knxq_
Value: 96de184a-9f77-a3df-5de641ec.1650388098.0.1650388098.1650388098
.media6degrees.com/ Name: clid
Value: 2raljlv01171qbe7ydb3bzlv0000000131010h01401
.media6degrees.com/ Name: acs
Value: 012020k1raljlvxzt10
.33across.com/ Name: 33x_ps
Value: u%3D2039278594377%3As1%3D1650388099139%3Ats%3D1650388099139
.quantserve.com/ Name: d
Value: ELcBDAH4JbmvYA
.yieldoptimizer.com/ Name: fbh0
Value: %7B%7D
.yieldoptimizer.com/ Name: gcma
Value: %7B%22t%22%3A0%2C%22o%22%3Afalse%7D
.yieldoptimizer.com/ Name: rmxc
Value: %7B%22t%22%3A0%2C%22e%22%3A%22%22%2C%22i%22%3Afalse%7D
.yieldoptimizer.com/ Name: cktst
Value: 855847203
.yieldoptimizer.com/ Name: ckid
Value: 2026962838431
.yieldoptimizer.com/ Name: dph
Value: %7B%22t%22%3A%5B116561%5D%2C%22dp%22%3A%5B2233%5D%7D
.yieldoptimizer.com/ Name: ph
Value: %7B%22p%22%3A%5B1025%5D%2C%22t%22%3A%5B116561%5D%7D
.owneriq.net/ Name: p2
Value: adpq
.mxptint.net/ Name: mxpim
Value: R1B342_EE958283_44839BCA.1.00000000000000000000000000000000000000000000000000000000625EEC84
.krxd.net/ Name: _kuid_
Value: OycHKw0c
.fwmrm.net/ Name: _uid
Value: "e3496_7088362915207871651"
.rubiconproject.com/ Name: audit
Value: 1|mFVHqHkj5bFPBT3Wskoh/u1WuCoMxA8a+JUixCbOKdolQVmnFEBAWShJUJCgZMNVea3E0rv42GncsbnI2WrMriYbB5SW5XQ3r2IsKRhWH5ema+WVcS1g3g==
.adnxs.com/ Name: anj
Value: dTM7k!M4.FErk#WF']wIg2Hb7q5.D#!@wnfH)iR8PMp-v=0C#4bO!'OiJ%Bi[%tT@fENZqp6pq](j#iP(Md+uBZ.Nkx3I%>WDGDZ<wEexQ67Oe!@Grz*Yf?H
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-Yl7sfwAAAHRrhARA&KRTB&22978-Yl7sfwAAAHRrhARA&KRTB&23194-Yl7sfwAAAHRrhARA&KRTB&23209-Yl7sfwAAAHRrhARA
.pubmatic.com/ Name: PugT
Value: 1650388100
.pubmatic.com/ Name: PUBMDCID
Value: 2
.spotxchange.com/ Name: audience
Value: 5089fc87-c003-11ec-ae78-17ac3e130303
.onaudience.com/ Name: cookie
Value: 9c5b055436ad7f56
.demdex.net/ Name: dextp
Value: 21-1-1650388096944|269-1-1650388097160|3-1-1650388097518|420-1-1650388097729|60-1-1650388097874|358-1-1650388098100|477-1-1650388098270|481-1-1650388098407|843-1-1650388098528|540-1-1650388098645|601-1-1650388098765|771-1-1650388098866|992-1-1650388098968|1123-1-1650388099069|1175-1-1650388099171|1524-1-1650388099272|22069-1-1650388099373|575-1-1650388099474|53196-1-1650388099575|73426-1-1650388099677|75557-1-1650388099778|79908-1-1650388099879|66757-1-1650388099980|121998-1-1650388100081|796-1-1650388100182|144230-1-1650388100283|144231-1-1650388100384|144232-1-1650388100486|144233-1-1650388100587|144234-1-1650388100688|144235-1-1650388100790|144236-1-1650388100891|144237-1-1650388100992|161033-1-1650388101093|285689-1-1650388101195
global.ib-ibi.com/ Name: ASP.NET_SessionId
Value: ek42elbvrsjhdj34tmcrdzus
.rkdms.com/ Name: sessionid
Value: h-9cdd2719bbcfb22b270867776fbbf0e6_t-1650388101
ib.mookie1.com/ Name: ASP.NET_SessionId
Value: voe0agdumacjzjrssylmrmwy
.adotmob.com/ Name: uid
Value: 078e2204070ab2f529ea18b1
.adotmob.com/ Name: uuid
Value: 078e2204070ab2f529ea18b1
.adotmob.com/ Name: partners
Value: IX%3A1650388102040
.casalemedia.com/ Name: CMRUM3
Value: e6625eec802760&1f625eec8205a0&2e625eec8205a0&2f625eec812760EJllit1C1NGRkR5&2d625eec812760CAESEDA4BxdpldxAClHHFETnhn4&29625eec8005a0&bf625eec82000196de184a-9f77-a3df-5de641ec&69625eec8105a00&0d625eec862760078e2204070ab2f529ea18b1&82625eec82a8c0&27625eec8127605c721061-149d-4078-895c-afabf1a9fca0&83625eec82276018072662286960592625&f1625eec8005a0&dd625eec822760&be625eec8227605068312605290501509&49625eec8205a0&58625eec842760Yl7sfwAAAHRrhARA
