urlscan.io logo urlscan.io
SecurityTrails logo

www.forbes.com Open in urlscan Pro
151.101.114.49  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-c...
Effective URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig...
Submission: On July 31 via manual from PE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 41 IPs in 5 countries across 30 domains to perform 126 HTTP transactions. The main IP is 151.101.114.49, located in San Francisco, United States and belongs to FASTLY - Fastly, US. The main domain is www.forbes.com.
TLS certificate: Issued by GlobalSign CloudSSL CA - SHA256 - G3 on July 24th 2017. Valid for: 6 months.
This is the only time www.forbes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 151.101.114.49 54113 (FASTLY)
10 2a02:26f0:122... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
2 104.108.39.228 16625 (AKAMAI-AS)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 54.247.70.96 16509 (AMAZON-02)
4 23.2.12.111 1299 (TELIANET ...)
1 92.123.94.11 20940 (AKAMAI-ASN1)
8 2a00:1450:400... 15169 (GOOGLE)
1 54.240.190.202 16509 (AMAZON-02)
1 63.240.4.60 4264 (CERNET-AS...)
5 172.217.22.66 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
1 2a03:2880:f01... 32934 (FACEBOOK)
3 95.101.248.193 16625 (AKAMAI-AS)
1 92.123.93.93 20940 (AKAMAI-ASN1)
1 216.52.1.12 30282 (AS-INAPCD...)
6 52.1.87.23 16509 (AMAZON-02)
1 34.192.124.194 14618 (AMAZON-AES)
4 34.252.181.159 16509 (AMAZON-02)
1 46.137.176.237 16509 (AMAZON-02)
1 2a03:2880:f11... 32934 (FACEBOOK)
1 37.252.172.40 29990 (ASN-APPNEXUS)
1 54.77.168.55 16509 (AMAZON-02)
1 52.94.220.16 16509 (AMAZON-02)
3 92.123.93.241 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
1 34.228.133.251 14618 (AMAZON-AES)
1 35.157.25.10 16509 (AMAZON-02)
4 151.101.112.175 54113 (FASTLY)
1 52.55.152.154 14618 (AMAZON-AES)
4 69.172.216.55 7415 (ADSAFE-1)
1 52.72.213.138 14618 (AMAZON-AES)
16 69.172.216.111 7415 (ADSAFE-1)
4 34.193.42.132 14618 (AMAZON-AES)
4 52.85.90.245 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.72.82.87 14618 (AMAZON-AES)
2 52.45.125.165 14618 (AMAZON-AES)
126 41
2    151.101.114.49 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
www.forbes.com
10    2a02:26f0:122:383::2599 (European Union)

ASN20940 (AKAMAI-ASN1, US)
i.forbesimg.com
specials-images.forbesimg.com
1    2a00:1450:4001:81c::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
fonts.gstatic.com
2    104.108.39.228 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-39-228.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com
3    2a00:1450:400c:c07::9a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
stats.g.doubleclick.net
1    2a00:1450:4001:81c::2008 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
www.googletagmanager.com
2    54.247.70.96 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-247-70-96.eu-west-1.compute.amazonaws.com
consent.truste.com
4    23.2.12.111 (Cambridge, United States)

ASN1299 (TELIANET Telia Carrier, SE)
PTR: a23-2-12-111.deploy.static.akamaitechnologies.com
contextual.media.net
1    92.123.94.11 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a92-123-94-11.deploy.akamaitechnologies.com
cdns.gigya.com
8    2a00:1450:4001:81f::2002 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
www.googletagservices.com
pagead2.googlesyndication.com
1    54.240.190.202 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-240-190-202.jfk6.r.cloudfront.net
c.amazon-adsystem.com
1    63.240.4.60 (United States)

ASN4264 (CERNET-ASN-BLOCK - California Education and Research Federation Network, US)
fast.forbes.com
5    172.217.22.66 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: fra15s17-in-f66.1e100.net
securepubads.g.doubleclick.net
7    2a00:1450:4001:81c::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
www.google-analytics.com
1    2a03:2880:f01c:216:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net
3    95.101.248.193 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-248-193.deploy.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
1    92.123.93.93 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a92-123-93-93.deploy.akamaitechnologies.com
tags.bkrtx.com
1    216.52.1.12 (United States)

ASN30282 (AS-INAPCDN-OCY - Internap Network Services Corporation, US)
loadus.exelator.com
6    52.1.87.23 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-1-87-23.compute-1.amazonaws.com
cdn.trugaze.io
1    34.192.124.194 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-192-124-194.compute-1.amazonaws.com
di.rlcdn.com
4    34.252.181.159 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-252-181-159.eu-west-1.compute.amazonaws.com
ml314.com
1    46.137.176.237 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-46-137-176-237.eu-west-1.compute.amazonaws.com
consent.truste.com
1    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
www.facebook.com
1    37.252.172.40 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 155.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    54.77.168.55 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-77-168-55.eu-west-1.compute.amazonaws.com
in.ml314.com
1    52.94.220.16 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
aax.amazon-adsystem.com
3    92.123.93.241 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a92-123-93-241.deploy.akamaitechnologies.com
z.moatads.com
2    2a00:1450:4001:81c::2001 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
tpc.googlesyndication.com
1    34.228.133.251 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-228-133-251.compute-1.amazonaws.com
idsync.rlcdn.com
1    35.157.25.10 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-25-10.eu-central-1.compute.amazonaws.com
ps.eyeota.net
4    151.101.112.175 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
cdn.krxd.net
1    52.55.152.154 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-55-152-154.compute-1.amazonaws.com
geo.moatads.com
4    69.172.216.55 (New York, United States)

ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US)
pixel.adsafeprotected.com
1    52.72.213.138 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-72-213-138.compute-1.amazonaws.com
geo.moatads.com
16    69.172.216.111 (New York, United States)

ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US)
dt.adsafeprotected.com
4    34.193.42.132 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-193-42-132.compute-1.amazonaws.com
services.trugaze.io
4    52.85.90.245 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-90-245.jfk6.r.cloudfront.net
forbes274355.s.moatpixel.com
1    2a00:1450:4001:818::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
ajax.googleapis.com
1    52.72.82.87 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-72-82-87.compute-1.amazonaws.com
ortc-prd.realtime.co
2    52.45.125.165 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-45-125-165.compute-1.amazonaws.com
storage.trugaze.io
Apex Domain
Subdomains		 Transfer
20 adsafeprotected.com
pixel.adsafeprotected.com
dt.adsafeprotected.com
107 KB
12 trugaze.io
cdn.trugaze.io
services.trugaze.io
storage.trugaze.io
38 KB
10 forbesimg.com
i.forbesimg.com
specials-images.forbesimg.com
153 KB
9 googlesyndication.com
tpc.googlesyndication.com Failed
pagead2.googlesyndication.com
157 KB
8 doubleclick.net
stats.g.doubleclick.net
securepubads.g.doubleclick.net
googleads.g.doubleclick.net Failed
91 KB
7 google-analytics.com
www.google-analytics.com
12 KB
5 moatads.com
z.moatads.com
geo.moatads.com
77 KB
5 ml314.com
ml314.com
in.ml314.com
11 KB
4 moatpixel.com
forbes274355.s.moatpixel.com
172 B
4 krxd.net
cdn.krxd.net
3 KB
4 media.net
contextual.media.net
60 KB
3 6sc.co
j.6sc.co
c.6sc.co
b.6sc.co
13 KB
3 truste.com
consent.truste.com
19 KB
3 forbes.com
www.forbes.com
fast.forbes.com
3 KB
2 rlcdn.com
di.rlcdn.com
idsync.rlcdn.com
86 B
2 amazon-adsystem.com
c.amazon-adsystem.com
aax.amazon-adsystem.com
aax-eu.amazon-adsystem.com Failed
4 KB
2 scorecardresearch.com
sb.scorecardresearch.com
901 B
1 realtime.co
ortc-prd.realtime.co
71 B
1 googleapis.com
ajax.googleapis.com
4 KB
1 eyeota.net
ps.eyeota.net
70 B
1 adnxs.com
ib.adnxs.com
43 B
1 facebook.com
www.facebook.com
53 B
1 exelator.com
loadus.exelator.com
932 B
1 bkrtx.com
tags.bkrtx.com
13 KB
1 facebook.net
connect.facebook.net
2 KB
1 googletagservices.com
www.googletagservices.com
2 KB
1 gigya.com
cdns.gigya.com
cdns.us1.gigya.com Failed
54 KB
1 googletagmanager.com
www.googletagmanager.com
41 KB
1 gstatic.com
fonts.gstatic.com
11 KB
0 bluekai.com Failed
stags.bluekai.com Failed
126 30
Domain Requested by
16 dt.adsafeprotected.com www.forbes.com
8 i.forbesimg.com www.forbes.com
i.forbesimg.com
7 pagead2.googlesyndication.com securepubads.g.doubleclick.net
pagead2.googlesyndication.com
www.forbes.com
7 www.google-analytics.com www.googletagmanager.com
www.forbes.com
6 cdn.trugaze.io www.forbes.com
securepubads.g.doubleclick.net
services.trugaze.io
5 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
www.forbes.com
4 forbes274355.s.moatpixel.com www.forbes.com
4 services.trugaze.io cdn.trugaze.io
services.trugaze.io
4 pixel.adsafeprotected.com www.forbes.com
4 cdn.krxd.net z.moatads.com
cdn.krxd.net
4 ml314.com www.forbes.com
ml314.com
4 contextual.media.net i.forbesimg.com
contextual.media.net
3 z.moatads.com securepubads.g.doubleclick.net
3 consent.truste.com i.forbesimg.com
consent.truste.com
www.forbes.com
3 stats.g.doubleclick.net i.forbesimg.com
www.forbes.com
2 storage.trugaze.io www.forbes.com
2 geo.moatads.com z.moatads.com
2 tpc.googlesyndication.com securepubads.g.doubleclick.net
2 sb.scorecardresearch.com i.forbesimg.com
www.forbes.com
2 specials-images.forbesimg.com www.forbes.com
i.forbesimg.com
2 www.forbes.com www.forbes.com
1 ortc-prd.realtime.co cdn.trugaze.io
1 ajax.googleapis.com services.trugaze.io
1 ps.eyeota.net www.forbes.com
1 idsync.rlcdn.com www.forbes.com
1 b.6sc.co www.forbes.com
1 c.6sc.co j.6sc.co
1 aax.amazon-adsystem.com c.amazon-adsystem.com
1 in.ml314.com ml314.com
1 ib.adnxs.com www.forbes.com
1 www.facebook.com www.forbes.com
1 di.rlcdn.com www.forbes.com
1 loadus.exelator.com www.forbes.com
www.googletagmanager.com
1 tags.bkrtx.com www.forbes.com
1 j.6sc.co www.forbes.com
1 connect.facebook.net www.forbes.com
1 fast.forbes.com www.forbes.com
1 c.amazon-adsystem.com i.forbesimg.com
1 www.googletagservices.com i.forbesimg.com
1 cdns.gigya.com i.forbesimg.com
1 www.googletagmanager.com i.forbesimg.com
1 fonts.gstatic.com www.forbes.com
0 googleads.g.doubleclick.net Failed pagead2.googlesyndication.com
0 aax-eu.amazon-adsystem.com Failed www.forbes.com
0 stags.bluekai.com Failed www.forbes.com
0 cdns.us1.gigya.com Failed cdns.gigya.com
126 46

This site contains no links.

Subject Issuer Validity Valid
g2.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2017-07-24 -
2018-01-27		 6 months crt.sh
blogs.forbes.com
GeoTrust SSL CA - G3		 2017-06-23 -
2018-09-22		 a year crt.sh
*.google.com
Google Internet Authority G2		 2017-07-19 -
2017-10-11		 3 months crt.sh
*.scorecardresearch.com
COMODO RSA Organization Validation Secure Server CA		 2016-12-20 -
2017-12-20		 a year crt.sh
*.g.doubleclick.net
Google Internet Authority G2		 2017-07-19 -
2017-10-11		 3 months crt.sh
*.google-analytics.com
Google Internet Authority G2		 2017-07-19 -
2017-10-11		 3 months crt.sh
*.truste.com
Symantec Class 3 Secure Server SHA256 SSL CA		 2016-02-02 -
2019-01-22		 3 years crt.sh
*.media.net
Symantec Class 3 Secure Server CA - G4		 2017-06-07 -
2018-09-06		 a year crt.sh
cdns.gigya.com
Symantec Class 3 Secure Server CA - G4		 2017-05-17 -
2018-08-16		 a year crt.sh
c.amazon-adsystem.com
Symantec Class 3 Secure Server CA - G4		 2016-10-06 -
2017-10-30		 a year crt.sh
*.forbes.com
GeoTrust SSL CA - G3		 2016-12-13 -
2020-02-11		 3 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2016-12-09 -
2018-01-25		 a year crt.sh
*.6sc.co
Symantec Class 3 Secure Server CA - G4		 2017-04-07 -
2018-04-07		 a year crt.sh
*.bkrtx.com
Symantec Class 3 Secure Server CA - G4		 2016-10-19 -
2017-10-19		 a year crt.sh
*.exelator.com
Go Daddy Secure Certificate Authority - G2		 2017-05-25 -
2019-06-25		 2 years crt.sh
*.trugaze.io
Go Daddy Secure Certificate Authority - G2		 2017-04-30 -
2020-04-30		 3 years crt.sh
*.rlcdn.com
Go Daddy Secure Certificate Authority - G2		 2017-05-08 -
2019-06-21		 2 years crt.sh
*.ml314.com
COMODO RSA Domain Validation Secure Server CA		 2015-04-21 -
2018-04-20		 3 years crt.sh
*.adnxs.com
GeoTrust SSL CA - G3		 2016-02-25 -
2018-05-26		 2 years crt.sh
aax-eu.amazon-adsystem.com
Symantec Class 3 Secure Server CA - G4		 2016-09-27 -
2017-10-18		 a year crt.sh
moatads.com
Symantec Class 3 ECC 256 bit SSL CA - G2		 2017-05-12 -
2018-05-12		 a year crt.sh
tpc.googlesyndication.com
Google Internet Authority G2		 2017-07-19 -
2017-10-11		 3 months crt.sh
*.googleusercontent.com
Google Internet Authority G2		 2017-07-19 -
2017-10-11		 3 months crt.sh

COMODO RSA Domain Validation Secure Server CA		 2016-02-10 -
2018-02-09		 2 years crt.sh
*.c.ssl.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2017-04-13 -
2017-10-12		 6 months crt.sh
*.moatads.com
RapidSSL SHA256 CA		 2017-07-07 -
2018-07-07		 a year crt.sh
*.adsafeprotected.com
RapidSSL SHA256 CA - G3		 2015-09-16 -
2018-09-18		 3 years crt.sh
*.s.moatpixel.com
RapidSSL SHA256 CA		 2016-08-01 -
2017-08-01		 a year crt.sh
*.googleapis.com
Google Internet Authority G2		 2017-07-19 -
2017-10-11		 3 months crt.sh
*.realtime.co
Go Daddy Secure Certificate Authority - G2		 2017-03-16 -
2018-04-07		 a year crt.sh

This page contains 15 frames:

Primary Page: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Frame ID: 15447.1
Requests: 92 HTTP requests in this frame

Frame: https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_8Fcn29ZQ5lcRRr8BsC6Y2q8eRKPl567JTM6IWXsqW4eqW57_fNx29GDl9YdzZLvH
Frame ID: 15447.2
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/35094?dt=0&r=2071364231&sig=1580772656&bkca=KJ0aAANFtp91C72Bz7wCtWficcpGrQR2fnHtsfOnG9XbaihEO3UDXnX4qS+RbyTR/WMDGNKFHWGWGVoYjf52RpODL7NG6sf0g6nfiaxMWmWMAI6p3s9z1AVcWncdatu+YzYLNr3r5iECgXFFuEr9PS8fJId+LlPCf4/A4wB0U5mULRzNrfIah+sS4icDw2VSwrgyIEYMot0n/2xfD/5u7VuKkgGI0GwVKNPGKugpzQ2okaXrLgN1arz8r6tVdF3x6gpKXg3XKRwQJyUYy11eH8tQaQ/c9GD5FRZR2dzYHT8bzgVhWcAw8O6gmSyBYkEyjGwiYCNQVmRzWwxWYe40MKAUSF9P4JCD6Vfh1nm46vdZpxbDx2KB00u9S+Oj5hlMp5X7BFt1JGEKqdnfEUqZBQhe4mQfpGJOcK+0MAX204JpzeII4dFdjLIdj2gnq2GJnTZwe691L7Hl8Ys5rZp3e9k1s3aSnkciMYPpEVTKAk36A1ubXx/0DYY5ShBgL9P+ZeCvNYiOyw4XQfZuXt6mOwP00uDs/3O8kZ5va4konTrE3n4V5YjDrlxgVIhX+5+ukSPoZo5aXx52V0ze
Frame ID: 15447.4
Requests: 1 HTTP requests in this frame

