www.infosecurity-magazine.com Open in urlscan Pro
13.225.223.98 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/
Submission: On July 21 via manual (July 21st 2023, 3:53:46 pm UTC) from CA — Scanned from CA

Summary HTTP 96 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 33 IPs in 2 countries across 26 domains to perform 96 HTTP transactions. The main IP is 13.225.223.98, located in United States and belongs to AMAZON-02, US. The main domain is www.infosecurity-magazine.com. The Cisco Umbrella rank of the primary domain is 381975.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on August 16th 2022. Valid for: a year.

This is the only time www.infosecurity-magazine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	13.225.223.98 13.225.223.98	16509 (AMAZON-02) (AMAZON-02)
9	2607:f8b0:400... 2607:f8b0:4006:816::2002	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
4	2600:1400:900... 2600:1400:9000::687e:74b2	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:141b:13:... 2600:141b:13::17d7:8268	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2607:f8b0:400... 2607:f8b0:4006:81f::2008	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:809::200e	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:809::2001	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6812:aa72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
1	146.75.36.157 146.75.36.157	54113 (FASTLY) (FASTLY)
2 7	34.111.234.236 34.111.234.236	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
10	2607:f8b0:400... 2607:f8b0:4006:816::2001	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:80e::2002	15169 (GOOGLE) (GOOGLE)
1	35.169.197.194 35.169.197.194	14618 (AMAZON-AES) (AMAZON-AES)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	2607:f8b0:400... 2607:f8b0:4006:807::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c08::9c	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80d::2003	15169 (GOOGLE) (GOOGLE)
1 2	54.197.170.208 54.197.170.208	14618 (AMAZON-AES) (AMAZON-AES)
2 2	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
2 2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2 2	44.205.30.65 44.205.30.65	14618 (AMAZON-AES) (AMAZON-AES)
2 3	52.55.144.0 52.55.144.0	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6812:1d26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	142.250.65.166 142.250.65.166	15169 (GOOGLE) (GOOGLE)
11	2607:f8b0:400... 2607:f8b0:4006:821::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.65.194 142.250.65.194	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:817::2006	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81c::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:823::2004	15169 (GOOGLE) (GOOGLE)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1	185.221.85.3 185.221.85.3	206998 (NEW-2) (NEW-2)
96	33

10 13.225.223.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-98.jfk51.r.cloudfront.net

www.infosecurity-magazine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.infosecurity-magazine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:816::2002 (Stony Point, United States)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1400:9000::687e:74b2 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:13::17d7:8268 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81f::2008 (Stony Point, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::200e (Stony Point, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:809::2001 (Stony Point, United States)

ASN15169 (GOOGLE, US)

02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:aa72 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.36.157 (Reston, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.111.234.236 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.234.111.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4006:816::2001 (Stony Point, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:80e::2002 (Stony Point, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.169.197.194 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-169-197-194.compute-1.amazonaws.com

in.ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:807::200e (Stony Point, United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c08::9c (Ashburn, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80d::2003 (Stony Point, United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.197.170.208 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-170-208.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.60.146 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.205.30.65 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-205-30-65.compute-1.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.55.144.0 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-55-144-0.compute-1.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1d26 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.65.166 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4006:821::2002 (Stony Point, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.65.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::2006 (Stony Point, United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::2002 (Stony Point, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:823::2004 (Stony Point, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.221.85.3 (Ireland)

ASN206998 (NEW-2, IE)