.casalemedia.com/ Name: CMST
Value: Yl7sgGJe7IYA
.ib.mookie1.com/ Name: ibkukiuno
Value: s=d6078300-4401-4062-b3ab-cff856bc96ff&h=&v=0&l=-8585512187833404650&op=&hl=0&vlu=0&tcs=1&dcc=-8585512187836080671
.ib.mookie1.com/ Name: ibkukinet
Value: 2503514554=-8585512187833404650&2503514554=-8585512187833404650
.wired.com/ Name: aamconde
Value: conde%3Dsv%3BCN%3D764985
.wired.com/ Name: aamoptsegs
Value: aam%3D226821
.wired.com/ Name: aam_uuid
Value: 51128452588216843153317871896908876551

11 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
other warning URL: https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs(Line 1)
Message:
Unrecognized feature: 'attribution-reporting'.
network error URL: https://d.turn.com/r/dd/id/L21rdC84MTYvY2lkLzI4NTk1MjE1L3QvMA/kv/PageName=cyberattacks%20and%20hacks,SiteID=Wired,CampaignID=1802C,Channel=website,CreativeID=security,Placement=apple
Message:
Failed to load resource: the server responded with a status of 404 ()
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=1422
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://p.adsymptotic.com/d/px?_pid=11693&_psign=bf265992ae7fbdc1ab4b39651c157974&_puuid=51128452588216843153317871896908876551&_rand=1583046326&_pp=adobeXtest&_redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=1524%26dpuuid=${UUID}
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://fr-actions.trackonomics.net/prod/www.wired.com/story/pipedream-ics-malware/action_links.json
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0b73f84d9f9a9a9b15c15bb4731d0a31.safeframe.googlesyndication.com
4d.condenastdigital.com
a.ad.gt
a.tribalfusion.com
aa.agkn.com
aax-eu.amazon-adsystem.com
abp.mxptint.net
acdn.adnxs.com
ad.doubleclick.net
ad.turn.com
ads.scorecardresearch.com
ads.yahoo.com
adservice.google.ca
adservice.google.com
ak.sail-horizon.com
alb.reddit.com
ampcid.google.ca
ampcid.google.com
analytics.google.com
analytics.tiktok.com
analytics.twitter.com
aorta.clickagy.com
api.bounceexchange.com
api.condenast.io
api.rlcdn.com
api.sail-personalize.com
apis.google.com
apple.news
as-sec.casalemedia.com
assets.bounceexchange.com
assoc-na.associates-amazon.com
ats.rlcdn.com
b1sync.zemanta.com
beacon.krxd.net
bh.contextweb.com
c.amazon-adsystem.com
c21lg-d.media.net
c2shb.ssp.yahoo.com
capture.condenastdigital.com
cdn-magiclinks.trackonomics.net
cdn.ampproject.org
cdn.cookielaw.org
cdn.memo.co
cdn.parsely.com
check.analytics.rlcdn.com
cm.adgrx.com
cm.everesttech.net
cm.g.doubleclick.net
condenast.demdex.net
condenastus-d.openx.net
connect.facebook.net
contextual.media.net
cs.media.net
d.adroll.com
d.turn.com
d1z2jf7jlzjs58.cloudfront.net
d2c8v52ll5s99u.cloudfront.net
dfp.bouncex.net
dis.criteo.com
dmp.adblade.com
dmp.brand-display.com
dmp.v.fwmrm.net
dp2.33across.com
dp8hsntg6do36.cloudfront.net
dpm.demdex.net
dsum-sec.casalemedia.com
dsum.casalemedia.com
dwgyu36up6iuz.cloudfront.net
eb2.3lift.com
elsa.memoinsights.com
eus.rubiconproject.com
events.bouncex.net
fastlane.rubiconproject.com
fei.pro-market.net
fonts.googleapis.com
fonts.gstatic.com
fr-actions.trackonomics.net