Frame: https://loadus.exelator.com/load//net.php?n=PGltZyB3aWR0aD0iMSIgYWx0PSJFeGVsYXRlRGF0YSIgc3JjPSJodHRwczovL3N5bmMubWF0aHRhZy5jb20vc3luYy9pbWc%2FbXRfZXhpZD0xMDAwOCZyZWRpcj1odHRwcyUzQSUyRiUyRmxvYWRtLmV4ZWxhdG9yLmNvbSUyRmxvYWQlMkYlM0ZwJTNEMjA0JTI2ZyUzRDEwMSUyNmolM0QwJTI2YnVpZD1bTU1fVVVJRF0iIGhlaWdodD0iMSI%2BPC9pbWc%2BPGltZyB3aWR0aD0iMSIgYWx0PSJFeGVsYXRlRGF0YSIgc3JjPSJodHRwczovL2NtLmcuZG91YmxlY2xpY2submV0L3BpeGVsP2dvb2dsZV9uaWQ9ZXhlbGF0ZSZnb29nbGVfY20mZ29vZ2xlX3NjIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgd2lkdGg9IjEiIGFsdD0iRXhlbGF0ZURhdGEiIHNyYz0iaHR0cHM6Ly9zeW5jLnRpZGFsdHYuY29tL0dlbmVyaWNVc2VyU3luYy5hc2h4P2RwaWQ9NCIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8ee2084fc4a0b601f8411c0f48f17ca2
Frame ID: 15447.6
Requests: 1 HTTP requests in this frame

Frame: https://z.moatads.com/forbes274355/moatad.js
Frame ID: 15447.5
Requests: 9 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=9546&campId=2x2&pubId=17094022&chanId=105796462&placementId=425539822&pubCreative=80147148622&pubOrder=344894542&cb=1421188082&custom=&custom2=temp&custom3=
Frame ID: 15447.8
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=pm&dcc=t
Frame ID: 15447.9
Requests: 1 HTTP requests in this frame

Frame: https://z.moatads.com/forbes274355/moatad.js
Frame ID: 15447.7
Requests: 12 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=9546&campId=300x250&pubId=16898302&chanId=105796462&placementId=1185574942&pubCreative=111357891862&pubOrder=465390502&cb=541867923&custom=&custom2=welcome&custom3=
Frame ID: 15447.10
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20170726/r20170110/zrt_lookup.html
Frame ID: 15447.12
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20170726/r20170110/show_ads_impl.js
Frame ID: 15447.11
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4111763448220873&output=html&h=250&slotname=8516502165&adk=2458726018&adf=437111087&w=300&ea=0&flash=0&url=https%3A%2F%2Fwww.forbes.com%2F&wgl=1&dt=1501538127905&bpp=7&bdt=323&fdt=9&idt=107&shv=r20170726&cbv=r20170110&saldr=sa&correlator=2828134818492&frm=23&ga_vid=503774942.1501538127&ga_sid=1501538128&ga_hid=2118412542&ga_fc=0&pv=2&iag=15&icsg=2&nhd=2&dssz=2&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1244&ady=171&biw=1600&bih=1200&isw=298&ish=248&ifk=754334530&oid=3&top=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&rx=0&eae=2&fc=528&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C298%2C248&vis=1&rsz=%7C%7CpeE%7C&abl=CS&ppjl=u&pfx=0&fu=20&bc=1&ifi=1&dtd=121
Frame ID: 15447.14
Requests: 1 HTTP requests in this frame

Frame: https://services.trugaze.io/adunitMapping?appId=7&eaup=/7175/fdc.forbes/welcome&eolid=425539822&eci=80147148622&ct=%7B%22pos%22%3A%5B%22temp%22%5D%7D&w=2&h=2&tgRotSlot=&isda=0
Frame ID: 15447.17
Requests: 2 HTTP requests in this frame

Frame: https://services.trugaze.io/adunitMapping?appId=7&eaup=/7175/fdc.forbes/welcome&eolid=1185574942&eci=111357891862&ct=%7B%22pos%22%3A%5B%22welcome%22%5D%7D&w=300&h=250&tgRotSlot=&isda=0
Frame ID: 15447.18
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=1&cv=30&cid=8CUX956JU&https=1&prvid=77%2C23%2C28%2C33%2C43%2C51%2C56%2C59&rtime=2314
Frame ID: 15447.19
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

126
Requests

91 %
HTTPS

25 %
IPv6

30
Domains

46
Subdomains

41
IPs

5
Countries

878 kB
Transfer

2934 kB
Size

51
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request 20
  • https://fast.forbes.com/fps/cookie_backup.php?fps=&op=user_msg&sh=1200&sw=1600&ch=ads&se=welcome&ti=&pt=&i=&su=https://www.forbes.com/forbes/welcome/&re=&au=undefined&at=&pa=&ts=1501538127285&rn=40...
  • https://fast.forbes.com/fps/cookie_callback.php?fps=&op=user_msg&sh=1200&sw=1600&ch=ads&se=welcome&ti=&pt=&i=&su=https://www.forbes.com/forbes/welcome/&re=&au=undefined&at=&pa=&ts=1501538127285&rn=...
Request 21
  • https://sb.scorecardresearch.com/b?c1=2&c2=6872493&ns__t=1501538127292&ns_c=UTF-8&cv=3.1&c8=Forbes%20Welcome&c7=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=6872493&ns__t=1501538127292&ns_c=UTF-8&cv=3.1&c8=Forbes%20Welcome&c7=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbe...
Request 28
  • https://loadus.exelator.com/load/?p=234&g=001&c=20205&ctg=ads&subctg=welcome&kw=&refkw=
  • https://loadus.exelator.com/load/?p=234&g=001&c=20205&ctg=ads&subctg=welcome&kw=&refkw=&xl8blockcheck=1
Request 30
  • https://di.rlcdn.com/406006.gif?pdata=partner%3Dtap7112%2Cdata%3Dtype%3Aimpression%24audience%3AForbes.com%20Site
  • https://di.rlcdn.com/406006.gif?pdata=partner%3Dtap7112%2Cdata%3Dtype%3Aimpression%24audience%3AForbes.com+Site&redirect=1
Request 37
  • https://stags.bluekai.com/site/35094?ret=html&phint=bkChnl%3Dads&phint=channel%3Dads&phint=bkSection%3Dnone&phint=section%3Dnone&phint=bkSite%3Dfdc.forbes&phint=bkZn%3Dwelcome&phint=bkSplSlot%3Dnon...
  • https://stags.bluekai.com/site/35094?dt=0&r=2071364231&sig=1580772656&bkca=KJ0aAANFtp91C72Bz7wCtWficcpGrQR2fnHtsfOnG9XbaihEO3UDXnX4qS+RbyTR/WMDGNKFHWGWGVoYjf52RpODL7NG6sf0g6nfiaxMWmWMAI6p3s9z1AVcWn...
Request 56
  • https://stags.bluekai.com/site/20486?dt=0&r=2027495991&sig=3088908616&bkca=KJh+pWWwxY9R9B9dQbBvUXEVhzhZpLfBAZAEgEgyflal4+FqMEPHT1yLQ+DPJThx91yOV9VXpghKMO5qMYT6YBZ5WLMPSjWv2bc0mVhUuFFPiDutG80ZGDrn6Z...
  • https://ml314.com/csync.ashx?fp=f11BwCej99OJ2l2j&person_id=5978151344084457489&eid=50056
Request 57
  • https://idsync.rlcdn.com/395886.gif?partner_uid=5978151344084457489
  • https://idsync.rlcdn.com/395886.gif?partner_uid=5978151344084457489&redirect=1
Request 58
  • https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1
  • https://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEIuoru2cOonF-HE8CYeAX_E&google_cver=1
Request 59
  • https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=5978151344084457489%26eid=50220
  • https://ml314.com/csync.ashx?fp=ec0a5980-a74f-4a00-bb78-344c26df4ecd&person_id=5978151344084457489&eid=50220
Request 67
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=pm
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=pm&dcc=t
Request 78
  • https://www.google-analytics.com/r/collect?v=1&_v=j56&a=1507564501&t=timing&_s=1&dl=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewste...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-5883199-3&cid=503774942.1501538127&jid=2004135812&_gid=1594651888.1501538127&gjid=809402725&_v=j56&z=983206889

126 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.forbes.com/forbes/welcome/
Redirect Chain
  • https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/
  • https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
e82b20a481802b7c6345bbcbe728c62d1ba16d33fdc0667a44a567c5ca96209d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
x-cache
MISS
status
200
backend
templates
strict-transport-security
max-age=10886400; includeSubDomains; preload
content-length
2880
x-served-by
cache-hhn1542-HHN
x-yourttl
300.000
server
x-timer
S1501538127.061506,VS0,VE96
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-language
en-US
via
1.1 varnish
access-control-allow-credentials
true
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes, bytes
content-type
text/html;charset=utf-8
x-cicero-cache
MISS
x-cache-hits
0

Redirect headers

date
Mon, 31 Jul 2017 21:55:27 GMT
via
1.1 varnish
server
Varnish
x-timer
S1501538127.964204,VS0,VE90
status
302
x-served-by
cache-hhn1542-HHN
x-frame-options
SAMEORIGIN
x-cache
MISS
location
https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
access-control-allow-credentials
true
content-security-policy
upgrade-insecure-requests
strict-transport-security
max-age=10886400; includeSubDomains; preload
accept-ranges
bytes, bytes
x-cicero-cache
MISS
x-cache-hits
0
beb06626.main.css
i.forbesimg.com/welcomead/styles/ 		35 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://i.forbesimg.com/welcomead/styles/beb06626.main.css
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:383::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
71abb14d1d5a8dc17b8031d882adffa45d2c593e406034d27245390bb1d6f5f5
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Mon, 15 May 2017 18:51:34 GMT
server
Apache
status
200
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
https://www.forbes.com
cache-control
max-age=27341364
accept-ranges
bytes
content-length
6677
expires
Wed, 13 Jun 2018 08:44:51 GMT
0d3e5d0c.modernizr.js
i.forbesimg.com/welcomead/scripts/vendor/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://i.forbesimg.com/welcomead/scripts/vendor/0d3e5d0c.modernizr.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:383::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
9933822abcd170e2c4c46a7c508e07d349fdd00ae90aa1d1701666ff3ee143a3
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Tue, 04 Apr 2017 18:55:58 GMT
server
Apache
status
200
x-frame-options
SAMEORIGIN
content-type
text/javascript
access-control-allow-origin
https://www.forbes.com
cache-control
max-age=27341446
accept-ranges
bytes
content-length
4507
expires
Wed, 13 Jun 2018 08:46:13 GMT
40x0.png
specials-images.forbesimg.com/imageserve/57e197ac31358e16c589c0b5/ 		728 B
746 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://specials-images.forbesimg.com/imageserve/57e197ac31358e16c589c0b5/40x0.png
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:383::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Forbes DAM API /
Resource Hash
1901a66be3b00521891615303a345d5dadc83afe1b023a34168e1d89dbc58927

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

x-varnish-director
damapi
server
Forbes DAM API
date
Mon, 31 Jul 2017 21:55:27 GMT
x-varnish-backend
damapi2
x-varnish
122499858 52264970
status
200
cache-control
public, max-age=876003
accept-ranges
bytes
content-type
image/png
content-length
728
expires
Fri, 11 Aug 2017 01:15:30 GMT
677975f2.vendor.js
i.forbesimg.com/welcomead/scripts/ 		141 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://i.forbesimg.com/welcomead/scripts/677975f2.vendor.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:383::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
eb3432c8fa1afb399953f89d69e4274ea6246d218c9e2b45b20cf6507f3d935e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Tue, 16 May 2017 20:42:49 GMT
server
Apache
status
200
x-frame-options
SAMEORIGIN
content-type
text/javascript
access-control-allow-origin
https://www.forbes.com
cache-control
max-age=27341442
accept-ranges
bytes
content-length
50754
expires
Wed, 13 Jun 2018 08:46:09 GMT
27b1ae53.main.js
i.forbesimg.com/welcomead/scripts/ 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://i.forbesimg.com/welcomead/scripts/27b1ae53.main.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:383::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
382731deee2a283f76ad227d3ae37793d9bcef59efd8cddeb7001816560e0dd6
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Fri, 12 May 2017 21:03:38 GMT
server
Apache
status
200
x-frame-options
SAMEORIGIN
content-type
text/javascript
access-control-allow-origin
https://www.forbes.com
cache-control
max-age=27341442
accept-ranges
bytes
content-length
13014
expires
Wed, 13 Jun 2018 08:46:09 GMT
t.js
www.forbes.com/t/ 		23 B
32 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.forbes.com/t/t.js?p=40e85ca8a851&v=1&i=0&t=224&e=!40~223~223~1501538127172~1200~1600~1501538126949~115~115~115~115~116~218~0~115~-1501538126949~-1501538126949~-1501538126949!41~224~v!
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Varnish /
Resource Hash
39743156a20b9beb5aa2ea23729e86ce40f454555b2c04b551b4a9307f167d04

Request headers

Referer
https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
via
1.1 varnish
server
Varnish
x-timer
S1501538127.210394,VS0,VE0
x-served-by
cache-hhn1542-HHN
x-cache
HIT
content-type
text/javascript
status
200
access-control-allow-credentials
true
accept-ranges
bytes
content-length
23
retry-after
0
x-cache-hits
0
800x0.jpg
specials-images.forbesimg.com/imageserve/57d177f531358e16c58964f1/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://specials-images.forbesimg.com/imageserve/57d177f531358e16c58964f1/800x0.jpg?quality=30
Requested by
Host: i.forbesimg.com
URL: https://i.forbesimg.com/welcomead/scripts/vendor/0d3e5d0c.modernizr.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:383::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Forbes DAM API /
Resource Hash
b7dabd20765131c1ca28adbadf6b02ef57d85a83b9df543e3f204d94af6e5d11

Request headers

Referer
https://i.forbesimg.com/welcomead/styles/beb06626.main.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

x-varnish-director
damapi
server
Forbes DAM API
date
Mon, 31 Jul 2017 21:55:27 GMT
x-varnish-backend
damapi3
x-varnish
4784193 131075
status
200
cache-control
public, max-age=856360
accept-ranges
bytes
content-type
image/jpeg
content-length
12593
expires
Thu, 10 Aug 2017 19:48:07 GMT
raleway-extrabold-webfont.woff
i.forbesimg.com/assets/fonts/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://i.forbesimg.com/assets/fonts/raleway-extrabold-webfont.woff
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:383::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
f8970601b5e5f51be858da1175af3989e6d9c6a5fbea5a33bea7416bb46f136e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer
https://i.forbesimg.com/welcomead/styles/beb06626.main.css
Origin
https://www.forbes.com

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Sat, 20 Sep 2014 17:35:50 GMT
server
Apache
status
200
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=27341344
accept-ranges
bytes
content-length
30005
expires
Wed, 13 Jun 2018 08:44:31 GMT
toadOcfmlt9b38dHJxOBGCP2LEk6lMzYsRqr3dHFImA.woff2
fonts.gstatic.com/s/sourcesanspro/v9/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v9/toadOcfmlt9b38dHJxOBGCP2LEk6lMzYsRqr3dHFImA.woff2
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
5433ada1d85270c21223541b93f6d2018a5660a11dac81b6e0414f184d6d3192
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer
https://i.forbesimg.com/welcomead/styles/beb06626.main.css
Origin
https://www.forbes.com

Response headers

date
Thu, 11 May 2017 01:38:40 GMT
x-content-type-options
nosniff
last-modified
Wed, 27 Aug 2014 23:51:22 GMT
server
sffe
age
7071407
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
11448
x-xss-protection
1; mode=block
expires
Fri, 11 May 2018 01:38:40 GMT
forbesicon.woff
i.forbesimg.com/assets/fonts/fbs-typography/0216/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://i.forbesimg.com/assets/fonts/fbs-typography/0216/forbesicon.woff
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:383::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
906516d5101573c0d587c32add4036c56e2b41b86538d8d7b8492b5f979cc34d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer
https://i.forbesimg.com/welcomead/styles/beb06626.main.css
Origin
https://www.forbes.com

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Wed, 16 Nov 2016 20:24:12 GMT
server
Apache
status
200
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=27341345
accept-ranges
bytes
content-length
9060
expires
Wed, 13 Jun 2018 08:44:32 GMT
beacon.js
sb.scorecardresearch.com/ 		1 KB
901 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: i.forbesimg.com
URL: https://i.forbesimg.com/welcomead/scripts/27b1ae53.main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.39.228 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-39-228.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=1209600
Connection
keep-alive
Content-Length
901
Expires
Mon, 14 Aug 2017 21:55:27 GMT
dc.js
stats.g.doubleclick.net/ 		42 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/dc.js
Requested by
Host: i.forbesimg.com
URL: https://i.forbesimg.com/welcomead/scripts/27b1ae53.main.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400c:c07::9a , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b399e0631bb16bf6fb1f596c1c16158f3a31e43409d8d2d39fb8f1a8d981885f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 06 Jun 2017 00:25:39 GMT
server
Golfe2
age
4748
date
Mon, 31 Jul 2017 20:36:19 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
15977
expires
Mon, 31 Jul 2017 22:36:19 GMT
gtm.js
www.googletagmanager.com/ 		157 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NMQJM4
Requested by
Host: i.forbesimg.com
URL: https://i.forbesimg.com/welcomead/scripts/27b1ae53.main.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81c::2008 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
a8969aa1089d56790c77e5319a10b3733793c8bdbf287aafa325dc077124225a
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
server
Google Tag Manager (scaffolding)
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
42371
x-xss-protection
1; mode=block
expires
Mon, 31 Jul 2017 21:55:27 GMT
fast_pixel.js
i.forbesimg.com/assets/js/forbes/ 		5 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://i.forbesimg.com/assets/js/forbes/fast_pixel.js?v=1.02
Requested by
Host: i.forbesimg.com
URL: https://i.forbesimg.com/welcomead/scripts/27b1ae53.main.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:383::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
197d961b8da7c79c5a7ce36c0feb3efe0242d09e8334c86afa32c27bdec342f9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Tue, 07 Mar 2017 18:57:38 GMT
server
Apache
status
200
x-frame-options
SAMEORIGIN
content-type
text/javascript
access-control-allow-origin
https://www.forbes.com
cache-control
max-age=27341416
accept-ranges
bytes
content-length
1505
expires
Wed, 13 Jun 2018 08:45:43 GMT
notice
consent.truste.com/ 		2 KB
940 B 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.truste.com/notice?domain=forbes.com&c=teconsent
Requested by
Host: i.forbesimg.com
URL: https://i.forbesimg.com/welcomead/scripts/27b1ae53.main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.247.70.96 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-247-70-96.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1cfc38a2af000f0397d230fd0c97da55780b01e47031403499cc4006cb234ddc