bam.eu01.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	googlesyndication.com 02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 153 pagead2.googlesyndication.com — Cisco Umbrella Rank: 134	227 KB
14	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 208 stats.g.doubleclick.net — Cisco Umbrella Rank: 120 ad.doubleclick.net — Cisco Umbrella Rank: 184 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 354 googleads.g.doubleclick.net — Cisco Umbrella Rank: 56	201 KB
10	infosecurity-magazine.com www.infosecurity-magazine.com — Cisco Umbrella Rank: 381975 assets.infosecurity-magazine.com — Cisco Umbrella Rank: 675264	640 KB
9	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 363	196 KB
8	ml314.com 2 redirects ml314.com — Cisco Umbrella Rank: 1821 in.ml314.com — Cisco Umbrella Rank: 9848	13 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 207	196 KB
5	typekit.net use.typekit.net — Cisco Umbrella Rank: 569 p.typekit.net — Cisco Umbrella Rank: 693	93 KB
3	eyeota.net 2 redirects ps.eyeota.net — Cisco Umbrella Rank: 1140	2 KB
3	google.com analytics.google.com — Cisco Umbrella Rank: 186 www.google.com — Cisco Umbrella Rank: 3	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 73	231 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	244 B
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 928	864 B
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 384	947 B
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 428	836 B
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 211	2 KB
2	google.ca www.google.ca — Cisco Umbrella Rank: 8403	562 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 166	156 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 378	40 KB
1	nr-data.net bam.eu01.nr-data.net — Cisco Umbrella Rank: 8401	651 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 504	19 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 317	5 MB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 624	295 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 678	394 B
1	t.co t.co — Cisco Umbrella Rank: 518	377 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 711	15 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 59	21 KB
96	26

	Domain	Requested by
11	pagead2.googlesyndication.com	ad.doubleclick.net tpc.googlesyndication.com www.infosecurity-magazine.com www.googletagservices.com
10	tpc.googlesyndication.com	securepubads.g.doubleclick.net 02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com ad.doubleclick.net tpc.googlesyndication.com www.infosecurity-magazine.com
9	cdn.cookielaw.org	www.infosecurity-magazine.com
9	securepubads.g.doubleclick.net	www.infosecurity-magazine.com www.googletagservices.com 02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com
8	www.infosecurity-magazine.com	www.infosecurity-magazine.com
7	ml314.com	2 redirects www.infosecurity-magazine.com
5	www.googletagservices.com	securepubads.g.doubleclick.net 02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com www.googletagservices.com
4	use.typekit.net	www.infosecurity-magazine.com use.typekit.net
3	ps.eyeota.net	2 redirects www.infosecurity-magazine.com
3	www.googletagmanager.com	www.infosecurity-magazine.com
2	www.google.com	www.infosecurity-magazine.com
2	googleads4.g.doubleclick.net	ad.doubleclick.net
2	www.facebook.com	www.infosecurity-magazine.com
2	sync.crwdcntrl.net	2 redirects
2	match.adsrvr.org	2 redirects
2	idsync.rlcdn.com	2 redirects
2	dpm.demdex.net	1 redirects www.infosecurity-magazine.com
2	www.google.ca	www.infosecurity-magazine.com
2	connect.facebook.net	www.infosecurity-magazine.com
2	02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com	www.infosecurity-magazine.com
2	assets.infosecurity-magazine.com	www.infosecurity-magazine.com
2	cdn.jsdelivr.net	www.infosecurity-magazine.com
1	bam.eu01.nr-data.net	www.infosecurity-magazine.com
1	js-agent.newrelic.com	www.infosecurity-magazine.com
1	googleads.g.doubleclick.net	www.infosecurity-magazine.com
1	s0.2mdn.net	02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com
1	ad.doubleclick.net	www.googletagservices.com
1	geolocation.onetrust.com	www.infosecurity-magazine.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	analytics.twitter.com	www.infosecurity-magazine.com
1	t.co	www.infosecurity-magazine.com
1	in.ml314.com	www.infosecurity-magazine.com
1	static.ads-twitter.com	www.infosecurity-magazine.com
1	www.google-analytics.com	www.infosecurity-magazine.com
1	p.typekit.net	use.typekit.net
96	36

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
asec.ahnlab.com
netenrich.com
www.coalfire.com
salt.security
www.linkedin.com
privacy.reedexpo.com
privacy.rxglobal.com
support.google.com
www.onetrust.com

Subject Issuer	Validity	Valid
*.infosecurity-magazine.com GlobalSign RSA OV SSL CA 2018	`2022-08-16` - `2023-09-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-29` - `2023-07-28`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
ml314.com GTS CA 1D4	`2023-06-07` - `2023-09-05`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.ml314.com Amazon RSA 2048 M02	`2023-02-27` - `2023-12-14`	10 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2023-02-01` - `2024-02-01`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-31` - `2024-01-30`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-03` - `2023-09-25`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
*.eu01.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/
Frame ID: 33244DB2225C2AC6F690A230F70467AE
Requests: 59 HTTP requests in this frame