geo.privacymanager.io
geolocation.onetrust.com
global.ib-ibi.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbx.media.net
htlb.casalemedia.com
ib.adnxs.com
ib.mookie1.com
id.halo.ad.gt
id.rlcdn.com
id.sv.rkdms.com
idpix.media6degrees.com
ids.ad.gt
idsync.rlcdn.com
image2.pubmatic.com
imasdk.googleapis.com
infinityid.condenastdigital.com
journey.wired.com
js-sec.indexww.com
load77.exelator.com
loadm.exelator.com
match.adsrvr.org
match.prod.bidr.io
mb.moatads.com
media.wired.com
medianet-match.dotomi.com
news.google.com
p.ad.gt
p.adsymptotic.com
p.rfihub.com
p.skimresources.com
p1.parsely.com
pagead2.googlesyndication.com
pbs.getpublica.com
pippio.com
pitchfork.com
pixel-sync.sitescout.com
pixel.advertising.com
pixel.condenastdigital.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
pixels.ad.gt
player.cnevids.com
pm.w55c.net
polyfill.io
pr-bh.ybp.yahoo.com
prebid.media.net
pubads.g.doubleclick.net
pulsepoint-match.dotomi.com
px.ads.linkedin.com
px.moatads.com
px.owneriq.net
px4.ads.linkedin.com
r.skimresources.com
rtb.mfadsrvr.com
rules.quantcount.com
s.amazon-adsystem.com
s.skimresources.com
s.tribalfusion.com
s0.2mdn.net
sb.scorecardresearch.com
script.hotjar.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
segment-data.zqtk.net
snap.licdn.com
ssbsync-us.smartadserver.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
su.addthis.com
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.mathtag.com
sync.search.spotxchange.com
sync.smartadserver.com
sync.srv.stackadapt.com
t.co
t.skimresources.com
tag.bounceexchange.com
tag.yieldoptimizer.com
tags.rd.linksynergy.com
token.rubiconproject.com
tpc.googlesyndication.com
trx-hub.com
u.openx.net
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
vars.hotjar.com
www.allure.com
www.apple.com
www.architecturaldigest.com
www.bonappetit.com
www.cntraveler.com
www.epicurious.com
www.facebook.com
www.glamour.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gq.com
www.linkedin.com
www.newyorker.com
www.redditstatic.com
www.self.com
www.teenvogue.com
www.them.us
www.vanityfair.com
www.vogue.com
www.wired.com
x.bidswitch.net
x.dlx.addthis.com
z-na.associates-amazon.com
z.moatads.com
condenastus-d.openx.net
103.229.206.240
104.118.8.151
104.18.98.194
104.244.42.3
104.244.42.69
104.36.115.109
107.178.246.49
107.178.254.65
13.107.42.14
13.225.209.11
13.225.209.110
13.225.222.69
13.225.223.20
13.225.223.29
13.225.223.31
13.225.223.34
13.225.223.81
13.225.66.5
13.33.60.49
13.33.81.81
13.35.73.28
142.250.65.162
142.250.80.2
142.250.80.38
142.251.40.162
143.204.146.75
146.75.28.157
15.254.18.59
151.101.0.239
151.101.1.108
151.101.128.239
151.101.129.140
151.101.192.239
151.101.194.194
151.101.64.239
151.101.66.49
151.139.128.11
173.231.178.85
18.191.113.36
18.207.82.126
18.213.144.100
18.214.156.126
18.220.129.77
18.67.76.84
184.85.195.135
192.35.249.120
198.148.27.139
199.127.204.147
199.187.193.192
199.187.193.197
199.38.167.129
2001:438:65:13::2360
2001:4998:14:800::1001
207.198.113.177
209.54.180.3
23.205.72.10
23.216.132.73
23.4.227.170
23.50.78.169
23.52.162.21
23.52.167.40
23.54.200.27
23.78.168.242
23.78.210.18
2600:1400:b000:293::3277
2600:1400:b000:49d::1aca
2600:141b:13::17d7:825a
2600:1901:0:8eee::
2600:1f18:4e9:5a07:3856:31e7:dd7:3c3d