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
940
Expires
Mon, 31 Jul 2017 21:55:26 GMT
bidexchange.js
contextual.media.net/ 		194 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/bidexchange.js?cid=8CUX956JU&https=1
Requested by
Host: i.forbesimg.com
URL: https://i.forbesimg.com/welcomead/scripts/677975f2.vendor.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.2.12.111 Cambridge, United States, ASN1299 (TELIANET Telia Carrier, SE),
Reverse DNS
a23-2-12-111.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
18e380982f9ebb3672b4e2f96d6a5fcc9ea36f529ae070f05d5909b4b24d4360

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
X-MNET-H
E
P3P
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Cache-Control
max-age=1800
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
Content-Type
text/javascript; charset=utf-8
Expires
Mon, 31 Jul 2017 22:25:27 GMT
gigya.js
cdns.gigya.com/js/ 		192 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdns.gigya.com/js/gigya.js?apiKey=3_8Fcn29ZQ5lcRRr8BsC6Y2q8eRKPl567JTM6IWXsqW4eqW57_fNx29GDl9YdzZLvH&_=1501538127249
Requested by
Host: i.forbesimg.com
URL: https://i.forbesimg.com/welcomead/scripts/677975f2.vendor.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
92.123.94.11 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a92-123-94-11.deploy.akamaitechnologies.com
Software
Microsoft-IIS/7.5 /
Resource Hash
18c7cb7709c9f6323ec356f2cb85caec8dba0427a32a32ee1b8f00f6f77ae082

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

X-Version
1
Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Last-Modified
Tue, 18 Jul 2017 05:52:00 GMT
Server
Microsoft-IIS/7.5
Vary
Accept-Encoding
P3P
CP="IDC COR PSA DEV ADM OUR IND ONL"
X-LegacyProxy
true
Cache-Control
public, max-age=900
X-Server
web518
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
X-Gigya-HA-cfg-ver
5
Content-Length
55141
Expires
Mon, 31 Jul 2017 22:10:27 GMT
gpt.js
www.googletagservices.com/tag/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js?_=1501538127250
Requested by
Host: i.forbesimg.com
URL: https://i.forbesimg.com/welcomead/scripts/677975f2.vendor.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
79b9d309580a8b37ca190723d10260c79fc7301433f484cb30ee84a05b21bf2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 26 Jul 2017 20:45:02 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,36,35",quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
1849
x-xss-protection
1; mode=block
expires
Mon, 31 Jul 2017 21:55:27 GMT
amedianet.js
contextual.media.net/ 		539 B
539 B 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/amedianet.js?cid=8CU2T3HV4&fpurl=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&frurl=&https=1&_=1501538127251
Requested by
Host: i.forbesimg.com
URL: https://i.forbesimg.com/welcomead/scripts/677975f2.vendor.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.2.12.111 Cambridge, United States, ASN1299 (TELIANET Telia Carrier, SE),
Reverse DNS
a23-2-12-111.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6529e3ebe9ddd22aa5104c449d6a592b8d1a7410de92c991f53c5152b03ec338

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Server
Apache
Vary
Accept-Encoding
X-MNET-H
E
Content-Type
text/javascript;charset=UTF-8
Cache-Control
max-age=17734
Connection
keep-alive
Content-Length
539
Expires
Tue, 01 Aug 2017 02:51:01 GMT
amzn_ads.js
c.amazon-adsystem.com/aax2/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/amzn_ads.js?_=1501538127252
Requested by
Host: i.forbesimg.com
URL: https://i.forbesimg.com/welcomead/scripts/677975f2.vendor.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.240.190.202 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-240-190-202.jfk6.r.cloudfront.net
Software
Server /
Resource Hash
452aea7d7b1cb7fee8778fe3ab891667b9e5f690d9981798e1c6bfe65b1ffbeb

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 18:41:04 GMT
Content-Encoding
gzip
Server
Server
Age
11662
ETag
d36ff2c1ca3af04b2006d041458111eb
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 d644e7f3f959c262b5d8dffe5d3078b8.cloudfront.net (CloudFront)
Cache-Control
public, max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4002
X-Amz-Cf-Id
3QfvilJoEftFMxD8KGL2WhlJR9RpEhG9uBHKqLm-tDfmPbTJiBuj6w==
cookie_callback.php
fast.forbes.com/fps/
Redirect Chain
  • https://fast.forbes.com/fps/cookie_backup.php?fps=&op=user_msg&sh=1200&sw=1600&ch=ads&se=welcome&ti=&pt=&i=&su=https://www.forbes.com/forbes/welcome/&re=&au=undefined&at=&pa=&ts=1501538127285&rn=40...
  • https://fast.forbes.com/fps/cookie_callback.php?fps=&op=user_msg&sh=1200&sw=1600&ch=ads&se=welcome&ti=&pt=&i=&su=https://www.forbes.com/forbes/welcome/&re=&au=undefined&at=&pa=&ts=1501538127285&rn=...
 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fast.forbes.com/fps/cookie_callback.php?fps=&op=user_msg&sh=1200&sw=1600&ch=ads&se=welcome&ti=&pt=&i=&su=https://www.forbes.com/forbes/welcome/&re=&au=undefined&at=&pa=&ts=1501538127285&rn=4065236715046&ci=a47ef1ec68c9b308df7b6dd5c4db98385e0&mb=f
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
63.240.4.60 , United States, ASN4264 (CERNET-ASN-BLOCK - California Education and Research Federation Network, US),
Reverse DNS
Software
Apache/2.4.17 (Unix) /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Server
Apache/2.4.17 (Unix)
Connection
close
Content-Length
43
Content-Type
image/gif

Redirect headers

Location
/fps/cookie_callback.php?fps=&op=user_msg&sh=1200&sw=1600&ch=ads&se=welcome&ti=&pt=&i=&su=https://www.forbes.com/forbes/welcome/&re=&au=undefined&at=&pa=&ts=1501538127285&rn=4065236715046&ci=a47ef1ec68c9b308df7b6dd5c4db98385e0&mb=f
Date
Mon, 31 Jul 2017 21:55:27 GMT
Server
Apache/2.4.17 (Unix)
Connection
close
Content-Length
483
Content-Type
text/html; charset=iso-8859-1
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=6872493&ns__t=1501538127292&ns_c=UTF-8&cv=3.1&c8=Forbes%20Welcome&c7=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=6872493&ns__t=1501538127292&ns_c=UTF-8&cv=3.1&c8=Forbes%20Welcome&c7=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbe...
 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=6872493&ns__t=1501538127292&ns_c=UTF-8&cv=3.1&c8=Forbes%20Welcome&c7=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&c9=
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.39.228 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-39-228.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:27 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=2&c2=6872493&ns__t=1501538127292&ns_c=UTF-8&cv=3.1&c8=Forbes%20Welcome&c7=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&c9=
Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:27 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
Api.aspx
cdns.us1.gigya.com/gs/webSdk/ Frame 1544 		0
0
pubads_impl_139.js
securepubads.g.doubleclick.net/gpt/ 		192 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_139.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js?_=1501538127250
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
fra15s17-in-f66.1e100.net
Software
sffe /
Resource Hash
a3b2ab8efad998b8c269254aba82dd1be2e231a5c1ccfeee7bbd8f787b299cc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Thu, 27 Jul 2017 23:05:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
341411
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
68260
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jul 2017 15:38:55 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Jul 2018 23:05:16 GMT
analytics.js
www.google-analytics.com/ 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NMQJM4
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
765010cbfccaf06cb5b9166023a22b655a10b37075c91e276a5550c5ecd855ba
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 06 Jun 2017 00:25:39 GMT
server
Golfe2
age
2885
date
Mon, 31 Jul 2017 21:07:22 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
12343
expires
Mon, 31 Jul 2017 23:07:22 GMT
fbds.js
connect.facebook.net/en_US/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbds.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
3a0eca3a86adbed6a303d04d4d12f7226d57e48205326f648691b74ad245d97f
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding
gzip
x-content-type-options
nosniff
content-md5
gVb7S7hpKaoDZ6AdRgZqMQ==
status
200
content-length
2187
x-xss-protection
0
x-fb-debug
vOVJaUzQhWkuaR9MVClEYqZubixYXgGYwL0x5W6xa2s0AGSMyjgFCYK9Ux1c5kDe4nUPAHYdIGjW0Mvl1qEAaw==
x-fb-content-md5
0c3bed7d8f685c2d313bbb73a03d5b1a
x-frame-options
DENY
date
Mon, 31 Jul 2017 21:55:27 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"6a39e6c37d82acc745ffca6b07f29983"
timing-allow-origin
*
expires
Mon, 31 Jul 2017 21:56:32 GMT
6si.min.js
j.6sc.co/ 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.248.193 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-101-248-193.deploy.akamaitechnologies.com
Software
nginx/1.8.1 /
Resource Hash
e006a7418eb50e8acdcbc17a33ac8ee28766f5c13d8e2cda635aa1f1f86497b4

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Last-Modified
Thu, 13 Apr 2017 23:38:15 GMT
Server
nginx/1.8.1
ETag
"58f00be7-350d"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
application/javascript
Access-Control-Allow-Origin
Access-Control-Allow-Credentials
true
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
13581
bk-coretag.js
tags.bkrtx.com/js/ 		38 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.bkrtx.com/js/bk-coretag.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
92.123.93.93 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a92-123-93-93.deploy.akamaitechnologies.com
Software
/
Resource Hash
f6de9ced41ed54dbfc4f51abfeb65d843bd8dd33a45cbb773ecf5f92d065dd52

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Last-Modified
Thu, 25 May 2017 21:04:06 GMT
ETag
"991c-5505f8fb7697f-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13297
Expires
Mon, 07 Aug 2017 21:55:27 GMT
/
loadus.exelator.com/load/
Redirect Chain
  • https://loadus.exelator.com/load/?p=234&g=001&c=20205&ctg=ads&subctg=welcome&kw=&refkw=
  • https://loadus.exelator.com/load/?p=234&g=001&c=20205&ctg=ads&subctg=welcome&kw=&refkw=&xl8blockcheck=1
 		920 B
932 B 		Script
General
Check archive.org
Download Go to
Full URL
https://loadus.exelator.com/load/?p=234&g=001&c=20205&ctg=ads&subctg=welcome&kw=&refkw=&xl8blockcheck=1
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
216.52.1.12 , United States, ASN30282 (AS-INAPCDN-OCY - Internap Network Services Corporation, US),
Reverse DNS
Software
nginx/1.10.1 / Undertow/1
Resource Hash
47bea5e928af8fa160bb46b0c1b4c3fa5d0d57b907000ca7524ec08d082220b1

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Server
nginx/1.10.1
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
P3P
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/x-javascript;charset=UTF-8

Redirect headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Server
nginx/1.10.1
X-Powered-By
Undertow/1
P3P
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Location
https://loadus.exelator.com/load/?p=234&g=001&c=20205&ctg=ads&subctg=welcome&kw=&refkw=&xl8blockcheck=1
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
PHWP7UVG.js
cdn.trugaze.io/bootstrap/ 		695 B
695 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.trugaze.io/bootstrap/PHWP7UVG.js
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.87.23 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-87-23.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
f944b60f5b47d17004d2d333e088f80b77c3e074a9a7d5ed4eb2edd07b04b599

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:28 GMT
Last-Modified
Mon, 10 Jul 2017 13:47:06 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"48de7d8bc65f4a6557fc0f7ded5ea40c"
X-Cache-Status
HIT
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
695
406006.gif
di.rlcdn.com/
Redirect Chain
  • https://di.rlcdn.com/406006.gif?pdata=partner%3Dtap7112%2Cdata%3Dtype%3Aimpression%24audience%3AForbes.com%20Site
  • https://di.rlcdn.com/406006.gif?pdata=partner%3Dtap7112%2Cdata%3Dtype%3Aimpression%24audience%3AForbes.com+Site&redirect=1
 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://di.rlcdn.com/406006.gif?pdata=partner%3Dtap7112%2Cdata%3Dtype%3Aimpression%24audience%3AForbes.com+Site&redirect=1
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.124.194 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-192-124-194.compute-1.amazonaws.com
Software
/
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Expires
Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control
no-cache, no-store
Connection
keep-alive
P3P
CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
Content-Length
43
Content-Type
image/gif; charset=ISO-8859-1

Redirect headers

Location
https://di.rlcdn.com/406006.gif?pdata=partner%3Dtap7112%2Cdata%3Dtype%3Aimpression%24audience%3AForbes.com+Site&redirect=1
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Type
image/gif; charset=ISO-8859-1
Content-Length
0
P3P
CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
tag.aspx
ml314.com/ 		23 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/tag.aspx?3162017
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.252.181.159 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-252-181-159.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
2ccd728594ce65fa7e6651109e3bbd61877e548c4dab5480cafa6965f358a4e0

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:26 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Jul 2017 11:53:14 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=63637185194
Connection
keep-alive
Content-Length
11039
Expires
Tue, 01 Aug 2017 11:53:14 GMT
get
consent.truste.com/ 		46 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.truste.com/get?name=notice.js
Requested by
Host: consent.truste.com
URL: https://consent.truste.com/notice?domain=forbes.com&c=teconsent
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.137.176.237 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-46-137-176-237.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
659cef9fb821f4bd99192992cafb6c76375dc0d88a2a0df96a78f939c0345672

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer
https://www.forbes.com/
Origin
https://www.forbes.com

Response headers

Pragma
public
Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
keep-alive
Content-Length
16478
Expires
Tue, 01 Aug 2017 21:55:27 GMT
/
www.facebook.com/tr/ 		44 B
53 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1494993704116832&ev=PixelInitialized&dl=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&rl=&if=false&ts=1501538127399
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Mon, 31 Jul 2017 21:55:27 GMT
collect
www.google-analytics.com/ 		35 B
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j56&a=1507564501&t=pageview&_s=1&dl=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D&dr=&ul=en-us&de=UTF-8&dt=Forbes%20Welcome&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgAAB~&jid=853113198&gjid=2081236799&cid=503774942.1501538127&tid=UA-5883199-3&_gid=1594651888.1501538127&gtm=GTM-NMQJM4&cg1=fdc.forbes%3Awelcome&cg2=none&cg3=none&cg4=none&cg5=none&cd2=none&cd3=none&cd4=ads&cd5=none&cd9=none&cd10=none&cd11=none&cd12=none&cd13=none&cd14=none&cd15=fdc.forbes&cd16=welcome&cd17=none&cd18=0&cd19=none&cd20=none&cd21=none&cd22=none&cd23=none&cd24=none&cd25=none&cd27=none&cd28=none&cd29=none&cd30=none&cd31=%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&cd32=none&cd33=0&cd34=0&cd35=none&cd36=none&cd37=none&cd38=none&cd39=none&cd40=none&cd41=none&cd42=none&cd43=a47ef1ec68c9b308df7b6dd5c4db98385e0&cd44=none&cd45=false&cd46=false&cd47=none&cd48=false&cd49=0&cd50=none&cd51=none&cd52=none&cd53=none&cd54=none&cd55=none&cd56=false&cd57=false&cd58=false&cd59=none&cd60=none&cd61=none&cd62=none&cd63=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&cd64=none&cd65=none&cd66=none&cd67=https&cd68=none&cd69=none&cd70=none&cd71=none&cd72=false&z=1193401281
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jul 2017 23:05:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
341414
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/r/ 		35 B
53 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j56&tid=UA-5883199-3&cid=503774942.1501538127&jid=853113198&gjid=2081236799&_gid=1594651888.1501538127&_u=YGBAgAAB~&z=817285708
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400c:c07::9a , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 31 Jul 2017 21:55:27 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-9/html/ 		0
0
35094
stags.bluekai.com/site/ Frame 1544
Redirect Chain
  • https://stags.bluekai.com/site/35094?ret=html&phint=bkChnl%3Dads&phint=channel%3Dads&phint=bkSection%3Dnone&phint=section%3Dnone&phint=bkSite%3Dfdc.forbes&phint=bkZn%3Dwelcome&phint=bkSplSlot%3Dnon...
  • https://stags.bluekai.com/site/35094?dt=0&r=2071364231&sig=1580772656&bkca=KJ0aAANFtp91C72Bz7wCtWficcpGrQR2fnHtsfOnG9XbaihEO3UDXnX4qS+RbyTR/WMDGNKFHWGWGVoYjf52RpODL7NG6sf0g6nfiaxMWmWMAI6p3s9z1AVcWn...
 		0
0
oswald-bold-webfont.woff
i.forbesimg.com/assets/fonts/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://i.forbesimg.com/assets/fonts/oswald-bold-webfont.woff
Requested by
Host: i.forbesimg.com
URL: https://i.forbesimg.com/welcomead/scripts/677975f2.vendor.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:122:383::2599 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
bfa6e029d95cdcb3cfc37afd5e7446e6573cd3afecea3fc500e9db380e13d2bc
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer
https://i.forbesimg.com/welcomead/styles/beb06626.main.css
Origin
https://www.forbes.com