Frame: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4A3B5DF9B9886F77BC288070C3B18F2F
Requests: 1 HTTP requests in this frame

Frame: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 980425F5B5D26F57F1248E376CB64961
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvehhuuepHyq1-Hdy01SyVT43Rf2PTeVC6cWqJAkGeeyfGaL-M95FaL61t2ZB_CTwXit4eO7jUW--ZopjO-mcnOdko4NdkNU2UGegjpI2GXMAd6e_KTVtfv0ErhWiyIa3PwXCqRhlSfu3pqtkbA8hlYq-EiFxnnQIFRI4K82gswEHj4UCgsVqVGL6thUbVgnWpIPPiF6BcwYb6MTbmy5zo9lRw3fiX2Mrl1t313veikkC-hWMGThMFOfvv5Ncbkgg92MNkxJ3CcXnJBxPglCmpyOL2xK5-owicTlfmgzLbIAjb043xaLe3fLap8tanO0_D5aHk3OsVKLc05dPAduSzTsFEzOpW-QIhMIvXymMWbwfwKYSzpXD2ntT_YVSTfUTS9_ClTcTPsZlHrurmlH5cH&sai=AMfl-YQE9MH71TTodx02-dDELf9HyAF_Li3JXGLS6dQz3FH2QRu0wOw_-URLHOkCbWhM06czczjCg4p5ujkWfMBFVAskQp2R4Ssvv8xD9CQTHCAzpemNpBjxuJiNkBGTl7ZS1uEeiQMpWDU4xSrtksl8&sig=Cg0ArKJSzN7R3zojajPwEAE&uach_m=[UACH]&adurl=
Frame ID: D6461A5E19D8C891DCE21D3D1045E376
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvTSt0nQYTiL1bPA2ypsCUZJezaIX3RtT5TpOci9qxAj3K0uQdUk7_r2w0gqX9AdNTdGwreFB-7IzJHGGJaJCjFmI8Sk7S3SR5j9RwvIhaQ2GQ6hULK1v-zYGa6IijY_85jGHyWzRkd1b-5p79_sqaG9O2Qf8yx1od8QdMOy1lp_oTg0Y1D4CNBE5qvQTrgQHdTBwyy3c8DFTQjLqtOj5nOaHksIVK3lLgs7hKJIqYJ6AIDJiVn0PfgCJS2l9axguMHuzy3OLTxwurvDSy8cbXE6CVmFtTIvlOw1-y44x684_keYNRTKrIiNXqTD7Y8_ARqXWxI2-XuCHiBinF1i9k-1ge25KtAgVdhObMWef4HC-OeGq2mpeYmtzv1_6diGJjAHxkhI6YyU7UD0qlQISEK&sai=AMfl-YRzPR5paCq8lxph69PzwZ6KW9cyirfOSJd10gC_FJO64ysJ6KEY2IzgaI1OXtVd5u2AcQWUe-9Roqeh0cKd2c5TuUuHWtQRowP6o4op3b0xSle_Usv13H3gT-5YmCSzJ6MkW3FIxPErQAWyFmSC&sig=Cg0ArKJSzHZsQ-JGNpjgEAE&uach_m=[UACH]&adurl=
Frame ID: 569F001C088E9855890FEFE31DE01083
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F5668A4AD042E14AAA489F4AA3C48048
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: CED52D0EF5F36B42933606CE7246AB7E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E9BAA8EFA46D29C5F8A7FBBD0CA576BC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: ACC67D6C62E8207D76947167E8BCCDDA
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

RedEyes Group Targets Individuals with Wiretapping Malware - Infosecurity Magazine Back ButtonSearch IconFilter Icon

Detected technologies

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

96
Requests

95 %
HTTPS

57 %
IPv6

26
Domains

36
Subdomains

33
IPs

2
Countries

6854 kB
Transfer

9500 kB
Size

27
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: http://twitter.com/a_mascellino
Title: Follow @a_mascellino

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3a%2f%2fwww.infosecurity-magazine.com%2fnews%2fredeyes-group-targets-individuals%2f