2600:1f18:6593:f606:ee73:d59a:4018:6dc2
2600:9000:21ec:3e00:6:44e3:f8c0:93a1
2600:9000:21ec:a600:1a:609a:6780:93a1
2600:9000:2209:de00:1d:8c8c:47c0:93a1
2602:803:c002:200::42
2606:4700:10::6814:b844
2606:4700:4400::6812:230b
2606:4700::6810:9540
2606:4700::6812:b4f
2607:f8b0:4004:c09::9d
2607:f8b0:4006:806::2002
2607:f8b0:4006:807::2002
2607:f8b0:4006:808::2002
2607:f8b0:4006:809::200e
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80d::2001
2607:f8b0:4006:80e::2001
2607:f8b0:4006:80e::2004
2607:f8b0:4006:816::200e
2607:f8b0:4006:81c::2001
2607:f8b0:4006:81e::200a
2607:f8b0:4006:81f::2002
2607:f8b0:4006:820::200e
2607:f8b0:4006:821::200e
2607:f8b0:4006:822::2003
2607:f8b0:4006:822::2008
2607:f8b0:4006:822::200a
2607:f8b0:4006:822::200e
2607:f8b0:4006:824::2003
2607:f8b0:4006:824::2006
2620:100:a001::c
2620:112:f002:bbbb::21
2620:112:f002:bbbb::23
2620:116:800b:21:44af:4f54:8af4:5563
2620:1ec:21::14
2a02:6ea0:c400::11
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
2a04:4e42:400::396
2a04:4e42:c00::282
3.218.90.66
3.226.21.92
3.33.220.150
34.107.148.139
34.111.151.213
34.111.8.32
34.120.155.137
34.120.253.250
34.199.73.116
34.202.177.96
34.202.58.161
34.226.166.7
34.231.116.207
34.232.7.173
34.236.83.94
34.98.64.218
34.98.67.3
34.98.72.95
35.190.52.204
35.190.59.101
35.190.60.146
35.190.91.160
35.201.67.47
35.207.24.140
35.211.178.172
35.244.159.8
35.71.139.29
35.81.107.237
4.78.226.224
50.16.197.56
50.17.212.240
51.79.83.225
52.0.204.120
52.2.129.5
52.205.167.202
52.25.223.171
52.26.86.82
52.4.86.119
52.46.141.85
52.95.125.22
54.148.204.204
54.162.166.167
54.187.199.115
54.224.186.170
54.230.102.38
54.81.207.173
54.85.177.101
54.90.196.139
64.58.232.179
64.58.232.180
67.202.105.22
68.67.161.182
69.166.1.10
70.42.32.159
74.119.119.150
75.2.40.13
8.43.72.97
99.84.112.62
99.84.118.11
99.84.120.217
99.84.42.77
013c97245f47c8cbc7adcd6faa3febeb649d6b85971639c0cc2292f4cb7d50a5
01c80620c23ff10fb69ca52bc002cd34e5d77d80d068b9b1f7258cb28345b8ab
03aa6fcac2902227e1b66a01b87824692f708bbf9bfe441784f8ed22d677f6de
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06dac66f8ccb6659374711acb6acf073511421ff522d519cc1766746330679ad
07da28929f6d4cb8894de074ff1ae095860bf6686c7bb3024168c6c8e5e65ad8
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
0a280e864b87587efb0dad5227e1e3c55a72cc15ad6f1aa76766bb6128118ccb
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c749e1f1e821ca6667474791993e9e04c5e2f2ca9a7fc9976c47ed448d34b37
0d50f67263714ab1e9f117b72c16f9dde48db1d35115c838278d61df26365a3a
0f8260a66c40d97c479fac43972f6d149a0e72296e138e6ece2f9a2e3d9f76b7
10b8eecbae91b7dddfd8c8a0c4f7f3a72d2138be467287084aa0e85a7ee79e86
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1156bbfd835f82e4f8d20f7609d3b5015d5816e03bad1393cab0fc53b6d45db3
11ccb31c6dcb7e89c99874b1c92c341303e57c575a515dbf5da448ed381501b8
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
173d7c7e266672df75c4e048a934c55ee24d9a9028a87fd2957e74d1bd6a8d08
18f25152e6157a80c22560120612d9f9c18790e176d7165194cf5ee62a7773d2
199ad79590104276904e4867d388cafbf3fe34d6482cebec5f1b0d2dc31d2599
19e75d61aa8aa32f4e8f1fa4357ad11b6fc5d8238da854a004df46768b869dff
1ab780a5a7a67934d276c54a74e0b47eae635eeb99a027366fb470fcb97dd5d2
1c39eb6721f509a4f33444ca0981fa061c1529b69f4d451debc9c0ffdd644e1c