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Fri, 05 Dec 2014 18:01:48 GMT
server
Apache
status
200
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=27341396
accept-ranges
bytes
content-length
27187
expires
Wed, 13 Jun 2018 08:45:23 GMT
de79e487.vendor.js
i.forbesimg.com/forbes/scripts/ 		0
0
455e9d68.scripts.js
i.forbesimg.com/forbes/scripts/ 		0
0
04faf44d.main.css
i.forbesimg.com/forbes/styles/ 		0
0
ads
securepubads.g.doubleclick.net/gampad/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=4238593311082452&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fif&eid=21060719%2C108809080%2C108809107%2C108809152%2C21060692%2C21060132%2C21060363&sc=1&sfv=1-0-9&iu=%2F7175%2Ffdc.forbes%2Fwelcome&sz=2x2%7C3x3%7C4x4%7C5x5&scp=pos%3Dtemp&cust_params=id%3Dfdc%252Fwelcome%26displayChannel%3Dads%26displaySection%3Dwelcome%26fvid%3Da47ef1ec68c9b308df7b6dd5c4db98385e0%26test%3Dfalse&cookie_enabled=1&abxe=1&lmt=1501538127&dt=1501538127472&frm=20&biw=1600&bih=1200&oid=3&adx=1542&ady=185&adk=1644855544&gut=v2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&dssz=37&icsg=204800&std=0&vrg=139&vrp=139&ga_vid=503774942.1501538127&ga_sid=1501538127&ga_hid=1507564501
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_139.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
fra15s17-in-f66.1e100.net
Software
cafe /
Resource Hash
94deb9fc3f415c10b1b8582d9a27b1ea34199284408633fab68b693bd9647eab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
4141
x-xss-protection
1; mode=block
google-lineitem-id
425539822
pragma
no-cache
server
cafe
google-creative-id
80147148622
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
net.php
loadus.exelator.com/load// Frame 1544 		0
0
getuidnb
ib.adnxs.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuidnb?https://loadm.exelator.com/load/?p=204&g=014&bi=$UID&j=0
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
37.252.172.40 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
155.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.11.5 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:29 GMT
X-Proxy-Origin
148.251.45.254; 148.251.45.254; 155.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.6:80
AN-X-Request-Uuid
db8ff141-9bc5-4bf4-8e26-61906267f67f
Server
nginx/1.11.5
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
utsync.ashx
ml314.com/ 		602 B
409 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=50061&ct=js&pi=&fp=&clid=&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&pv=1501538127527_qlf3swa13&bl=en-us&cb=5140424&return=&ht=&d=&dc=&si=1501538127527_qlf3swa13&cid=&s=1600x1200&rp=
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?3162017
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.252.181.159 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-252-181-159.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
5149b11fdc6340c661c3d4e0076a38114a01c6db2e0426aabd8e72f705a3fe3b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:26 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control
private
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
409
Expires
0
ud.ashx
in.ml314.com/ 		20 B
138 B 		Script
General
Check archive.org
Download Go to
Full URL
https://in.ml314.com/ud.ashx?topiclimit=&cb=3162017
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?3162017
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.77.168.55 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-77-168-55.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:32 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, no-cache="set-cookie"
Connection
keep-alive
Content-Length
138
Expires
Tue, 01 Aug 2017 21:55:32 GMT
get
consent.truste.com/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.truste.com/get?name=forbes.png
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.247.70.96 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-247-70-96.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
57466b338d32a2c3c95ad9c936ea7036defdb9732ff8c5baee12f507cc22c66e

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
public
Date
Mon, 31 Jul 2017 21:55:27 GMT
Server
nginx
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
1608
Expires
Wed, 30 Aug 2017 21:55:27 GMT
bid
aax.amazon-adsystem.com/e/dtb/ 		108 B
123 B 		Script
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=3038&u=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&cb=3606475&t=1000
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/amzn_ads.js?_=1501538127252
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.94.220.16 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Server /
Resource Hash
915bfe6b64bbfd604a79826f68e7a325bd8c6e1439f62991f483932fb542a10d

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Server
Server
Connection
keep-alive
Content-Length
123
Vary
Accept-Encoding,User-Agent
Content-Type
text/javascript;charset=UTF-8
/
c.6sc.co/ 		47 B
47 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.248.193 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-101-248-193.deploy.akamaitechnologies.com
Software
/
Resource Hash
57eba179f8bef4ab3da3340a13a90a4621109a50beda6a76ed403b93529f26b5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer
https://www.forbes.com/
Origin
https://www.forbes.com

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.forbes.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
47
img.gif
b.6sc.co/v1/beacon/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=1caed3979e3cbf03dba91ec9e83f28aa&svisitor=&visitor=668af2c8-f2fb-43fe-890d-3ca2604addb2&session=3c84a46e-f86b-447a-888d-7c66d7783bdb&event=a_pageload&q=%7B%7D&isIframe=false&m=%7B%22description%22%3A%22Forbes%20Welcome%20page%20--%20Forbes%20is%20a%20global%20media%20company%2C%20focusing%20on%20business%2C%20investing%2C%20technology%2C%20entrepreneurship%2C%20leadership%2C%20and%20lifestyle.%22%2C%22keywords%22%3A%22business%20news%2C%20market%20analysis%2C%20company%20profiles%2C%20personal%20finance%2C%20management%2C%20entrepreneurship%2C%20investments%2C%20financial%20advice%2C%20economy%2C%20technology%20news%22%2C%22title%22%3A%22Forbes%20Welcome%22%7D&cb=38127566&r=&thirdParty=%7B%7D
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.248.193 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-101-248-193.deploy.akamaitechnologies.com
Software
nginx/1.8.1 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:28 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 18 Apr 2016 20:04:13 GMT
Server
nginx/1.8.1
ETag
"57153dbd-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
moatad.js
z.moatads.com/forbes274355/ Frame 1544 		247 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/forbes274355/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_139.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.123.93.241 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a92-123-93-241.deploy.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
4586f8c72d2ebe6dcebec6cbfcd1fed639b55aab48fc9c12a8941dadcfef42f9

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Jul 2017 20:58:00 GMT
Server
AmazonS3
x-amz-request-id
01D7F8923B6EB5D6
ETag
"e39657bc8dc82aa6d309db6e992734c5"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=62159
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
78757
x-amz-id-2
pxghW9vNLBV/l5TvJW4s7AuwBmOUgQVQP7XO6eYXAz5z9joKuq8Yy7lfOywHb/H5LqNfoQPwlyc=
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20170726/r20110914/activeview/ Frame 1544 		28 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20170726/r20110914/activeview/osd_listener.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_139.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
da6e6a49692c69be9e9fdc9697bee6e8347375f996b626a60a53f81bf62d4fc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Thu, 27 Jul 2017 00:04:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
424243
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
10895
x-xss-protection
1; mode=block
server
cafe
etag
2196216625133901113
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Aug 2017 00:04:44 GMT
PHWP7UVG.js
cdn.trugaze.io/bootstrap/ Frame 1544 		695 B
695 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.trugaze.io/bootstrap/PHWP7UVG.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_139.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.87.23 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-87-23.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
f944b60f5b47d17004d2d333e088f80b77c3e074a9a7d5ed4eb2edd07b04b599

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Last-Modified
Mon, 10 Jul 2017 13:47:06 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"48de7d8bc65f4a6557fc0f7ded5ea40c"
X-Cache-Status
HIT
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
695
osd.js
pagead2.googlesyndication.com/pagead/ 		82 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/osd.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_139.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
80de64a5788341a0deba3bb87c5cafe83e725e8d5f04e4075bebf671f80b49d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:16:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2364
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,36,35",quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
30676
x-xss-protection
1; mode=block
server
cafe
etag
15022272777873382488
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Mon, 31 Jul 2017 22:16:03 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=4238593311082452&output=json_html&callback=googletag.impl.pubads.callbackProxy2&impl=fif&eid=21060719%2C108809080%2C108809107%2C108809152%2C21060692%2C21060132%2C21060363&sc=1&sfv=1-0-9&iu=%2F7175%2Ffdc.forbes%2Fwelcome&sz=1x1%7C300x250%7C640x360%7C640x480%7C300x600%7C970x250%7C728x90%7C800x600&scp=pos%3Dwelcome&cust_params=id%3Dfdc%252Fwelcome%26displayChannel%3Dads%26displaySection%3Dwelcome%26fvid%3Da47ef1ec68c9b308df7b6dd5c4db98385e0%26test%3Dfalse&cookie=ID%3D69ed06d55bb8f273%3AT%3D1501538127%3AS%3DALNI_MaHmkN4fRXYlaCAz3r2CdyctqsIVA&cookie_enabled=1&abxe=1&lmt=1501538127&dt=1501538127576&frm=20&biw=1600&bih=1200&oid=3&adx=1542&ady=185&adk=1478256836&gut=v2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&dssz=41&icsg=565148976881664&std=0&vrg=139&vrp=139&ga_vid=503774942.1501538127&ga_sid=1501538127&ga_hid=1507564501
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_139.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
fra15s17-in-f66.1e100.net
Software
cafe /
Resource Hash
5e6554db00cd6173d0a40c193021d34234213b944c73b0e9c2c3bb16854c4517
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
4177
x-xss-protection
1; mode=block
google-lineitem-id
1185574942
pragma
no-cache
server
cafe
google-creative-id
111357891862
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
csync.ashx
ml314.com/
Redirect Chain
  • https://stags.bluekai.com/site/20486?dt=0&r=2027495991&sig=3088908616&bkca=KJh+pWWwxY9R9B9dQbBvUXEVhzhZpLfBAZAEgEgyflal4+FqMEPHT1yLQ+DPJThx91yOV9VXpghKMO5qMYT6YBZ5WLMPSjWv2bc0mVhUuFFPiDutG80ZGDrn6Z...
  • https://ml314.com/csync.ashx?fp=f11BwCej99OJ2l2j&person_id=5978151344084457489&eid=50056
 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=f11BwCej99OJ2l2j&person_id=5978151344084457489&eid=50056
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.252.181.159 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-252-181-159.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:26 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Tue, 01 Aug 2017 17:55:27 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:28 GMT
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Location
https://ml314.com/csync.ashx?fp=f11BwCej99OJ2l2j&person_id=5978151344084457489&eid=50056
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
BK-Server
d502
Expires
Thu, 01 Dec 1994 16:00:00 GMT
395886.gif
idsync.rlcdn.com/
Redirect Chain
  • https://idsync.rlcdn.com/395886.gif?partner_uid=5978151344084457489
  • https://idsync.rlcdn.com/395886.gif?partner_uid=5978151344084457489&redirect=1
 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/395886.gif?partner_uid=5978151344084457489&redirect=1
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.228.133.251 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-228-133-251.compute-1.amazonaws.com
Software
/
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Expires
Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control
no-cache, no-store
Connection
keep-alive
P3P
CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
Content-Length
43
Content-Type
image/gif; charset=ISO-8859-1

Redirect headers

Location
https://idsync.rlcdn.com/395886.gif?partner_uid=5978151344084457489&redirect=1
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Type
image/gif; charset=ISO-8859-1
Content-Length
0
P3P
CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
match
ps.eyeota.net/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1
  • https://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEIuoru2cOonF-HE8CYeAX_E&google_cver=1
 		70 B
70 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEIuoru2cOonF-HE8CYeAX_E&google_cver=1
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.157.25.10 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-35-157-25-10.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Length
70
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 31 Jul 2017 21:55:27 GMT
server
HTTP server (unknown)
status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEIuoru2cOonF-HE8CYeAX_E&google_cver=1
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,36,35",quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
311
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
csync.ashx
ml314.com/
Redirect Chain
  • https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=5978151344084457489%26eid=50220
  • https://ml314.com/csync.ashx?fp=ec0a5980-a74f-4a00-bb78-344c26df4ecd&person_id=5978151344084457489&eid=50220
 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=ec0a5980-a74f-4a00-bb78-344c26df4ecd&person_id=5978151344084457489&eid=50220
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.252.181.159 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-252-181-159.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:22 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Tue, 01 Aug 2017 17:55:22 GMT

Redirect headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Server
MT3 1.15.10.0 a38180b RELEASE zrh-pixel-x12
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://ml314.com/csync.ashx?fp=ec0a5980-a74f-4a00-bb78-344c26df4ecd&person_id=5978151344084457489&eid=50220
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
Expires
Mon, 31 Jul 2017 21:55:26 GMT
segments_to_partner.js
cdn.krxd.net/partnerjs/ Frame 1544 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.krxd.net/partnerjs/segments_to_partner.js?partner=a272cefb-df39-4fcd-beff-79cd6cdf22ec&client=forb
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/forbes274355/moatad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.175 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
7cd918b658d6d462b9c32d3d6dae38df780521ab1cbcf9d8909ea9066fe2e091

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

X-CDN-Backend
4FrRTvEr9h480D4BywjehZ--F_Partner_JS_S3
Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Age
1191
X-Cache
HIT
P3P
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Connection
keep-alive
Content-Length
2526
X-Served-By
cache-hhn1549-HHN
Last-Modified
Thu, 27 Jul 2017 13:44:23 GMT
X-Timer
S1501538128.825448,VS0,VE0
ETag
"024c0e77f7d4d6bf0b39161544515d70"
Vary
Accept-Encoding
Content-Type
application/javascript
Via
1.1 varnish
Accept-Ranges
bytes
X-Cache-Hits
915
n.js
geo.moatads.com/ Frame 1544 		90 B
90 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%3D(Y%24%3D!L2%7Cabj3M%3BIy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCCCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&i=FORBES2&hp=1&zMoatPs=temp&zMoatSpecialSlot=No%20Special%20Slot%20Defined&zMoatH=2&zMoatW=2&zMoatOrigSlicer1=105791542&zMoatOrigSlicer2=105796462&cm=8&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&bq=0&f=0&j=&o=3&t=1501538127643&de=739482591333&m=0&ar=201052d-clean&q=2&cb=0&cu=1501538127643&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=17094022%3A344894542%3A425539822%3A80147148622&cadf=-&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&dfp=0%2C1&la=105796462&bd=fdc.forbes%2Fwelcome&gw=forbes274355&fd=1&zMoatPos=temp&zMoatZone=fdc.forbes%2Fwelcome&ac=1&it=500&fs=122306&na=258119673&cs=0&callback=MoatSuperV24.gna679230
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/forbes274355/moatad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.55.152.154 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-55-152-154.compute-1.amazonaws.com
Software
nginx/1.7.9 /
Resource Hash
b2d5f189cd0571282c007f0e2a14fa1eaed895bc8482d50c739aa489939566fd

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:28 GMT
Server
nginx/1.7.9
Connection
keep-alive
Content-Length
90
Content-Type
text/html; charset=UTF-8
jload
pixel.adsafeprotected.com/ Frame 1544 		134 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/jload?anId=9546&campId=2x2&pubId=17094022&chanId=105796462&placementId=425539822&pubCreative=80147148622&pubOrder=344894542&cb=1421188082&custom=&custom2=temp&custom3=
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.55 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
3d5922da90dae58de529fc8d22b8dc011c995cec9a2c8b4f6e454b4dfcfb05f8

Request headers

Referer
https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
X-Server-Name
app33ami.ami.303net.pvt
Transfer-Encoding
chunked
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
pixel.adsafeprotected.com
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Server
nginx
Expires
Wed, 31 Dec 1969 23:59:59 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 1544 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstT4RENIaqJ2S29mkz7DXmaCDzD1ukNxstgXeoEY-ori_KVN-42ysQqiCPNj3eqWiLnENiuGelS14Umi-_fHO3KYM8u4mMfWzh5p1RJzokP8X8YVn3CKGH093c1cpqd5Y9GyTaYVCBhxoHvgRKN16VDWZTz4DscRzkxrDpseNIHYtvvaGLkVr7NdhYFO4TyBhf5h7ZDodg62wV9ZpCjJOA73YGqZtNQ5ZlrdChrFC-GqadiBaONzBI&sig=Cg0ArKJSzNsedVMBcX9_EAE&urlfix=1&adurl=
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
fra15s17-in-f66.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 31 Jul 2017 21:55:27 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
0
x-xss-protection
1; mode=block
truncated
/ Frame 1544 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c020e1eeee6c359e461b13c8086993453e2dd5a80fdb9bcba67a0ffcc6d76cb0

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
rtbsapub.php
contextual.media.net/ 		4 KB
538 B 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/rtbsapub.php?&rt=3&callback=window.advBidxc.rtbsprivateresponse1&cid=8CUX956JU&requestString=231281379*23%7C300x250~300x600%7C%7C10256879_2599690~10256879_2599690%40256589311*23%7C728x90~970x250%7C%7C10495602_2599690~10495602_2599690%40466811878*23%7C300x250~300x600%7C%7C10495600_2599690~10495600_2599690%40528273667*23%7C728x90~970x250%7C%7C10495603~10495603%40547351504*23%7C300x250~300x600%7C%7C10495599_2599690~10495599_2599690%40562746473*23%7C300x250~300x600%7C%7C10256877_2599690~10256877_2599690%40662280996*23%7C300x250%7C%7C11000722_2599690%40867969797*23%7C728x90~970x250%7C%7C10495598_2599690~10495598_2599690%40941664466*23%7C300x250~300x600%7C%7C10495601_2599690~10495601_2599690%40951705627*23%7C300x250%7C%7C11000722_2599690&crid=231281379%2C256589311%2C466811878%2C528273667%2C547351504%2C562746473%2C662280996%2C867969797%2C941664466%2C951705627&requrl=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&https=1&erTr=0&bl=1&act=headerBid&prvReqId=819907889060836561501538127726&hlt=1&ugd=4&tr=0.2683182800981847&sid=7460
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUX956JU&https=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.2.12.111 Cambridge, United States, ASN1299 (TELIANET Telia Carrier, SE),
Reverse DNS
a23-2-12-111.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
793e7056645c6f32df344eb04aea4a08ee864fe0ce28ad0d5bab468d9c3695b9