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3a%2f%2fwww.infosecurity-magazine.com%2fnews%2fredeyes-group-targets-individuals%2f

Search URL Search Domain Scan URL

URL: https://asec.ahnlab.com/en/
Title: ASEC

Search URL Search Domain Scan URL

URL: https://asec.ahnlab.com/en/54349/
Title: advisory

Search URL Search Domain Scan URL

URL: https://netenrich.com/
Title: Netenrich

Search URL Search Domain Scan URL

URL: https://www.coalfire.com/
Title: Coalfire

Search URL Search Domain Scan URL

URL: https://salt.security/
Title: Salt Security

Search URL Search Domain Scan URL

URL: https://www.facebook.com/pages/Infosecurity-Magazine/210560332330063

Search URL Search Domain Scan URL

URL: https://twitter.com/InfosecurityMag

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/groups?gid=2035794&trk=myg_ugrp_ovr

Search URL Search Domain Scan URL

URL: https://privacy.reedexpo.com/en-gb.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://privacy.reedexpo.com/en-gb/cookie-policy.html
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://privacy.rxglobal.com/en-gb/cookie-policy.html
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://support.google.com/admanager/answer/9012903
Title: Google Ad-Tech Vendors

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3637243632966697019&redir= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3637243632966697019&redir=

Request Chain 51

https://idsync.rlcdn.com/395886.gif?partner_uid=3637243632966697019 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYzNzI0MzYzMjk2NjY5NzAxORAAGg0Ig9TqpQYSBQjoBxAAQgBKAA HTTP 307
https://ml314.com/csync.ashx?fp=7d3a8a7dd04fc0301ca6796c9281ed911d39110653cd5e2b2b9ff382445b1b31f4cb09cee1a4f8eb&person_id=3637243632966697019&eid=50082

Request Chain 52

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=4b91b962-f38e-4965-b9e0-81f7aa61df25&gdpr=0&gdpr_consent=

Request Chain 53

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3637243632966697019 HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3637243632966697019 HTTP 302
https://ml314.com/csync.ashx?fp=bd870631057b36b20d7a306355c8706&eid=50146&person_id=3637243632966697019

Request Chain 54

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2MddJ4SBNw9AwqcougPfJ9u4aKhG-hO7nG7kJaVX_oKQ&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_pid%3Dr8hrb20 HTTP 302
https://ml314.com/csync.ashx?fp=2MddJ4SBNw9AwqcougPfJ9u4aKhG-hO7nG7kJaVX_oKQ&person_id=3637243632966697019&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil%26referrer_pid%3dr8hrb20 HTTP 302
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20

96 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/ 98 KB
25 KB 12187ms
12074ms Document
text/html 13.225.223.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-98.jfk51.r.cloudfront.net

Software

RX /

Resource Hash

8fd8835269fa6db5ead59e4bf8338fcdb2e3b0fb63292e7c929ec811ee253c98

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: *
cache-control: public, proxy-revalidate, max-age=300
content-encoding: br
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
content-type: text/html; charset=utf-8
date: Fri, 21 Jul 2023 15:53:38 GMT
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
last-modified: Wed, 19 Jul 2023 02:30:40 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
referrer-policy: strict-origin
server: RX
vary: Accept-Encoding
via: 1.1 4a8de0adddd15d5e8cadba8208771b58.cloudfront.net (CloudFront)
x-amz-cf-id: cvJgY0Es19K0CUFWnL9sfhkmOITx01_1LSQ4g7DRZTup-FLotYqe4w==
x-amz-cf-pop: JFK51-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=Edge
x-xss-protection: 1; mode=block

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 177ms
54ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e6adda2557ae402f3052c30b47fbe9e71a96c1c8ff9210688f1fa32d57f5a517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27597
x-xss-protection: 0
server: cafe
etag: 576 / 19559 / m202307170101 / config-hash: 10694143249426906702
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 21 Jul 2023 15:53:38 GMT