1d097e69ff47df9414a0ec07dfc70401084f4599617045a3a3edc7661ff76f3f
1db48e74c51d66422c9b050f8d1d6c4207b5441781eb9c57548902c2036c6b93
1eb77702002a285768b4552ced0c639dbc8120ad99aa1e66e57661bf67fb3a35
1ee7dd45dd7a5948ee2b77bcff48d60252c17998918acaefbbad8a77cd8bf71d
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
21f515661d4f6fc6cf4fc62aee573757282b04d8b28082742b996d94fa646e91
21f716dba56c2a7a1ac88928e7299d8a5021eb45340f2bb10a3ee71733adf2c8
2497f94d8a997612d5da2ad1d85dc3e430771037e23c2d9c9a89379686ceccac
25172b594a9d291e085c84cb2af32ebad6a7b8aa6182e436c3bacfa11acd2a04
25ad13804f1437bf42efe09636a5403e7f14a4927b23de37c7da16f1766857d2
26ed5f6aa822d65b6ea7df8d13f1a217d7a933376a824b7ef52af0e6f64f1a44
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2c667cdbe90922576bac69bbd0fa8f61d0c410748bf29b5bccea09b21123f1a0
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
33bcc017f235e0db869bf35c97bf14d6cb553e4874af00b62f2e797da27b7c73
33c8d7252ee326944846d5374837b33b81bd068ac71b593b3ba41d460801316b
3557e85820c5b6af8b1f10bbd07b503a8460232b8a7ba5d678c1b379b2dfb764
355c4e1bd4732f4f683f4a157cb9b151c6145d13c8253b1e30f248a180969042
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3bcb2ec2e35200e7ab69946cd3df2b94264dd2801885eddf5e87169a1347a2e6
3c234b9fca4624e9947e53ae30bf1686d01bd24f98458fea0c7b06b507138e73
3d26cee6f5338317013bd5264ada7f222159c70a6d9a58b3247f2154a07043ac
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
420cf4b339a69a9a3ffafbebd48db71dcdaf2ce3f74cadc2351ebc899e9b5f46
42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423
439a08aa5aac9731452746782ed97126002b35b43bc2ff34a670cd09b0c2a4fa
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48cf0140646048ac033d10f1500038ae9708b17e9eeab246da6ccb362d6e570e
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4ae1793ca2be4f0b6de4c87fdf95743fd05ee5bf2be62c4577dd7a31e86dbcf0
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c294b4737ac84766f7d28b981cf99b06c9354c930807ea0416df4338d7dcccf
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4de3f44f9af02f0a9ac1366998ed8d04b85caee3bccd4552c04edd8dcd926bee
4dec4d0777bdaeb172679c73cc10d762dae818ee69c7a972e484ebf288c8ad3b
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5041e437e6c5ec9a5a59b53510233ef36cd84d6b60ca009016908a2d21944383
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
524c12bbbd545b79ccfa7837fea66e08d051878fa7aca7907204d06120e0add8
52b99c2223e94ca9e179685679dcb0877b9cb1488bbc4a55e29bb9125862e1d0
53176f22e10141608b803669aa7301762968414cc732df78a3f27617eff09aa3
53aa0bae643b9b505cfe9b04fae4635ec9df43990e95467d61c75719f00108ba
53b462f23b4d7f86e3296a7a38cf730047d871076e148aeddf9c54080d4d4837
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57f2dce7dff20de0defd93427e6d62cf03bd271fda37120b785fa2afea34fb30
5ad328c8095ecf1a9f317fa9731ff3c01f5649323bba95a638c87e10442b3583
5b5f540575433a0a874dadc1ed492b6056f3214bc56b2b5523c03048e896cd5d
5c7d7c651efabfdcce87a8fec34efbafc99924e3c83c8412f954219cddafa458
5d7372bbd4162193bb46d7138d5dbdcaec241cd4dcb7feaefa39681b62b5b185
5e71c8a5b47e48da01e36527349e111395da4f03ce196e8cc041883fafafcb1c
60e3261cfc313477177588f3af1ff9fde8b0e59fbc54f5f61c966749608d572a
6139a33881ea05e49f7b9472cbcd2263a1ea6b9473058a19aab1587561fd4c7e