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
538
X-MNET-HL2
E
Expires
Mon, 31 Jul 2017 21:55:27 GMT
rtbsapub.php
contextual.media.net/ 		25 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/rtbsapub.php?&cid=8CUX956JU&requestString=231281379*28%7C300x250~300x600%7C8CUX956JU%7C464942~464943%40231281379*33%7C300x250~300x600%7C8CUX956JU%7C10045006~10045006%40231281379*43%7C300x250~300x600%7C537144445%7C539035640~539035640%40231281379*51%7C300x250~300x600%7C879182%7C10854062~10854062%40231281379*56%7C300x250%7C8CUX956JU%7Cmnet-7175-300x250-us%40231281379*4%7C300x600%7C8CUQ33R4V%7C162372358%40256589311*28%7C728x90~970x250%7C8CUX956JU%7C464948~464953%40256589311*33%7C728x90~970x250%7C8CUX956JU%7C10045132~10045132%40256589311*43%7C728x90~970x250%7C537144445%7C539035641~539035641%40256589311*51%7C728x90~970x250%7C879182%7C10854066~10854066%40256589311*56%7C728x90%7C8CUX956JU%7Cmnet-7175-728x90-us%40256589311*4%7C970x250%7C8CUQ33R4V%7C316669326%40466811878*28%7C300x250~300x600%7C8CUX956JU%7C464942~464943%40466811878*33%7C300x250~300x600%7C8CUX956JU%7C10045006~10045006%40466811878*43%7C300x250~300x600%7C537144445%7C539035638~539035638%40466811878*51%7C300x250~300x600%7C879182%7C10854060~10854060%40466811878*56%7C300x250%7C8CUX956JU%7Cmnet-7175-300x250-us%40466811878*4%7C300x600%7C8CUQ33R4V%7C947315848%40528273667*28%7C728x90~970x250%7C8CUX956JU%7C464948~464953%40528273667*33%7C728x90~970x250%7C8CUX956JU%7C10045132~10045132%40528273667*43%7C728x90~970x250%7C537144445%7C539035642~539035642%40528273667*51%7C728x90~970x250%7C879182%7C10854065~10854065%40528273667*56%7C728x90%7C8CUX956JU%7Cmnet-7175-728x90-us%40528273667*4%7C970x250%7C8CUQ33R4V%7C587371326%40547351504*28%7C300x250~300x600%7C8CUX956JU%7C464942~464943%40547351504*33%7C300x250~300x600%7C8CUX956JU%7C10045006~10045006%40547351504*43%7C300x250~300x600%7C537144445%7C539035637~539035637%40547351504*51%7C300x250~300x600%7C879182%7C10854059~10854059%40547351504*56%7C300x250%7C8CUX956JU%7Cmnet-7175-300x250-us%40547351504*4%7C300x600%7C8CUQ33R4V%7C273093528%40562746473*28%7C300x250~300x600%7C8CUX956JU%7C464942~464943%40562746473*33%7C300x250~300x600%7C8CUX956JU%7C10045006~10045006%40562746473*43%7C300x250~300x600%7C537144445%7C539035636~539035636%40562746473*51%7C300x250~300x600%7C879182%7C10854058~10854058%40562746473*56%7C300x250%7C8CUX956JU%7Cmnet-7175-300x250-us%40562746473*4%7C300x600%7C8CUQ33R4V%7C344204026%40662280996*28%7C300x250%7C8CUX956JU%7C464942%40662280996*33%7C300x250%7C8CUX956JU%7C10972560%40662280996*43%7C300x250%7C537144445%7C539035645%40662280996*51%7C300x250%7C879182%7C10965025%40662280996*56%7C300x250%7C8CUX956JU%7Cmnet-7175-300x250-us%40662280996*4%7C300x250%7C8CUQ33R4V%7C521516185%40867969797*28%7C728x90~970x250%7C8CUX956JU%7C464948~464953%40867969797*33%7C728x90~970x250%7C8CUX956JU%7C10045132~10045132%40867969797*43%7C728x90~970x250%7C537144445%7C539035639~539035639%40867969797*51%7C728x90~970x250%7C879182%7C10854061~10854061%40867969797*56%7C728x90%7C8CUX956JU%7Cmnet-7175-728x90-us%40867969797*59%7C728x90%7C8CUX956JU%7C_111999%40867969797*4%7C970x250%7C8CUQ33R4V%7C536835148%40941664466*28%7C300x250~300x600%7C8CUX956JU%7C464942~464943%40941664466*33%7C300x250~300x600%7C8CUX956JU%7C10045006~10045006%40941664466*43%7C300x250~300x600%7C537144445%7C539035644~539035644%40941664466*51%7C300x250~300x600%7C879182%7C10854063~10854063%40941664466*56%7C300x250%7C8CUX956JU%7Cmnet-7175-300x250-us%40941664466*4%7C300x600%7C8CUQ33R4V%7C654624285%40951705627*28%7C300x250%7C8CUX956JU%7C464942%40951705627*33%7C300x250%7C8CUX956JU%7C10972560%40951705627*43%7C300x250%7C537144445%7C539035643%40951705627*51%7C300x250%7C879182%7C10965025%40951705627*56%7C300x250%7C8CUX956JU%7Cmnet-7175-300x250-us%40951705627*4%7C300x250%7C8CUQ33R4V%7C926567746&crid=231281379%2C256589311%2C466811878%2C528273667%2C547351504%2C562746473%2C662280996%2C867969797%2C941664466%2C951705627&sd=1&requrl=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&bl=1&https=1&act=headerBid&prvReqId=314219654734902471501538127732&erTr=0&hlt=1&ugd=4&tr=0.45670610315792093&rt=3&callback=window.advBidxc.rtbsresponse1
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/bidexchange.js?cid=8CUX956JU&https=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.2.12.111 Cambridge, United States, ASN1299 (TELIANET Telia Carrier, SE),
Reverse DNS
a23-2-12-111.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
79ae73573caae2bf7602cdf4e207f39e0d0d68eb4730105f52b5a244c8a69445

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:28 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1574
X-MNET-HL2
E
Expires
Mon, 31 Jul 2017 21:55:28 GMT
iu3
aax-eu.amazon-adsystem.com/s/ Frame 1544
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=pm
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=pm&dcc=t
 		0
0
get
cdn.krxd.net/userdata/ Frame 1544 		189 B
162 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.krxd.net/userdata/get?pub=7c727c7f-01f2-46b1-bafa-55662a7e6db8&callback=kx_partner_segments
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/partnerjs/segments_to_partner.js?partner=a272cefb-df39-4fcd-beff-79cd6cdf22ec&client=forb
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.175 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
7ee54c9882d7909a1cc40ed345ed32d8be07b1d68cf8e05b3783978eaddc8e13

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

X-CDN-Backend
4FrRTvEr9h480D4BywjehZ--F_userdata_krxd_net___UserData_Service_V2
Date
Mon, 31 Jul 2017 21:55:28 GMT
Content-Encoding
gzip
Age
0
X-Cache
MISS, MISS
X-Request-Backend
kuser_data
Connection
keep-alive
X-Age
0
Content-Length
162
X-Served-By
userdata-a014.krxd.net, cache-hhn1549-HHN
Pragma
no-cache
X-Timer
S1501538128.956885,VS0,VE135
Vary
Accept-Encoding
Content-Type
text/javascript
Via
1.1 varnish
Cache-Control
no-cache, no-store, max-age=0
Accept-Ranges
bytes
X-Cache-Hits
0, 0
moatad.js
z.moatads.com/forbes274355/ Frame 1544 		247 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/forbes274355/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_139.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.123.93.241 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a92-123-93-241.deploy.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
4586f8c72d2ebe6dcebec6cbfcd1fed639b55aab48fc9c12a8941dadcfef42f9

Request headers

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Jul 2017 20:58:00 GMT
Server
AmazonS3
x-amz-request-id
01D7F8923B6EB5D6
ETag
"e39657bc8dc82aa6d309db6e992734c5"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=62159
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
78757
x-amz-id-2
pxghW9vNLBV/l5TvJW4s7AuwBmOUgQVQP7XO6eYXAz5z9joKuq8Yy7lfOywHb/H5LqNfoQPwlyc=
segments_to_partner.js
cdn.krxd.net/partnerjs/ Frame 1544 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.krxd.net/partnerjs/segments_to_partner.js?partner=a272cefb-df39-4fcd-beff-79cd6cdf22ec&client=forb
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/forbes274355/moatad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.175 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
7cd918b658d6d462b9c32d3d6dae38df780521ab1cbcf9d8909ea9066fe2e091

Request headers

Response headers

X-CDN-Backend
4FrRTvEr9h480D4BywjehZ--F_Partner_JS_S3
Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Age
1191
X-Cache
HIT
P3P
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Connection
keep-alive
Content-Length
2526
X-Served-By
cache-hhn1549-HHN
Last-Modified
Thu, 27 Jul 2017 13:44:23 GMT
X-Timer
S1501538128.825448,VS0,VE0
ETag
"024c0e77f7d4d6bf0b39161544515d70"
Vary
Accept-Encoding
Content-Type
application/javascript
Via
1.1 varnish
Accept-Ranges
bytes
X-Cache-Hits
915
n.js
geo.moatads.com/ Frame 1544 		93 B
93 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%3D(Y%24%3D!L2%7Cabj3M%3BIy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCCCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&i=FORBES2&hp=1&zMoatPs=welcome&zMoatSpecialSlot=No%20Special%20Slot%20Defined&zMoatH=250&zMoatW=300&zMoatOrigSlicer1=105791542&zMoatOrigSlicer2=105796462&cm=21&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&bq=0&f=0&j=&o=3&t=1501538127855&de=339907518479&m=0&ar=201052d-clean&q=6&cb=0&cu=1501538127855&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=16898302%3A465390502%3A1185574942%3A111357891862&cadf=-&qs=1&zGSRC=1&gu=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&dfp=0%2C1&la=105796462&bd=fdc.forbes%2Fwelcome&gw=forbes274355&fd=1&zMoatPos=welcome&zMoatZone=fdc.forbes%2Fwelcome&ac=1&it=500&fs=122306&na=316039520&cs=0&callback=MoatSuperV24.gna934986
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/forbes274355/moatad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.213.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-72-213-138.compute-1.amazonaws.com
Software
nginx/1.7.9 /
Resource Hash
b3effd9a7afe82f5494b2cd5e81a3d33662e1bfbbca1a725e140f4399f660c91

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:28 GMT
Server
nginx/1.7.9
Connection
keep-alive
Content-Length
93
Content-Type
text/html; charset=UTF-8
jload
pixel.adsafeprotected.com/ Frame 1544 		134 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/jload?anId=9546&campId=300x250&pubId=16898302&chanId=105796462&placementId=1185574942&pubCreative=111357891862&pubOrder=465390502&cb=541867923&custom=&custom2=welcome&custom3=
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.55 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
08c3db13326cc7f8a0e867927158951a58ea62cbcbb59fbd1a321ecd0e9476dd

Request headers

Referer
https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
X-Server-Name
app33ami.ami.303net.pvt
Transfer-Encoding
chunked
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
pixel.adsafeprotected.com
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Server
nginx
Expires
Wed, 31 Dec 1969 23:59:59 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 1544 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_139.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
da967e117461fde7a45dcbb8b229d19e91199a56ecbfd27f8888cc3bcf875721
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:12:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2564
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,36,35",quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
16939
x-xss-protection
1; mode=block
server
cafe
etag
6906673258852191266
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Mon, 31 Jul 2017 22:12:43 GMT
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20170726/r20110914/activeview/ Frame 1544 		28 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20170726/r20110914/activeview/osd_listener.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_139.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81c::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
da6e6a49692c69be9e9fdc9697bee6e8347375f996b626a60a53f81bf62d4fc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Response headers

date
Thu, 27 Jul 2017 00:04:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
424243
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
10895
x-xss-protection
1; mode=block
server
cafe
etag
2196216625133901113
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Aug 2017 00:04:44 GMT
PHWP7UVG.js
cdn.trugaze.io/bootstrap/ Frame 1544 		695 B
695 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.trugaze.io/bootstrap/PHWP7UVG.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_139.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.87.23 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-87-23.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
f944b60f5b47d17004d2d333e088f80b77c3e074a9a7d5ed4eb2edd07b04b599

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Last-Modified
Mon, 10 Jul 2017 13:47:06 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"48de7d8bc65f4a6557fc0f7ded5ea40c"
X-Cache-Status
HIT
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
695
moatad.js
z.moatads.com/forbes274355/ Frame 1544 		247 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/forbes274355/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_139.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.123.93.241 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a92-123-93-241.deploy.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
4586f8c72d2ebe6dcebec6cbfcd1fed639b55aab48fc9c12a8941dadcfef42f9

Request headers

Response headers

Date
Mon, 31 Jul 2017 21:55:27 GMT
Content-Encoding
gzip
Last-Modified
Mon, 31 Jul 2017 20:58:00 GMT
Server
AmazonS3
x-amz-request-id
01D7F8923B6EB5D6
ETag
"e39657bc8dc82aa6d309db6e992734c5"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=62159
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
78757
x-amz-id-2
pxghW9vNLBV/l5TvJW4s7AuwBmOUgQVQP7XO6eYXAz5z9joKuq8Yy7lfOywHb/H5LqNfoQPwlyc=
view
securepubads.g.doubleclick.net/pcs/ Frame 1544 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuTl9PVEFDOxaxC-9pfBuyZrPGBFx7JnbqSWXyfS8NYfsOa5lLKNe77Aq-i2OxloM5pFNbF50tPtkfkKwEbB_UFAg3O6m_xQtMnrwS4cM0kZvNOQIiSq_pk5pTv7QmG3Qtyk5Xm6SfA1-s_OZ-JJIsfz0JLHgbeQ45Rf14g0bD_2DDMryJ0bHPILTe7QQyIyuvVxjQP91Y6VgXNVL8u0z-t3u2a62UWl-VQoUg5HD8dq1YMF9e-rOOWcw&sig=Cg0ArKJSzKC_ic53jdNMEAE&urlfix=1&adurl=
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
fra15s17-in-f66.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 31 Jul 2017 21:55:27 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
0
x-xss-protection
1; mode=block
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j56&a=1507564501&t=timing&_s=1&dl=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewste...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-5883199-3&cid=503774942.1501538127&jid=2004135812&_gid=1594651888.1501538127&gjid=809402725&_v=j56&z=983206889
 		35 B
53 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-5883199-3&cid=503774942.1501538127&jid=2004135812&_gid=1594651888.1501538127&gjid=809402725&_v=j56&z=983206889
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400c:c07::9a , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 31 Jul 2017 21:55:28 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 31 Jul 2017 21:55:28 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-5883199-3&cid=503774942.1501538127&jid=2004135812&_gid=1594651888.1501538127&gjid=809402725&_v=j56&z=983206889
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
416
expires
Fri, 01 Jan 1990 00:00:00 GMT
get
cdn.krxd.net/userdata/ Frame 1544 		189 B
162 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.krxd.net/userdata/get?pub=7c727c7f-01f2-46b1-bafa-55662a7e6db8&callback=kx_partner_segments
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/partnerjs/segments_to_partner.js?partner=a272cefb-df39-4fcd-beff-79cd6cdf22ec&client=forb
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.175 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
66f52962d6a82d84ccb80efb25585f53b703328b6b610f7581fab9414fb99448

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

X-CDN-Backend
4FrRTvEr9h480D4BywjehZ--F_userdata_krxd_net___UserData_Service_V2
Date
Mon, 31 Jul 2017 21:55:28 GMT
Content-Encoding
gzip
Age
0
X-Cache
MISS, MISS
X-Request-Backend
kuser_data
Connection
keep-alive
X-Age
0
Content-Length
162
X-Served-By
userdata-a025.krxd.net, cache-hhn1531-HHN
Pragma
no-cache
X-Timer
S1501538128.038645,VS0,VE177
Vary
Accept-Encoding
Content-Type
text/javascript
Via
1.1 varnish
Cache-Control
no-cache, no-store, max-age=0
Accept-Ranges
bytes
X-Cache-Hits
0, 0
ca-pub-4111763448220873.js
pagead2.googlesyndication.com/pub-config/r20160913/ Frame 1544 		133 B
134 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-4111763448220873.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
7e7fa886d5d75c745d95be4fc3c5bfb4c988019b3f643c669734612345e1b8c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:32:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 28 Jul 2017 20:47:36 GMT
server
sffe
age
1350
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=43200
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,36,35",quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
125
x-xss-protection
1; mode=block
expires
Tue, 01 Aug 2017 09:32:58 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20170726/r20170110/ Frame 1544 		0
0
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20170726/r20170110/ Frame 1544 		188 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20170726/r20170110/show_ads_impl.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
ea04c5a359f2f391957c1959b8db44c0f79280de9869c0fbc902c166b58f57d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 21:55:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
5479702895554230256
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=1209600
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,36,35",quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
71582
x-xss-protection
1; mode=block
expires
Mon, 31 Jul 2017 21:55:27 GMT
truncated
/ Frame 1544 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3e22a8feb75873abc54105cb256d33d22b1fb1398ee6733a75296c240e5fb5d