GET
H2 200 jquery.min.js Show response
cdn.jsdelivr.net/npm/jquery@3.7.0/dist/ 85 KB
32 KB 93ms
11ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery@3.7.0/dist/jquery.min.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 21 Jul 2023 15:53:38 GMT
x-content-type-options: nosniff
content-encoding: br
age: 3061991
x-jsd-version: 3.7.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 32087
x-served-by: cache-fra-eddf8230028-FRA, cache-yul12825-YUL
x-jsd-version-type: version
etag: W/"155a6-Wp7qw02G6S5WYOD0+HIE8e0Mj/Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 underscore-min.min.js Show response
cdn.jsdelivr.net/npm/underscore@1.13.6/ 19 KB
8 KB 98ms
16ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/underscore@1.13.6/underscore-min.min.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bb20d24b99fd1eae4fd77c1e833ce0a4536189961ceb1114fd272ca31e8ebd82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 21 Jul 2023 15:53:38 GMT
x-content-type-options: nosniff
content-encoding: br
age: 1518026
x-jsd-version: 1.13.6
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 8075
x-served-by: cache-fra-eddf8230089-FRA, cache-yul12825-YUL
x-jsd-version-type: version
etag: W/"4d5b-1Barardb3Bq5uc0bP3wXZk8NDAQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 phq8nwg.css
use.typekit.net/ 11 KB
1 KB 260ms
21ms Stylesheet
text/css 2600:1400:9000::687e:74b2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/phq8nwg.css

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1400:9000::687e:74b2 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

f7fbb92e03e044b3065bcf2c8e6ee284b8b8c0625c7ce7f33785bdda23a46606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Fri, 21 Jul 2023 15:53:39 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1296

GET
H2 200 base.css
www.infosecurity-magazine.com/_common/css/23062601/ 86 KB
12 KB 24ms
22ms Stylesheet
text/css 13.225.223.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/_common/css/23062601/base.css?v=23062601

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-98.jfk51.r.cloudfront.net

Software

RX /

Resource Hash

f247341fb469b888a762cfe66b04e7c1397d1c25744988c8e509a0832479bf57

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 10:30:38 GMT
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options: nosniff
content-encoding: br
via: 1.1 4a8de0adddd15d5e8cadba8208771b58.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 19380
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin
last-modified: Wed, 28 Jun 2023 15:36:08 GMT
server: RX
etag: W/"e74d8842d6a9d91:0"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: text/css
vary: Accept-Encoding
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers: Content-Type
x-amz-cf-id: 7Wb2F7UWISmIKqkL7XJ_tqQvq3lKUSvSHcQsqKUI2luU95w3SuLdVg==

GET
H2 200 base.min.css
www.infosecurity-magazine.com/_common/css/23062601/ 65 KB
10 KB 26ms
24ms Stylesheet
text/css 13.225.223.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/_common/css/23062601/base.min.css?v=23062601

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-98.jfk51.r.cloudfront.net

Software

RX /

Resource Hash

92b8f658f04b2a33f95e91a16ef52e0d7873e147db061dc68fc4faa55cde9856

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 10:30:38 GMT
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options: nosniff
content-encoding: br
via: 1.1 4a8de0adddd15d5e8cadba8208771b58.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 19380
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin
last-modified: Wed, 28 Jun 2023 15:36:08 GMT
server: RX
etag: W/"e8438a42d6a9d91:0"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: text/css
vary: Accept-Encoding
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers: Content-Type
x-amz-cf-id: aJRw4kF130OyKy_s_cBrCX3YyZ74mbpCpElSstPFeiH6ZXnqNaM9wA==

GET
H2 200 article.min.css
www.infosecurity-magazine.com/_common/css/23062601/ 5 KB
3 KB 24ms
23ms Stylesheet
text/css 13.225.223.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/_common/css/23062601/article.min.css?v=23062601

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-98.jfk51.r.cloudfront.net

Software

RX /

Resource Hash

778f93243401b2fd6663834b51f4d3f32012d6ee11f40f6169af721331bd1682

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 10:30:47 GMT
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options: nosniff
content-encoding: br
via: 1.1 4a8de0adddd15d5e8cadba8208771b58.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 19371
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin
last-modified: Wed, 28 Jun 2023 15:36:09 GMT
server: RX
etag: W/"c165ce42d6a9d91:0"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: text/css
vary: Accept-Encoding
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers: Content-Type
x-amz-cf-id: AdDnDETBF2sQxEV05qpOIzmmpjaLjLtJB4Wzn_yTst9qI-Nut0Wd6A==