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62258366d30a17bdd8d5c5199c98d594d5e4a8ade0121d549dcd012919d56f54
62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de
637c4198d1e0038482b127e7c97893d08ecc6bb56b39acae4e91a9fdbae3ca3b
638d2f5ba5cf501a58131a42efe30aa2c2154904b0654a517cce4baeef308022
64612d60a42c4b3420243f134a978924d869c0387c9a2756cd538924144b19d5
65d9905a6dab0acb64d9a3fcb34dc78d020c648f54106d910d7b92c7fabec373
67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9
683e47fac2790eb4945e47f22f12038852f5d424f172d9b140524490df296163
6940ce271a265722ef323d0769b7aec6cebad8d3d1e4bb1607f449671a3dbede
6a4dac260dffc284594d633859fb508b2fcfade38b61c8af9cd55eb23adf9e89
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6de3e54d0cbe75496a13bc9e0bc4ae3296aedfe2aaf54a9e7e9945e695a89dd0
706967bbc5cc78d9c821fe3ad7c0a39d288edd4e17bbb265421165f54a0701d4
70e71a35d3be30acb68e2a9586af4175fc376a85c8127db173b3c246190d4bd7
70fd869f92915eb3c9f85d2d2b5a473ba45239ae463b35267642335337c46f06
714ded83150137e085a5012d3a2bbcb16db781a8bb1c983df43aa7191558b3bb
73f666a2e19b1156d66b729d05ff091cea592b71589c5c4b96c7fa52e7a42663
74b1612d1cb16d432cfd6542a7efe8f9297f1197025e044b9e0d9fa8e54befab
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
7920f9b7e66ad369aaff2873c2a6e1100c05874edad4950596fc57fc27a24ab5
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7ab20f1c22ea74e397cb4c436d61c4dc7ae4bf68e73732dcee16432c4bc479d2
7b48a74fa0f94d83ae6d60c772f5e7aa66e7be1b63ccf223ca14e34d3d7b0d22
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7ce6fb62310dec57da627f98660b0ef820598738eb8b5c746c0b466cf63283e8
7d2e337e4f1f59a1e79a909308a4fd8b4b8dfba56ae669990aaad24168334e12
7f8bb85ccf656cd3aae3262f8b6e462f723398be9f6e3c10957179bf38f3f724
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
7ff758ced20d4139eb5f580cfc93d1161ed5e19a4a2d4020728143855d17adeb
80b0836522160ff5db2c7f98f0e59c6ebd7a584db4a5e76f38425c41b8a2686d
80eff21c17184d2761f1eccfbaf19343c894ed55335b69c4dbf8df845aea12f1
823e186d74636c4d48883a6badb1fc5399bf9bad10143289d20330cdbf7f4f22
8322f3f2eb2d31924aeb8d98a2709a4a1591a2f0a3afd1575410e5777fca1a44
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
833a86642252016b29f08dd45ffd27f9e00ca237f28d8c5f0147a6e15d009377
8392b864ce606bf8ec20cf749f148dd7134d770200dd81df9b7adbc33a88978e
8492ed826dc6b4e4850875f1d92bdeb612a321e11eb38a5ac3a2ee7a842182c2
84d8301a0f5ec6b34d429520cc19bdb41a311ffccb0e768bbd660ae8f4853267
8575c83bcd649c28701830bc98d0051adba45ba685776092d2417c9240ee0c67
85af3052d288ffd9157258dfe4daf5309f0b64d0067ab8221cd0c62909c18419
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
878ddb69ba5b8403330675541fd57db17f641ef8fab4aadcee3ed590294363d9
87b2408523892f375c00a9d521c67f6eb516ecac25c479a7b15705bfab08fcd3
87f092007482ef1a2d684d510d2ec56798f86ad8096159150f892d2191072ef1
88082e2436305c53b9849eab602898e4d5b728b68c2439cbfad581846fd32cdf
888cf2b1de6660f1c4df2513502d5d2b42f9df33418b99d3e30cedcab59424f9
8a9ba7bbc88ec23d81a2d63845638a3b6603de473261872f301803cef84ef335
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8c2914cd6e0c26e9fe3a9de23853632be1862891bf9bcfdda7053e1995319563
8cbeee80c026a82a6a5e3b67ee444bf9f42a36b51e512dd9afc0da3220d54bcf
8d23d1e5b7c3ebcbe109c3f4247f926e661440f2a861db23fcb2739ce8d32047