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
mon
pixel.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.adsafeprotected.com/mon?anId=9546&campId=2x2&pubId=17094022&chanId=105796462&placementId=425539822&pubCreative=80147148622&pubOrder=344894542&cb=1421188082&custom=&custom2=temp&custom3=&adsafe_url=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&adsafe_type=aq&adsafe_url=https%3A%2F%2Fwww.forbes.com%2F&adsafe_type=ce&adsafe_url=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D&adsafe_type=bdf&adsafe_jsinfo=,id:e092b822-8144-d8a8-4f1e-1f01762b35c7,c:jZ64BI,sl:inView,em:true,fr:true,mn:app33ami,pt:1-5-15,wc:0.0.1600.1200,ac:0.0.2.2,am:i,cc:0.0.2.0,piv:100,obst:0,th:0,reas:,cmps:1,br:u,fv:0,bv:na,dm:na,abv:na,an:n,fm:qqZKXIo+11|12|13|14*.9546|141|15|161|1621|17,idMap:14*,pl:,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,uf:0,tt:jload,et:39,oid:f6ccd8cf-763a-11e7-b57f-382c4ac630ed,v:17.3.49,sp:0,ct:na,dtm:i,gtpl:0,wr:1600.1200,sr:1600.1200,mf:2017704577,ov:0
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.55 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:28 GMT
X-Server-Name
app33ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
ads
googleads.g.doubleclick.net/pagead/ Frame 1544 		0
0
osd.js
pagead2.googlesyndication.com/pagead/js/r20170726/r20170110/ Frame 1544 		82 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20170726/r20170110/osd.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20170726/r20170110/show_ads_impl.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
80de64a5788341a0deba3bb87c5cafe83e725e8d5f04e4075bebf671f80b49d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Thu, 27 Jul 2017 18:44:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
357035
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,36,35",quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
30676
x-xss-protection
1; mode=block
server
cafe
etag
15022272777873382488
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Aug 2017 18:44:53 GMT
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=e092b822-8144-d8a8-4f1e-1f01762b35c7&tv={c:jZ64Cy,pingTime:0,time:90,type:pf,env:{sf:0},rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:91,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:37,wc:0.0.1600.1200,ac:0.0.2.2,am:i,cc:0.0.2.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[69~100],as:[69~2.2]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:0,fm:qqZKXIo+11|12|13|14*.9546|141|15|161|1621|17,idMap:14*}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:28 GMT
X-Server-Name
dt36ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
init
services.trugaze.io/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://services.trugaze.io/init?appId=PHWP7UVG&h=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F&t=1501538128042
Requested by
Host: cdn.trugaze.io
URL: https://cdn.trugaze.io/bootstrap/PHWP7UVG.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.193.42.132 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-193-42-132.compute-1.amazonaws.com
Software
/
Resource Hash
6d98cc2f559f280b7c4a985638bdc9caeaecf590f1543eae3057168f000ccb14

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:28 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Content-Type
application/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=e092b822-8144-d8a8-4f1e-1f01762b35c7&tv={c:jZ64CS,pingTime:-2,time:110,type:a,sca:{dfp:{df:0}},env:{pom:1},rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:110,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:37,wc:0.0.1600.1200,ac:0.0.2.2,am:i,cc:0.0.2.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[88~100],as:[88~2.2]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:0,fm:qqZKXIo+11|12|13|14*.9546|141|15|161|1621|17,idMap:14*,slid:[google_ads_iframe_/7175/fdc.forbes/welcome_0,google_ads_iframe_/7175/fdc.forbes/welcome_0__container__,initial,ads,app],sinceFw:70,readyFired:true}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:28 GMT
X-Server-Name
dt52ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
mon
pixel.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.adsafeprotected.com/mon?anId=9546&campId=300x250&pubId=16898302&chanId=105796462&placementId=1185574942&pubCreative=111357891862&pubOrder=465390502&cb=541867923&custom=&custom2=welcome&custom3=&adsafe_url=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&adsafe_type=aq&adsafe_url=https%3A%2F%2Fwww.forbes.com%2F&adsafe_type=ce&adsafe_url=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D&adsafe_type=bdf&adsafe_jsinfo=,id:f4dd2375-efec-ceb5-28e2-4d6b873f17de,c:jZ64DG,sl:inView,em:true,fr:true,mn:app33ami,pt:1-5-15,wc:0.0.1600.1200,ac:1244.171.298.248,am:i,cc:0.0.298.254,piv:100,obst:0,th:0,reas:,cmps:1,br:u,fv:0,bv:na,dm:na,abv:na,an:n,fm:qqZKXKh+11|12|13|141|142|15|16*.9546|161|1621|1622|17,idMap:16*,pl:,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,uf:0,tt:jload,et:44,oid:f6db30a2-763a-11e7-a5a8-382c4ac630ed,v:17.3.49,sp:0,ct:na,dtm:i,gtpl:0,wr:1600.1200,sr:1600.1200,mf:-494535611,ov:0
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.55 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:28 GMT
X-Server-Name
app33ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=f4dd2375-efec-ceb5-28e2-4d6b873f17de&tv={c:jZ64DT,pingTime:0,time:56,type:pf,env:{sf:0},rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:56,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:42,wc:0.0.1600.1200,ac:1244.171.298.248,am:i,cc:0.0.298.254,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[31~100],as:[32~298.248]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:0,fm:qqZKXKh+11|12|13|141|142|15|16*.9546|161|1621|1622|17,idMap:16*}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:28 GMT
X-Server-Name
dt48ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=f4dd2375-efec-ceb5-28e2-4d6b873f17de&tv={c:jZ64DY,pingTime:-2,time:61,type:a,sca:{dfp:{df:4,sz:298.254,dom:body}},env:{pom:1},rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:61,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:42,wc:0.0.1600.1200,ac:1244.171.298.248,am:i,cc:0.0.298.254,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[36~100],as:[36~298.248]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:0,fm:qqZKXKh+11|12|13|141|142|15|16*.9546|161|1621|1622|17,idMap:16*,slid:[google_ads_iframe_/7175/fdc.forbes/welcome_1,google_ads_iframe_/7175/fdc.forbes/welcome_1__container__,welcome,ads,app],sinceFw:16,readyFired:true}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:28 GMT
X-Server-Name
dt52ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
pixel.gif
forbes274355.s.moatpixel.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forbes274355.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=61&fi=1&apd=122&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=forbes.com&L1id=16898302&L2id=465390502&L3id=1185574942&L4id=111357891862&S1id=105791542&S2id=105796462&ord=1501538127855&r=339907518479&t=meas&zMoatTPImpId=0&q=1&nu=1&ib=0&dc=1&ob=0&oh=1&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.90.245 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-90-245.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Thu, 27 Jul 2017 18:56:45 GMT
Via
1.1 9ce63d3af60e77462dfef1ebe1eea8f0.cloudfront.net (CloudFront)
Last-Modified
Mon, 22 Apr 2013 19:31:32 GMT
Server
AmazonS3
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
X-Cache
Hit from cloudfront
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
X-Amz-Cf-Id
-2vJ4U0h5-FBtAyK7BVC0ufHvEDFPKgmzKSeuKZfsB_ONK5HSp0o9w==
pixel.gif
forbes274355.s.moatpixel.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forbes274355.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=61&fi=1&apd=122&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=forbes.com&L1id=16898302&L2id=465390502&L3id=1185574942&L4id=111357891862&S1id=105791542&S2id=105796462&ord=1501538127855&r=339907518479&t=fv&zMoatTPImpId=0&q=2&nu=1&ib=0&dc=1&ob=0&oh=1&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.90.245 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-90-245.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Thu, 27 Jul 2017 18:56:45 GMT
Via
1.1 9865fbd5c61131fde861cc79a5ba4ead.cloudfront.net (CloudFront)
Last-Modified
Mon, 22 Apr 2013 19:31:32 GMT
Server
AmazonS3
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
X-Cache
Hit from cloudfront
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
X-Amz-Cf-Id
E8Bvrrc9qPS73PMptvXGaPaEBKWhsLjCUu__2N9EYc7b38yF6r4xEQ==
pixel.gif
forbes274355.s.moatpixel.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forbes274355.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=61&fi=1&apd=122&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=forbes.com&L1id=16898302&L2id=465390502&L3id=1185574942&L4id=111357891862&S1id=105791542&S2id=105796462&ord=1501538127855&r=339907518479&t=nht&zMoatTPImpId=0&q=3&nu=1&ib=0&dc=1&ob=0&oh=1&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.90.245 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-90-245.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Thu, 27 Jul 2017 18:56:45 GMT
Via
1.1 031c38bec1e4f8401157e1d767a53637.cloudfront.net (CloudFront)
Last-Modified
Mon, 22 Apr 2013 19:31:32 GMT
Server
AmazonS3
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
X-Cache
Hit from cloudfront
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
X-Amz-Cf-Id
In7FBiLSkb0E0imJslcvqbocNBnaLiB9Cpb1EBqvZxXWKInzyldF1w==
activeview
pagead2.googlesyndication.com/ Frame 1544 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/activeview?avi=B5R0OT6d_WZOFIYmEzAaIvYioCgAAAAAQATgByAEJwAIC4AIA4AQBoAYW0ggFCIBhEAE&cid=CAASBORoizc&id=osdim&ti=1&r=u&adk=1644855544&tt=787&bs=1600,1200&mtos=0,0,0,0,0&tos=0,0,0,0,0&p=0,0,0,0&rs=3&ht=0&mc=0&lte=-1&bas=0&bac=0&bos=1600,1200&ps=1600,1200&ss=1600,1200&pt=-1&deb=1-0-2-3-2--1&tvt=64&avms=geo&uc=1&tgt=BODY&cl=0&cec=11&clc=0&cac=0&cd=2x0
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 31 Jul 2017 21:55:28 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,36,35",quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
swfobject.js
ajax.googleapis.com/ajax/libs/swfobject/2.2/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
Requested by
Host: services.trugaze.io
URL: https://services.trugaze.io/init?appId=PHWP7UVG&h=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F&t=1501538128042
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:818::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
8677971b119ccdb82af697ff0e08f218490d15116f221d44301f1cc8797e67d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

date
Mon, 31 Jul 2017 11:37:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37053
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
3974
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 31 Jul 2018 11:37:55 GMT
tg-1.0.19.js
cdn.trugaze.io/ 		106 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.trugaze.io/tg-1.0.19.js
Requested by
Host: services.trugaze.io
URL: https://services.trugaze.io/init?appId=PHWP7UVG&h=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F&t=1501538128042
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.87.23 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-87-23.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
137b036766b728c1fe52068b8acae164a2b76d874f7aa98c223ab71a92e2de30

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:28 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 Jul 2017 14:03:14 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"4253f947dce4b6396f1b42fa1dafc7a3"
X-Cache-Status
HIT
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
32819
initcb
services.trugaze.io/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://services.trugaze.io/initcb?appId=7&vId=11523770EE706530&cId=1076&dads=0&lts=0&nv=1&s=12&res=1600x1200&c=1&l=en&r=&sr=&ts=1501538128865&rs=0&h=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&npv=1&ltsss=0&ltsvs=0
Requested by
Host: services.trugaze.io
URL: https://services.trugaze.io/init?appId=PHWP7UVG&h=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F&t=1501538128042
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.193.42.132 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-193-42-132.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

X-NoCache
true
Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:28 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
0
Content-Type
application/javascript;charset=UTF-8
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=e092b822-8144-d8a8-4f1e-1f01762b35c7&tv={c:jZ64SJ,pingTime:1,time:1093,type:p,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:1093,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:37,wc:0.0.1600.1200,ac:0.0.2.2,am:i,cc:0.0.2.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1071~100],as:[1071~2.2]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:101,fm:qqZKXIo+11|12|13|14*.9546|141|15|16.9546|161|1621|17,idMap:14*}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:29 GMT
X-Server-Name
dt28ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=e092b822-8144-d8a8-4f1e-1f01762b35c7&tv={c:jZ64SJ,pingTime:1,time:1093,type:pf,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:1093,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:37,wc:0.0.1600.1200,ac:0.0.2.2,am:i,cc:0.0.2.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1071~100],as:[1071~2.2]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:101,fm:qqZKXIo+11|12|13|14*.9546|141|15|16.9546|161|1621|17,idMap:14*}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:29 GMT
X-Server-Name
dt36ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=e092b822-8144-d8a8-4f1e-1f01762b35c7&tv={c:jZ64SJ,pingTime:1,time:1093,type:c,clog:[{piv:100,vs:i,r:,w:2,h:2,t:37}],rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:1093,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:37,wc:0.0.1600.1200,ac:0.0.2.2,am:i,cc:0.0.2.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1071~100],as:[1071~2.2]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:101,fm:qqZKXIo+11|12|13|14*.9546|141|15|16.9546|161|1621|17,idMap:14*,metricId:publ1}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:29 GMT
X-Server-Name
dt31ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=e092b822-8144-d8a8-4f1e-1f01762b35c7&tv={c:jZ64SK,pingTime:1,time:1094,type:c,clog:[{piv:100,vs:i,r:,w:2,h:2,t:37}],rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:1094,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:37,wc:0.0.1600.1200,ac:0.0.2.2,am:i,cc:0.0.2.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1072~100],as:[1072~2.2]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:101,fm:qqZKXIo+11|12|13|14*.9546|141|15|16.9546|161|1621|17,idMap:14*,metricId:grpm1}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:29 GMT
X-Server-Name
dt36ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
/
ortc-prd.realtime.co/server/ssl/2.1/ 		65 B
71 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ortc-prd.realtime.co/server/ssl/2.1/?guid=10dd94a1-ce1a-0661-ebb1-2436f0457eec&appkey=mD7JqN
Requested by
Host: cdn.trugaze.io
URL: https://cdn.trugaze.io/tg-1.0.19.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.82.87 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-72-82-87.compute-1.amazonaws.com
Software
/ Express
Resource Hash
1d90a2a5e3f12ef0a54a4f38a886abfd62ee1149516c0220d7c46a8a6bd3c40b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 31 Jul 2017 21:58:07 GMT
X-Powered-By
Express
Transfer-Encoding
chunked
Content-Type
text/javascript
adunitMapping
services.trugaze.io/ Frame 1544 		757 B
460 B 		Script
General
Check archive.org
Download Go to
Full URL
https://services.trugaze.io/adunitMapping?appId=7&eaup=/7175/fdc.forbes/welcome&eolid=425539822&eci=80147148622&ct=%7B%22pos%22%3A%5B%22temp%22%5D%7D&w=2&h=2&tgRotSlot=&isda=0
Requested by
Host: cdn.trugaze.io
URL: https://cdn.trugaze.io/tg-1.0.19.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.193.42.132 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-193-42-132.compute-1.amazonaws.com
Software
/
Resource Hash
a6ee34ce658ceedf26c26d8226801b33ec24eefb911a65e250e66caa620b5b01

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:29 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
adunitMapping
services.trugaze.io/ Frame 1544 		756 B
464 B 		Script
General
Check archive.org
Download Go to
Full URL
https://services.trugaze.io/adunitMapping?appId=7&eaup=/7175/fdc.forbes/welcome&eolid=1185574942&eci=111357891862&ct=%7B%22pos%22%3A%5B%22welcome%22%5D%7D&w=300&h=250&tgRotSlot=&isda=0
Requested by
Host: cdn.trugaze.io
URL: https://cdn.trugaze.io/tg-1.0.19.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.193.42.132 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-193-42-132.compute-1.amazonaws.com
Software
/
Resource Hash
94d7377778bfac6dc5d49f47666d7b68be55bc791f93d1084179ef410f55d04b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:29 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=f4dd2375-efec-ceb5-28e2-4d6b873f17de&tv={c:jZ64U3,pingTime:1,time:1058,type:p,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:1058,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:42,wc:0.0.1600.1200,ac:1244.171.298.248,am:i,cc:0.0.298.254,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1033~100],as:[1033~298.248]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:79,fm:qqZKXKh+11|12|13|141|142|15|16*.9546|161|1621|1622|17,idMap:16*}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:29 GMT
X-Server-Name
dt63ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=f4dd2375-efec-ceb5-28e2-4d6b873f17de&tv={c:jZ64U4,pingTime:1,time:1059,type:pf,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:1059,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:42,wc:0.0.1600.1200,ac:1244.171.298.248,am:i,cc:0.0.298.254,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1034~100],as:[1034~298.248]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:79,fm:qqZKXKh+11|12|13|141|142|15|16*.9546|161|1621|1622|17,idMap:16*}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:29 GMT
X-Server-Name
dt42ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=f4dd2375-efec-ceb5-28e2-4d6b873f17de&tv={c:jZ64U4,pingTime:1,time:1059,type:c,clog:[{piv:100,vs:i,r:,w:298,h:248,t:42}],rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:1059,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:42,wc:0.0.1600.1200,ac:1244.171.298.248,am:i,cc:0.0.298.254,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1034~100],as:[1034~298.248]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:79,fm:qqZKXKh+11|12|13|141|142|15|16*.9546|161|1621|1622|17,idMap:16*,metricId:publ1}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:29 GMT
X-Server-Name
dt48ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=f4dd2375-efec-ceb5-28e2-4d6b873f17de&tv={c:jZ64U5,pingTime:1,time:1060,type:c,clog:[{piv:100,vs:i,r:,w:298,h:248,t:42}],rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:1060,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:42,wc:0.0.1600.1200,ac:1244.171.298.248,am:i,cc:0.0.298.254,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[1035~100],as:[1035~298.248]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:79,fm:qqZKXKh+11|12|13|141|142|15|16*.9546|161|1621|1622|17,idMap:16*,metricId:grpm1}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:29 GMT
X-Server-Name
dt48ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
tg-ad.js
cdn.trugaze.io/ Frame 1544 		1 KB
595 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.trugaze.io/tg-ad.js
Requested by
Host: services.trugaze.io
URL: https://services.trugaze.io/adunitMapping?appId=7&eaup=/7175/fdc.forbes/welcome&eolid=425539822&eci=80147148622&ct=%7B%22pos%22%3A%5B%22temp%22%5D%7D&w=2&h=2&tgRotSlot=&isda=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.87.23 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-87-23.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
cb4530ef16f7615dbce71db26d742e5ec0b2ab84028eef8c623511acb221cf72