GET
H2 200 ism.js Show response
www.infosecurity-magazine.com/_common/js/23062601/ 10 KB
4 KB 27ms
27ms Script
application/javascript 13.225.223.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/_common/js/23062601/ism.js?v=23062601

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-98.jfk51.r.cloudfront.net

Software

RX /

Resource Hash

0f8b805bc586ed61e2124b73fb8ea7951bb654063a39165c9cca36deb13157a9

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 10:30:39 GMT
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options: nosniff
content-encoding: br
via: 1.1 4a8de0adddd15d5e8cadba8208771b58.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 19379
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin
last-modified: Wed, 28 Jun 2023 15:45:20 GMT
server: RX
etag: W/"e9f0268bd7a9d91:0"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: application/javascript
vary: Accept-Encoding
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers: Content-Type
x-amz-cf-id: I9ygAP_2p8dJGGpNcFYBej9QvhkwGyiYK4Tle_Y_7grr2oo0V-HnFQ==

GET
H2 200 ism.whatshot.es5.min.js Show response
www.infosecurity-magazine.com/_common/js/23062601/ism/ 851 B
2 KB 20ms
20ms Script
application/javascript 13.225.223.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/_common/js/23062601/ism/ism.whatshot.es5.min.js?v=23062601

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-98.jfk51.r.cloudfront.net

Software

RX /

Resource Hash

ecde3c0d9f4721fd5bc3989d1e6103966b836786849f65ead031a1c758687ef0

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
date: Fri, 21 Jul 2023 10:35:35 GMT
x-content-type-options: nosniff
via: 1.1 4a8de0adddd15d5e8cadba8208771b58.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
age: 19084
x-cache: Hit from cloudfront
content-length: 851
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin
last-modified: Wed, 28 Jun 2023 15:36:18 GMT
server: RX
etag: "cd781048d6a9d91:0"
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: application/javascript
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
accept-ranges: bytes
access-control-allow-headers: Content-Type
x-amz-cf-id: qF7Wg324FD2_i3tqE1lA8t27D4Vp9kh9a6mGOiRbJiVPSaLRWU_SMQ==

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 179ms
19ms Stylesheet
text/css 2600:141b:13::17d7:8268
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=phq8nwg&ht=tk&f=15982.15984.37450.16353.37464.37466.37515.37516.37517.37518.37519.37520.51838.51839.51840.51841&a=6157095&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/phq8nwg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:8268 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
last-modified: Fri, 14 Jul 2023 12:54:09 GMT
server: nginx
etag: "64b14571-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 207 KB
73 KB 110ms
61ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MJ69SWF

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3c476ce45fb2a5d95295fb703db3bc77254d01679c3ca1ce11a00aaa588e841a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74033
x-xss-protection: 0
last-modified: Fri, 21 Jul 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 21 Jul 2023 15:53:39 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 69ms
21ms Script
text/javascript 2607:f8b0:4006:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::200e Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 21 Jul 2023 13:56:36 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 7023
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 21 Jul 2023 15:56:36 GMT

GET
H2 200 0b2769e1-0886-4559-9bce-12176902a20a.png
assets.infosecurity-magazine.com/webpage/feat/ 577 KB
578 KB 344ms
295ms Image
image/png 13.225.223.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.infosecurity-magazine.com/webpage/feat/0b2769e1-0886-4559-9bce-12176902a20a.png

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-98.jfk51.r.cloudfront.net

Software

RX /

Resource Hash

3c17d51edb43efcbf42eacd86a144604080cd0f4f7d12aa5ca1404b0dc382804

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 4a8de0adddd15d5e8cadba8208771b58.cloudfront.net (CloudFront)
server: RX
x-amz-cf-pop: JFK51-C1
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/png
cache-control: private, max-age=2764800
x-amz-cf-id: qvcgD5R7Z5UYxbL2Ow2Nd8-SRFz9Z627eV6cnx0qz6xj1J6Ld-ODAA==
content-length: 590668
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge