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8de15a24d9e83289c657a5b8c73a31c2f39cd417104087dec5d49a124aa7ec3c
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8edbd08b9bb87f815ad871e44aae03af609fc44b1961d608e94eff3f4e010375
8f7fd68753e8be8d5b077184536f30fba0182910059ff59c503e090b704f3087
9112b16c0bd02d574944dbfe8200cda4f233856de27ec693da793a78f656ec6d
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93bdae6b694c8ab42e75dc9fb50cb63b5a0b5dffbd519544e46ad2408b89eb9c
944a7690cef689628197db6887b902e9c4c9fdebe014a2a9d5758875b4e33b0a
95ea96541ef9c668ded3af14be56348b8d41ee966a18772f2d7a62357296a773
976a387162cd6a5535f6737bbc0d7659985bd6a4b8283a8858f9994fe82506e9
97d681380d93583684454c61c0d461ce4e696abbafbba40a95ce51cf1f67bf12
98fb1364924680e5f65931984f0592a7d249c9e136e07e1c70d5f03ef265e1a7
9a0d3a44b11206128856944a60b7a0440f2636422265173b9a99e4950577c301
9c6af7319925a54e7535a35f346c01e755e4049dba8c3ff7132da61cfdabd8a3
9cd1665949a38300762ed6f4358cd5e621ef5b86a928cb193745576694ea2913
9d7cd7f9e1951cabf780b0e5d5bdbe15f69c596ca7e899529a37593faada09d7
9de722f7cc46ce4c0f77f0bcc7672da63122b0e35788e7459ed0455e7533f540
9e0843dbf1dc0d65a75182a82b945a9373557932e61934c27679c357f20c33a9
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a16f632f3b220d8a1e43bef03fb194c17321c7ec214e1ecd1d70cc513f7fea7c
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3da958535a6188b8270a226a4602561a9e6bcc0fe31a5b7ce735b84de07226a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4d450d9f67e06c84c82a9a8c58cfc96fd91795b935201dace82e858732ddea6
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7b7120dffd25546c93c1367b9c86a3dc87e71d2c89ebb39163a71eb3b659f01
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
ac35c1aaadd50f51ecaf0ae44158872c5f9d835e78ac87f382d12065c0439aed
ac456d0467018cd0e35499760d14af15b8b7166731eebd4cbf1b51e7c1ed7438
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae8264ec552f76003b5335b0839b6fe29284e27617923b0b2c50357ade389091
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af29cacfb5125f85da0f1557bb56456abcc1556dbd3094bb56e569890348c984
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2864c65b32cd25bf64a7eb4fddf486dff821f1924172a0083db962615bd6ce0
b3a9e90322e216b73f8bc2e2a1dd4f32a515d10c1ef678d3aeda7aa3d0b2361f
b41144d765b4945490647119eb524ab5af5dacf4ef051b3ed2fbf1a44fcb0dc3
b6854bf9d082917a43310dcac4c41ed763557068df5ce773e117d12e656deae2
b83917e36f5cebeb0612685abf1cd54f9c3a579dd20c4222c64a1dc8de9aef6d
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
b9961779d3dab159c8dc17c52e69ea11bcd1efacf76667207287b0fbcd7cb59a
b9daef61d4b711f1d28c3eef6bd8d522b8df518e833767512ad79502cc605dbd
bb05bc3976691db38d1c403ede59d1d2181fb64a6227b6ee1d849beba8f8c35d
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bd34e0bcc48f50d63262a141a3eb7a584336aa8cc1959d7331c1bf002fc18a89
bde06a0400c168573473e2de967d842eec383f2f755aef4ec017b2f333e7ff85
be1ad3ca9e1d91773c5c79ee5a7797efbc409cb783f409bbe168f536c877e5a4
befa0a7f28e5b50c7af0e063611c12a999d86005f5ab6501f6c623eba45cbac9
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c34a9420de5b381d4f2459193c70e4d84d5aaa0928a67907a57e2a9e9d3a8852
c3d80ba4c6f5fd459fb016c7e51635357bcf8ecbfab5ffc6c3aeb35a54ccf47e
c41dc37fea212372d1f53109304ebae695e644f9ce083dcab08d5978c8c3020f