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:29 GMT
Content-Encoding
gzip
Last-Modified
Tue, 27 Jun 2017 13:21:47 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"b785a90303a0b3502c84587eedf04775"
X-Cache-Status
HIT
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
595
tg-ad.js
cdn.trugaze.io/ Frame 1544 		1 KB
595 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.trugaze.io/tg-ad.js
Requested by
Host: services.trugaze.io
URL: https://services.trugaze.io/adunitMapping?appId=7&eaup=/7175/fdc.forbes/welcome&eolid=1185574942&eci=111357891862&ct=%7B%22pos%22%3A%5B%22welcome%22%5D%7D&w=300&h=250&tgRotSlot=&isda=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.87.23 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-87-23.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
cb4530ef16f7615dbce71db26d742e5ec0b2ab84028eef8c623511acb221cf72

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:29 GMT
Content-Encoding
gzip
Last-Modified
Tue, 27 Jun 2017 13:21:47 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"b785a90303a0b3502c84587eedf04775"
X-Cache-Status
HIT
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
595
maw
storage.trugaze.io/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.trugaze.io/maw?key=%7B%22order%22%3A1548%2C%22line%22%3A85802%2C%22size%22%3A%222x2%22%7D&regImp=inc&token=d89dbec9-e069-4e92-a6cd-e1f2619a51f7
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.45.125.165 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-45-125-165.compute-1.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:29 GMT
Connection
keep-alive
X-Powered-By
Express
ETag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Content-Length
0
Content-Type
text/html; charset=utf-8
maw
storage.trugaze.io/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.trugaze.io/maw?key=%7B%22order%22%3A1548%2C%22line%22%3A85802%2C%22size%22%3A%222x2%22%7D&stdImp=inc&token=6aa23e58-2038-4914-8a3a-e2ab219fc7b1
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.45.125.165 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-45-125-165.compute-1.amazonaws.com
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Mon, 31 Jul 2017 21:55:29 GMT
Connection
keep-alive
X-Powered-By
Express
ETag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Content-Length
0
Content-Type
text/html; charset=utf-8
collect
www.google-analytics.com/ 		35 B
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j56&a=1507564501&t=timing&_s=1&dl=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D&dr=&ul=en-us&de=UTF-8&dt=Forbes%20Welcome&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=performance&utv=Ad%20Viewable&utl=Welcome%20Ad%20Viewable&utt=1529&_u=aGDAAAABI~&jid=&gjid=&cid=503774942.1501538127&tid=UA-5883199-3&_gid=1594651888.1501538127&gtm=GTM-NMQJM4&cg1=fdc.forbes%3Awelcome&cg2=none&cg3=none&cg4=none&cg5=none&cd2=none&cd3=none&cd4=ads&cd5=none&cd9=none&cd10=none&cd11=none&cd12=none&cd13=none&cd14=none&cd15=fdc.forbes&cd16=welcome&cd17=none&cd18=0&cd19=none&cd20=none&cd21=none&cd22=none&cd23=none&cd24=none&cd25=none&cd31=%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&cd32=none&cd33=0&cd34=0&cd35=none&cd36=none&cd37=none&cd38=none&cd39=none&cd40=none&cd42=none&cd43=a47ef1ec68c9b308df7b6dd5c4db98385e0&cd44=none&cd45=false&cd46=false&cd47=none&cd48=false&cd49=0&cd50=none&cd51=none&cd56=false&cd57=false&cd58=false&cd59=none&cd60=none&cd61=none&cd62=none&cd63=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&cd64=none&cd65=none&cd66=none&cd67=https&cd68=none&cd69=none&cd70=none&cd71=none&cd72=false&z=1656130062
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jul 2017 23:05:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
341416
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/ Frame 1544 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/activeview?avi=BLHccT6d_Wc7xJMbjzAa__pawBwAAAAAQATgByAEJwAIC4AIA4AQBoAYW0ggFCIBhEAE&cid=CAASEuRoxloGOxr2f3AGh7TzLQ4jlA&id=osdim&ti=1&r=u&adk=1478256836&tt=1799&bs=1600,1200&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&p=171,1244,421,1544&rs=3&ht=0&tfs=786&tls=1791&mc=1&lte=1&bas=0&bac=0&bos=1600,1200&ps=1600,1200&ss=1600,1200&pt=-1&deb=1-0-2-11-6--1&tvt=1076&avms=geo&uc=4&tgt=INS&cl=1&cec=13&clc=1&cac=0&cd=300x250
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 31 Jul 2017 21:55:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,36,35",quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
forbes274355.s.moatpixel.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forbes274355.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1000&tet=1139&fi=1&apd=1200&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=forbes.com&L1id=16898302&L2id=465390502&L3id=1185574942&L4id=111357891862&S1id=105791542&S2id=105796462&ord=1501538127855&r=339907518479&t=iv&zMoatTPImpId=0&q=4&nu=1&ib=0&dc=1&ob=0&oh=1&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.90.245 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-90-245.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Thu, 27 Jul 2017 18:56:45 GMT
Via
1.1 9865fbd5c61131fde861cc79a5ba4ead.cloudfront.net (CloudFront)
Last-Modified
Mon, 22 Apr 2013 19:31:32 GMT
Server
AmazonS3
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
X-Cache
Hit from cloudfront
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
X-Amz-Cf-Id
bQCPzJCcCNCBB379M2_bLzU-HORBF8OyB2ufWSwwdVwOhsIjxHIm_w==
checksync.php
contextual.media.net/ Frame 1544 		0
0
collect
www.google-analytics.com/ 		35 B
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j56&a=1507564501&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D&dr=&ul=en-us&de=UTF-8&dt=Forbes%20Welcome&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Template%20Area%20Interaction&ea=Page%20Loaded&el=none&_u=aGDAAAABI~&jid=&gjid=&cid=503774942.1501538127&tid=UA-5883199-3&_gid=1594651888.1501538127&gtm=GTM-NMQJM4&cg1=fdc.forbes%3Awelcome&cg2=none&cg3=none&cg4=none&cg5=none&cd2=none&cd3=none&cd4=ads&cd5=none&cd9=none&cd10=none&cd11=none&cd12=none&cd13=none&cd14=none&cd15=fdc.forbes&cd16=welcome&cd17=none&cd18=0&cd19=none&cd20=none&cd21=none&cd22=none&cd23=none&cd24=none&cd25=none&cd27=none&cd28=none&cd29=none&cd30=none&cd31=%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&cd32=none&cd33=0&cd34=0&cd35=none&cd36=none&cd37=none&cd38=none&cd39=none&cd40=none&cd41=none&cd42=none&cd43=a47ef1ec68c9b308df7b6dd5c4db98385e0&cd44=none&cd45=false&cd46=false&cd47=none&cd48=false&cd49=0&cd50=none&cd51=none&cd52=none&cd53=none&cd54=none&cd55=none&cd56=false&cd57=false&cd58=false&cd59=none&cd60=none&cd61=none&cd62=none&cd63=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&cd64=none&cd65=none&cd66=none&cd67=https&cd68=none&cd69=none&cd70=none&cd71=none&cd72=false&z=994339649
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jul 2017 23:05:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
341417
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j56&a=1507564501&t=timing&_s=1&dl=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D&dr=&ul=en-us&de=UTF-8&dt=Forbes%20Welcome&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=performance&utv=Autoforward%20Countdown%20Begin&utl=Content&utt=502&_u=aGDAAAABI~&jid=&gjid=&cid=503774942.1501538127&tid=UA-5883199-3&_gid=1594651888.1501538127&gtm=GTM-NMQJM4&cg1=fdc.forbes%3Awelcome&cg2=none&cg3=none&cg4=none&cg5=none&cd2=none&cd3=none&cd4=ads&cd5=none&cd9=none&cd10=none&cd11=none&cd12=none&cd13=none&cd14=none&cd15=fdc.forbes&cd16=welcome&cd17=none&cd18=0&cd19=none&cd20=none&cd21=none&cd22=none&cd23=none&cd24=none&cd25=none&cd31=%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&cd32=none&cd33=0&cd34=0&cd35=none&cd36=none&cd37=none&cd38=none&cd39=none&cd40=none&cd42=none&cd43=a47ef1ec68c9b308df7b6dd5c4db98385e0&cd44=none&cd45=false&cd46=false&cd47=none&cd48=false&cd49=0&cd50=none&cd51=none&cd56=false&cd57=false&cd58=false&cd59=none&cd60=none&cd61=none&cd62=none&cd63=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&cd64=none&cd65=none&cd66=none&cd67=https&cd68=none&cd69=none&cd70=none&cd71=none&cd72=false&z=1498191290
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jul 2017 23:05:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
341417
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j56&a=1507564501&t=timing&_s=1&dl=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D&dr=&ul=en-us&de=UTF-8&dt=Forbes%20Welcome&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=performance&utv=Content%20Visible&utl=Content&utt=275&_u=aGDAAAABI~&jid=&gjid=&cid=503774942.1501538127&tid=UA-5883199-3&_gid=1594651888.1501538127&gtm=GTM-NMQJM4&cg1=fdc.forbes%3Awelcome&cg2=none&cg3=none&cg4=none&cg5=none&cd2=none&cd3=none&cd4=ads&cd5=none&cd9=none&cd10=none&cd11=none&cd12=none&cd13=none&cd14=none&cd15=fdc.forbes&cd16=welcome&cd17=none&cd18=0&cd19=none&cd20=none&cd21=none&cd22=none&cd23=none&cd24=none&cd25=none&cd31=%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&cd32=none&cd33=0&cd34=0&cd35=none&cd36=none&cd37=none&cd38=none&cd39=none&cd40=none&cd42=none&cd43=a47ef1ec68c9b308df7b6dd5c4db98385e0&cd44=none&cd45=false&cd46=false&cd47=none&cd48=false&cd49=0&cd50=none&cd51=none&cd56=false&cd57=false&cd58=false&cd59=none&cd60=none&cd61=none&cd62=none&cd63=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&cd64=none&cd65=none&cd66=none&cd67=https&cd68=none&cd69=none&cd70=none&cd71=none&cd72=false&z=854116437
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jul 2017 23:05:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
341417
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j56&a=1507564501&t=timing&_s=1&dl=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D&dr=&ul=en-us&de=UTF-8&dt=Forbes%20Welcome&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=performance&utv=Continue%20Button%20Visible&utl=Content&utt=3508&_u=aGDAAAABI~&jid=&gjid=&cid=503774942.1501538127&tid=UA-5883199-3&_gid=1594651888.1501538127&gtm=GTM-NMQJM4&cg1=fdc.forbes%3Awelcome&cg2=none&cg3=none&cg4=none&cg5=none&cd2=none&cd3=none&cd4=ads&cd5=none&cd9=none&cd10=none&cd11=none&cd12=none&cd13=none&cd14=none&cd15=fdc.forbes&cd16=welcome&cd17=none&cd18=0&cd19=none&cd20=none&cd21=none&cd22=none&cd23=none&cd24=none&cd25=none&cd31=%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&cd32=none&cd33=0&cd34=0&cd35=none&cd36=none&cd37=none&cd38=none&cd39=none&cd40=none&cd42=none&cd43=a47ef1ec68c9b308df7b6dd5c4db98385e0&cd44=none&cd45=false&cd46=false&cd47=none&cd48=false&cd49=0&cd50=none&cd51=none&cd56=false&cd57=false&cd58=false&cd59=none&cd60=none&cd61=none&cd62=none&cd63=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F&cd64=none&cd65=none&cd66=none&cd67=https&cd68=none&cd69=none&cd70=none&cd71=none&cd72=false&z=368686746
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81c::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jul 2017 23:05:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
341420
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=e092b822-8144-d8a8-4f1e-1f01762b35c7&tv={c:jZ65Ve,pingTime:5,time:5092,type:p,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:5093,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:37,wc:0.0.1600.1200,ac:0.0.2.2,am:i,cc:0.0.2.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[5071~100],as:[5071~2.2]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:53,fm:qqZKXIo+11|12|13|14*.9546|141|15|16.9546|161|1621|17,idMap:14*}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:33 GMT
X-Server-Name
dt64ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=e092b822-8144-d8a8-4f1e-1f01762b35c7&tv={c:jZ65Vf,pingTime:5,time:5093,type:pf,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:5093,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:37,wc:0.0.1600.1200,ac:0.0.2.2,am:i,cc:0.0.2.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[5071~100],as:[5071~2.2]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:53,fm:qqZKXIo+11|12|13|14*.9546|141|15|16.9546|161|1621|17,idMap:14*}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx/1.11.6 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:33 GMT
X-Server-Name
dt65ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx/1.11.6
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=f4dd2375-efec-ceb5-28e2-4d6b873f17de&tv={c:jZ65Wz,pingTime:5,time:5058,type:p,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:5058,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:42,wc:0.0.1600.1200,ac:1244.171.298.248,am:i,cc:0.0.298.254,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[5033~100],as:[5033~298.248]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:53,fm:qqZKXKh+11|12|13|141|142|15|16*.9546|161|1621|1622|17,idMap:16*}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:33 GMT
X-Server-Name
dt33ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=9546&asId=f4dd2375-efec-ceb5-28e2-4d6b873f17de&tv={c:jZ65WA,pingTime:5,time:5059,type:pf,rt:1,cb:0,th:0,es:0,sa:1,sc:0,ha:1,gm:1,fif:1,slTimes:{i:5059,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:42,wc:0.0.1600.1200,ac:1244.171.298.248,am:i,cc:0.0.298.254,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[5034~100],as:[5034~298.248]}}],slEventCount:1,em:true,fr:true,uf:0,e:,tt:jload,dtt:53,fm:qqZKXKh+11|12|13|141|142|15|16*.9546|161|1621|1622|17,idMap:16*}&br=u
Requested by
Host: www.forbes.com
URL: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.172.216.111 New York, United States, ASN7415 (ADSAFE-1 - Integral Ad Science, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.forbes.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 31 Jul 2017 21:55:33 GMT
X-Server-Name
dt37ami.ami.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
close
Content-Type
image/gif
Content-Length
43
Server
nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdns.us1.gigya.com
URL
https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_8Fcn29ZQ5lcRRr8BsC6Y2q8eRKPl567JTM6IWXsqW4eqW57_fNx29GDl9YdzZLvH
Domain
tpc.googlesyndication.com
URL
https://tpc.googlesyndication.com/safeframe/1-0-9/html/container.html
Domain
stags.bluekai.com
URL
https://stags.bluekai.com/site/35094?dt=0&r=2071364231&sig=1580772656&bkca=KJ0aAANFtp91C72Bz7wCtWficcpGrQR2fnHtsfOnG9XbaihEO3UDXnX4qS+RbyTR/WMDGNKFHWGWGVoYjf52RpODL7NG6sf0g6nfiaxMWmWMAI6p3s9z1AVcWncdatu+YzYLNr3r5iECgXFFuEr9PS8fJId+LlPCf4/A4wB0U5mULRzNrfIah+sS4icDw2VSwrgyIEYMot0n/2xfD/5u7VuKkgGI0GwVKNPGKugpzQ2okaXrLgN1arz8r6tVdF3x6gpKXg3XKRwQJyUYy11eH8tQaQ/c9GD5FRZR2dzYHT8bzgVhWcAw8O6gmSyBYkEyjGwiYCNQVmRzWwxWYe40MKAUSF9P4JCD6Vfh1nm46vdZpxbDx2KB00u9S+Oj5hlMp5X7BFt1JGEKqdnfEUqZBQhe4mQfpGJOcK+0MAX204JpzeII4dFdjLIdj2gnq2GJnTZwe691L7Hl8Ys5rZp3e9k1s3aSnkciMYPpEVTKAk36A1ubXx/0DYY5ShBgL9P+ZeCvNYiOyw4XQfZuXt6mOwP00uDs/3O8kZ5va4konTrE3n4V5YjDrlxgVIhX+5+ukSPoZo5aXx52V0ze
Domain
i.forbesimg.com
URL
https://i.forbesimg.com/forbes/scripts/de79e487.vendor.js
Domain
i.forbesimg.com
URL
https://i.forbesimg.com/forbes/scripts/455e9d68.scripts.js
Domain
i.forbesimg.com
URL
https://i.forbesimg.com/forbes/styles/04faf44d.main.css
Domain
loadus.exelator.com
URL
https://loadus.exelator.com/load//net.php?n=PGltZyB3aWR0aD0iMSIgYWx0PSJFeGVsYXRlRGF0YSIgc3JjPSJodHRwczovL3N5bmMubWF0aHRhZy5jb20vc3luYy9pbWc%2FbXRfZXhpZD0xMDAwOCZyZWRpcj1odHRwcyUzQSUyRiUyRmxvYWRtLmV4ZWxhdG9yLmNvbSUyRmxvYWQlMkYlM0ZwJTNEMjA0JTI2ZyUzRDEwMSUyNmolM0QwJTI2YnVpZD1bTU1fVVVJRF0iIGhlaWdodD0iMSI%2BPC9pbWc%2BPGltZyB3aWR0aD0iMSIgYWx0PSJFeGVsYXRlRGF0YSIgc3JjPSJodHRwczovL2NtLmcuZG91YmxlY2xpY2submV0L3BpeGVsP2dvb2dsZV9uaWQ9ZXhlbGF0ZSZnb29nbGVfY20mZ29vZ2xlX3NjIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgd2lkdGg9IjEiIGFsdD0iRXhlbGF0ZURhdGEiIHNyYz0iaHR0cHM6Ly9zeW5jLnRpZGFsdHYuY29tL0dlbmVyaWNVc2VyU3luYy5hc2h4P2RwaWQ9NCIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8ee2084fc4a0b601f8411c0f48f17ca2
Domain
aax-eu.amazon-adsystem.com
URL
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=pm&dcc=t
Domain
googleads.g.doubleclick.net
URL
https://googleads.g.doubleclick.net/pagead/html/r20170726/r20170110/zrt_lookup.html
Domain
googleads.g.doubleclick.net
URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4111763448220873&output=html&h=250&slotname=8516502165&adk=2458726018&adf=437111087&w=300&ea=0&flash=0&url=https%3A%2F%2Fwww.forbes.com%2F&wgl=1&dt=1501538127905&bpp=7&bdt=323&fdt=9&idt=107&shv=r20170726&cbv=r20170110&saldr=sa&correlator=2828134818492&frm=23&ga_vid=503774942.1501538127&ga_sid=1501538128&ga_hid=2118412542&ga_fc=0&pv=2&iag=15&icsg=2&nhd=2&dssz=2&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1244&ady=171&biw=1600&bih=1200&isw=298&ish=248&ifk=754334530&oid=3&top=https%3A%2F%2Fwww.forbes.com%2Fforbes%2Fwelcome%2F%3FtoURL%3Dhttps%3A%2F%2Fwww.forbes.com%2Fsites%2Fthomasbrewster%2F2017%2F07%2F27%2Firan-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage%2F%26refURL%3D%26referrer%3D%232cc4395b49af&rx=0&eae=2&fc=528&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C298%2C248&vis=1&rsz=%7C%7CpeE%7C&abl=CS&ppjl=u&pfx=0&fu=20&bc=1&ifi=1&dtd=121
Domain
contextual.media.net
URL
https://contextual.media.net/checksync.php?vsSync=1&cs=1&cv=30&cid=8CUX956JU&https=1&prvid=77%2C23%2C28%2C33%2C43%2C51%2C56%2C59&rtime=2314