c462d460eab61de19f36cc384c99666e5bf65eaeba0c12b8f594c5410c01f220
c515d893267d2fd89f4dc663ccc2fb9374ebd0266848a269f17aa619845758b2
c5d5e7f685c3bb91e84b94b6738310b8e2de4056b4668c42131ec64b3f014e40
c8a82e175412ed1094600e911d7bd052d347ca36e843dffd58693f5753c847d6
c8c9128b649afff93f89f77eb2aa5a4bbbb1443bebc5156d0f697780c8beaa26
c8d5eefc0046206f830c9a60661346aecd276b77f2a6a1849bd08c9fd4ab45d9
c9ecef5fd19166816e2dec146f9967772f51dd902c05b6986800f31fa11233d0
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cff3ff7513a42187f914df965c0006c8756f549dc13ffb64540767042902a748
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0df3bda85ed5cac35847fe52a8545863175f2872ced018df1e2e2d524c45601
d2228fd8f1f9bdf2ff73577bf7b443749879f7c587d7d33bb1129741b59158e3
d281c9d6bae645f3da6d2f0769a2cf0668709fd28e2021ce74821cdd8c7117b3
d2a43e0001de17a45576e28c0907b0e2fc768317bb0a0ec6354d3151e2a31150
d4520414af2a968a2935d13f1f9751897974d60d38ffa7bfec4dbae893fdfed7
d498c63cbc4ffd37ce2dfc9e9e3535250ba09aacce4c0f2207dd636a1dc57c76
d4d6ee18b175d8f77363e8f808318647db65946d39017de8fdc0c4f81b64f392
d551bedf542778e0548df34ca60d9cebb258cd90f777f51eba745ce8199e1d35
d87f4aceddc451f74425f752e29c0d15bd2e35500b8d33df508a339847100043
d975df10a87ceb7147bc1230a8cf267d99a488930e16135920960144ed82dcd8
dc1c56140be80d545af7ec2fbfb58e058f68db82f18c8d9a0963776421a874c5
dc89c933d5f3a060b6d6529c1f6748bbe87213a8aa11eca62361b67a2c39266b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dec17afa5dc5e4249bab1d13a178f473f537248675f71a3d64878b5c17e73ced
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e0e44c153e6969ff112250bc468dd4615e5f48f2b2db3e3ffabc11be9d9b6313
e24f891e86eaed809c4964f529f23c8f647204ac6b6e4c0c0a6db2ddd48999ce
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e2ddb369a9b8e431beddc0860abd41ce03cc7c561bb045b03655df8b5c9f638a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4312f2f537cbd6e153d8426ab167e1537c2aa53c8be4f62f05de9e666155d13
e580b6e7eeebcf178b3f14abacceb237ca89bf84515f000792c21318dc044172
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1
e985cc726a29e331db8cd63071c86e495a20b9e5277be5b9dea4e6834c32ce6d
ea011956164ed15022fb5732fd6d810bf75bb104babed05a29beb5c50302b926
ed7ad9f00586479494bf33075d8b9c02bd94d0317cfc8a71be55163fa28064fc
ed98b083c5cb0ed2d72279f5fa70a2c33badb8cd1b51475efad0c97d99ec29ed
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efdbd8582066a12cf45115f1e150d2a8de06bf6b14db3feca98b116efeb9e0bb
f29eae053454c02f54144ad545af767e34bfc334b3ad5a6c73655e479dec3fc2
f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60
f6c9669d460dacf7c08e43163f1d9ad1b4d9960dcf1b230d2686951636d8754f
f77bf38affd00e58556f04280638d5a86c926e2a71c3f793b19b9a7c642e4613
f77f47058428a1c21dad5a75ac13fbfdeb9858947218fee2112fded5972a0b5d
f7a446d296886d68ec37c37cd72425ba7aff96b3c5bece94327e7b0afe45679a
f7f35f1286d047d1e44b766c33fec42f617acdd424aa203cf0ffe8a791629624
f8bd28fee94c800df636a486d42ed91d2df89db1fd3e223d5e89ce3d9dd107fe
f8dbb6ce75623f0ad406fde606d85b94e9e372430a862531ef17cb1f4eb04e02
fa0a89fea989fb41b202f6e96fd0cc6b43e09a75d69d991846988303632453b2
fa9a47541dad7cca9ba2a7da3848eea0908f8ac442728c732b0670d0ec04b793
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fd65ed43609a7956881d37ee1920272ad92a7a384716c09bbde11a87eed80e35