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

51 Cookies

Domain/Path Name / Value
.yahoo.com/ Name: B
Value: b3tojmdcnv9qg&b=3&s=6g
.pubmatic.com/ Name: PUBMDCID
Value: 3
.pubmatic.com/ Name: SPugT
Value: 1501538128
.pubmatic.com/ Name: PugT
Value: 1501538128
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 15669-CAESEOkdQvEQpRPCRTRjKcGR2dM&KRTB&15671-CAESEOkdQvEQpRPCRTRjKcGR2dM&KRTB&16514-CAESEOkdQvEQpRPCRTRjKcGR2dM
.forbes.com/ Name: ___tg_vis
Value: 11523770EE706530.1501538128811
.forbes.com/ Name: ___tg_ses_sec
Value: 12:1501538128811
.forbes.com/ Name: _ga
Value: GA1.2.503774942.1501538127
.forbes.com/ Name: ___tg_ses
Value: 11523770EE706530.1
.forbes.com/ Name: __gads
Value: ID=69ed06d55bb8f273:T=1501538127:S=ALNI_MaHmkN4fRXYlaCAz3r2CdyctqsIVA
www.forbes.com/ Name: mnet_session_depth
Value: 1%7C1501538127714
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQSHF3MQ4Nc3cNBmILIzNjSyTU02MTQxMzVLSDCxTUlMWl6UWLVhaWpyaknRoSUVOSU7T6rL4UMd4N0dfT5%252FIZc4ZRfm5qSvAQmGuQYtMLZfkF2WmL3JxXVyUksawqKT4VPC6s8EAgmEqTg%253D%253D"
www.forbes.com/ Name: _gd_session
Value: 3c84a46e-f86b-447a-888d-7c66d7783bdb
www.forbes.com/ Name: tg-refr
Value: https://www.forbes.com/forbes/welcome/?toURL=https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/&refURL=&referrer=#2cc4395b49af
.forbes.com/ Name: fps
Value: 284bae2453b491f7100af12d37331852597fa74f3a41
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.forbes.com/ Name: forbesbeta
Value: U
www.forbes.com/ Name: _gd_svisitor
Value: 3e184a17db4b00004fa77f592c0200000eaa0000
.forbes.com/ Name: toURL
Value: https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/
www.forbes.com/ Name: _ccmsi
Value: 1501538127527_qlf3swa13|1501538127527
.pubmatic.com/ Name: pi
Value: 156011:2
.doubleclick.net/ Name: DSID
Value: NO_DATA
.forbes.com/ Name: _gat_UA-5883199-3
Value: 1
.forbes.com/ Name: gig_hasGmid
Value: ver2
.pubmatic.com/ Name: SyncRTB2
Value: 1502668800%3A21_56_71%7C1504051200%3A46%7C1501718400%3A175
.amazon-adsystem.com/ Name: ad-id
Value: A6n4Yg48vEMTrPY5wQh77uo
.forbes.com/ Name: forbes_t
Value: %7B%22cd%22%3A0%7D
www.forbes.com/ Name: _ccmaid
Value: 5978151344084457489
.forbes.com/ Name: ___tg_vis_sec
Value: 12:1501538128811
.doubleclick.net/ Name: IDE
Value: AHWqTUna8k8g4uxa7lmKpKrXAzKUhG1oQYq5Msyw6f4QFBEMpxQNM0brTw
.forbes.com/ Name: ___tg-sr
Value:
.pubmatic.com/ Name: DPSync2
Value: 1501545600%3A174
.forbes.com/ Name: client_id
Value: a47ef1ec68c9b308df7b6dd5c4db98385e0
.forbes.com/ Name: dailyWelcomeCookie
Value: true
.forbes.com/ Name: _dc_gtm_UA-5883199-3
Value: 1
.exelator.com/ Name: hsk_465
Value: "gAAAAAQAAAB2KLUv%252FSB2sQMAiKRidWlk2gAkZWMwYTU5ODAtYTc0Zi00YTAwLWJiNzgtMzQ0YzI2ZGY0ZWNko2hza6QzODY0qGRlbGl2ZXJ5pDM4NjSjdmVyAqVibmFtZadTMjA0TU1EpXRzZWdzpzI0OTU5OTilYmNvZGXNAdGidHPKU67NUw%253D%253D"
.forbes.com/ Name: _gid
Value: GA1.2.1594651888.1501538127
.gigya.com/ Name: hasGmid
Value: ver2
.forbes.com/ Name: welcomeAd
Value: true
.gigya.com/ Name: ucid
Value: ZLRYjPT+jBTot6s549kQow==
.forbes.com/ Name: refURL
Value:
.ads.pubmatic.com/ Name: KCCH
Value: YES
.gigya.com/ Name: gmid
Value: HllTal4CDhkCtDBs9dHXl3CZ2tfXqJRqhUXgBKyOMpc=
.bluekai.com/ Name: bkdc
Value: phx
.bluekai.com/ Name: bku
Value: aGA99WI74N73Ay6I
.exelator.com/ Name: hsk_679
Value: "gAAAAAQAAAB2KLUv%252FSB2sQMAiKRidWlk2gAkZDQzNTBmNjAtYzMzZS00M2UwLWIzMzEtZDc1OWQ5NDMzNjAzo2hza6QzODY0qGRlbGl2ZXJ5pDM4NjSjdmVyAqVibmFtZadTMjA0VklEpXRzZWdzpzI0OTYwMTalYmNvZGXNAqeidHPKU67NUw%253D%253D"
www.forbes.com/ Name: _gd_visitor
Value: 668af2c8-f2fb-43fe-890d-3ca2604addb2
.exelator.com/ Name: EE
Value: "d743ef75c75c83729ce434056df09ded"
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.doubleclick.net/ Name: id
Value: 26564d65c18a1295||t=1501538127|et=730|cs=002213fd481b08f7158e0d937b
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 497FBB32-2D82-4334-AC7E-2E9435BEEFFA

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
ajax.googleapis.com
b.6sc.co
c.6sc.co
c.amazon-adsystem.com
cdn.krxd.net
cdn.trugaze.io
cdns.gigya.com
cdns.us1.gigya.com
connect.facebook.net
consent.truste.com
contextual.media.net
di.rlcdn.com
dt.adsafeprotected.com
fast.forbes.com
fonts.gstatic.com
forbes274355.s.moatpixel.com
geo.moatads.com
googleads.g.doubleclick.net
i.forbesimg.com
ib.adnxs.com
idsync.rlcdn.com
in.ml314.com
j.6sc.co
loadus.exelator.com
ml314.com
ortc-prd.realtime.co
pagead2.googlesyndication.com
pixel.adsafeprotected.com
ps.eyeota.net
sb.scorecardresearch.com
securepubads.g.doubleclick.net
services.trugaze.io
specials-images.forbesimg.com
stags.bluekai.com
stats.g.doubleclick.net
storage.trugaze.io
tags.bkrtx.com
tpc.googlesyndication.com
www.facebook.com
www.forbes.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
z.moatads.com
aax-eu.amazon-adsystem.com
cdns.us1.gigya.com
contextual.media.net
googleads.g.doubleclick.net
i.forbesimg.com
loadus.exelator.com
stags.bluekai.com
tpc.googlesyndication.com
104.108.39.228
151.101.112.175
151.101.114.49
172.217.22.66
216.52.1.12
23.2.12.111
2a00:1450:4001:818::200a
2a00:1450:4001:81c::2001
2a00:1450:4001:81c::2003
2a00:1450:4001:81c::2008
2a00:1450:4001:81c::200e
2a00:1450:4001:81f::2002
2a00:1450:400c:c07::9a
2a02:26f0:122:383::2599
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
34.192.124.194
34.193.42.132
34.228.133.251
34.252.181.159
35.157.25.10
37.252.172.40
46.137.176.237
52.1.87.23
52.45.125.165
52.55.152.154
52.72.213.138
52.72.82.87
52.85.90.245
52.94.220.16
54.240.190.202
54.247.70.96
54.77.168.55
63.240.4.60
69.172.216.111
69.172.216.55
92.123.93.241
92.123.93.93
92.123.94.11
95.101.248.193
08c3db13326cc7f8a0e867927158951a58ea62cbcbb59fbd1a321ecd0e9476dd
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
137b036766b728c1fe52068b8acae164a2b76d874f7aa98c223ab71a92e2de30
18c7cb7709c9f6323ec356f2cb85caec8dba0427a32a32ee1b8f00f6f77ae082
18e380982f9ebb3672b4e2f96d6a5fcc9ea36f529ae070f05d5909b4b24d4360
1901a66be3b00521891615303a345d5dadc83afe1b023a34168e1d89dbc58927
197d961b8da7c79c5a7ce36c0feb3efe0242d09e8334c86afa32c27bdec342f9
1cfc38a2af000f0397d230fd0c97da55780b01e47031403499cc4006cb234ddc
1d90a2a5e3f12ef0a54a4f38a886abfd62ee1149516c0220d7c46a8a6bd3c40b
2ccd728594ce65fa7e6651109e3bbd61877e548c4dab5480cafa6965f358a4e0
382731deee2a283f76ad227d3ae37793d9bcef59efd8cddeb7001816560e0dd6
39743156a20b9beb5aa2ea23729e86ce40f454555b2c04b551b4a9307f167d04
3a0eca3a86adbed6a303d04d4d12f7226d57e48205326f648691b74ad245d97f
3d5922da90dae58de529fc8d22b8dc011c995cec9a2c8b4f6e454b4dfcfb05f8
452aea7d7b1cb7fee8778fe3ab891667b9e5f690d9981798e1c6bfe65b1ffbeb
4586f8c72d2ebe6dcebec6cbfcd1fed639b55aab48fc9c12a8941dadcfef42f9
47bea5e928af8fa160bb46b0c1b4c3fa5d0d57b907000ca7524ec08d082220b1
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5149b11fdc6340c661c3d4e0076a38114a01c6db2e0426aabd8e72f705a3fe3b
5433ada1d85270c21223541b93f6d2018a5660a11dac81b6e0414f184d6d3192
57466b338d32a2c3c95ad9c936ea7036defdb9732ff8c5baee12f507cc22c66e
57eba179f8bef4ab3da3340a13a90a4621109a50beda6a76ed403b93529f26b5
5e6554db00cd6173d0a40c193021d34234213b944c73b0e9c2c3bb16854c4517
6529e3ebe9ddd22aa5104c449d6a592b8d1a7410de92c991f53c5152b03ec338
659cef9fb821f4bd99192992cafb6c76375dc0d88a2a0df96a78f939c0345672
66f52962d6a82d84ccb80efb25585f53b703328b6b610f7581fab9414fb99448
6d98cc2f559f280b7c4a985638bdc9caeaecf590f1543eae3057168f000ccb14
71abb14d1d5a8dc17b8031d882adffa45d2c593e406034d27245390bb1d6f5f5
765010cbfccaf06cb5b9166023a22b655a10b37075c91e276a5550c5ecd855ba
793e7056645c6f32df344eb04aea4a08ee864fe0ce28ad0d5bab468d9c3695b9
79ae73573caae2bf7602cdf4e207f39e0d0d68eb4730105f52b5a244c8a69445
79b9d309580a8b37ca190723d10260c79fc7301433f484cb30ee84a05b21bf2a
7cd918b658d6d462b9c32d3d6dae38df780521ab1cbcf9d8909ea9066fe2e091
7e7fa886d5d75c745d95be4fc3c5bfb4c988019b3f643c669734612345e1b8c8
7ee54c9882d7909a1cc40ed345ed32d8be07b1d68cf8e05b3783978eaddc8e13
80de64a5788341a0deba3bb87c5cafe83e725e8d5f04e4075bebf671f80b49d6
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8677971b119ccdb82af697ff0e08f218490d15116f221d44301f1cc8797e67d4
906516d5101573c0d587c32add4036c56e2b41b86538d8d7b8492b5f979cc34d
915bfe6b64bbfd604a79826f68e7a325bd8c6e1439f62991f483932fb542a10d
94d7377778bfac6dc5d49f47666d7b68be55bc791f93d1084179ef410f55d04b
94deb9fc3f415c10b1b8582d9a27b1ea34199284408633fab68b693bd9647eab
9933822abcd170e2c4c46a7c508e07d349fdd00ae90aa1d1701666ff3ee143a3
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a3b2ab8efad998b8c269254aba82dd1be2e231a5c1ccfeee7bbd8f787b299cc5
a6ee34ce658ceedf26c26d8226801b33ec24eefb911a65e250e66caa620b5b01
a8969aa1089d56790c77e5319a10b3733793c8bdbf287aafa325dc077124225a
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2d5f189cd0571282c007f0e2a14fa1eaed895bc8482d50c739aa489939566fd
b399e0631bb16bf6fb1f596c1c16158f3a31e43409d8d2d39fb8f1a8d981885f
b3effd9a7afe82f5494b2cd5e81a3d33662e1bfbbca1a725e140f4399f660c91
b7dabd20765131c1ca28adbadf6b02ef57d85a83b9df543e3f204d94af6e5d11
bfa6e029d95cdcb3cfc37afd5e7446e6573cd3afecea3fc500e9db380e13d2bc
c020e1eeee6c359e461b13c8086993453e2dd5a80fdb9bcba67a0ffcc6d76cb0
cb4530ef16f7615dbce71db26d742e5ec0b2ab84028eef8c623511acb221cf72
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912
da6e6a49692c69be9e9fdc9697bee6e8347375f996b626a60a53f81bf62d4fc8
da967e117461fde7a45dcbb8b229d19e91199a56ecbfd27f8888cc3bcf875721
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e006a7418eb50e8acdcbc17a33ac8ee28766f5c13d8e2cda635aa1f1f86497b4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e22a8feb75873abc54105cb256d33d22b1fb1398ee6733a75296c240e5fb5d
e82b20a481802b7c6345bbcbe728c62d1ba16d33fdc0667a44a567c5ca96209d
ea04c5a359f2f391957c1959b8db44c0f79280de9869c0fbc902c166b58f57d2
eb3432c8fa1afb399953f89d69e4274ea6246d218c9e2b45b20cf6507f3d935e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6de9ced41ed54dbfc4f51abfeb65d843bd8dd33a45cbb773ecf5f92d065dd52
f8970601b5e5f51be858da1175af3989e6d9c6a5fbea5a33bea7416bb46f136e
f944b60f5b47d17004d2d333e088f80b77c3e074a9a7d5ed4eb2edd07b04b599