GET
H2 200 l
use.typekit.net/af/73dbad/00000000000000007735a197/30/ 24 KB
24 KB 77ms
18ms Font
application/font-woff2 2600:1400:9000::687e:74b2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/73dbad/00000000000000007735a197/30/l?subset_id=2&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/phq8nwg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:9000::687e:74b2 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 4ca1e0e518aaf5d78abd4fc78268ac642cb679dbb56a905d2c57a296566a0bba

Request headers

Referer: https://use.typekit.net/phq8nwg.css
Origin: https://www.infosecurity-magazine.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
server: nginx
etag: "550ca47a88a465c010c13a8c017f04a91a75a9a4"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 24168

GET
H2 200 l
use.typekit.net/af/32b0e4/00000000000000007735a185/30/ 44 KB
45 KB 81ms
22ms Font
application/font-woff2 2600:1400:9000::687e:74b2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/32b0e4/00000000000000007735a185/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/phq8nwg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:9000::687e:74b2 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 4f8059cfd6739160b9073e937833a58c728a9791b380f27fcf2d047d76951155

Request headers

Referer: https://use.typekit.net/phq8nwg.css
Origin: https://www.infosecurity-magazine.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
server: nginx
etag: "dead750a1d4bc579636464295fb9e45aa84c4884"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 45468

GET
H2 200 l
use.typekit.net/af/2180b4/00000000000000007735a193/30/ 23 KB
23 KB 76ms
18ms Font
application/font-woff2 2600:1400:9000::687e:74b2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/2180b4/00000000000000007735a193/30/l?subset_id=2&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/phq8nwg.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:9000::687e:74b2 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: a45a4393f8b7ac978e32ac46f58dad43eb83811a4b3d9f7b79cac1f864edd662

Request headers

Referer: https://use.typekit.net/phq8nwg.css
Origin: https://www.infosecurity-magazine.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
server: nginx
etag: "d42a9fe146eae2c4c65475dbd44806c5aed58d8b"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 23312

GET
H2 200 605bfdcb-abca-4e31-9902-3a3d746228ce.png
assets.infosecurity-magazine.com/s3/infosec-media/images/profile/ 2 KB
2 KB 47ms
20ms Image
image/webp 13.225.223.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.infosecurity-magazine.com/s3/infosec-media/images/profile/605bfdcb-abca-4e31-9902-3a3d746228ce.png?width=64&height=64&mode=crop&scale=both&format=webp

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-98.jfk51.r.cloudfront.net

Software

RX /

Resource Hash

07ac84596d158248a60c2f747f609a508e6e2f1980a23f0608caee79a30291b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 12:05:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 4a8de0adddd15d5e8cadba8208771b58.cloudfront.net (CloudFront)
x-aspnet-version: 4.0.30319
x-amz-cf-pop: JFK51-C1
age: 13714
x-cache: Hit from cloudfront
content-length: 1686
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
server: RX
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: public
x-amz-cf-id: BHPABrriirv2kUEOFOp79g9W93ispEZeG0Z3N0nEQ0QcguNl7GS5DQ==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307170101/ 385 KB
122 KB 19ms
19ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307170101/pubads_impl.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1779a49bc11620c55dd5424776fa1e5c44b5cdb705163555ef05afc54e9cde89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 10:56:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17847
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 125056
x-xss-protection: 0
server: cafe
etag: 10096237036492005269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 20 Jul 2024 10:56:12 GMT

GET
H2 200 / Show response
www.infosecurity-magazine.com/account-buttons/ 240 B
2 KB 103ms
101ms XHR
application/json 13.225.223.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/account-buttons/?time=1689954819347

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-98.jfk51.r.cloudfront.net

Software

RX /

Resource Hash

4e916eb59cd64cce6fc41e3355180f0284ae0edc2602686431e90f2e7f082652

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: Vg8GV1ZVCxACUFBSAgMEV1c=
tracestate: 2916063@nr=0-1-2916063-322535572-c36ca69f3744aad3----1689954819350
traceparent: 00-4043220e61de85f35db96096514fea10-c36ca69f3744aad3-01
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MTYwNjMiLCJhcCI6IjMyMjUzNTU3MiIsImlkIjoiYzM2Y2E2OWYzNzQ0YWFkMyIsInRyIjoiNDA0MzIyMGU2MWRlODVmMzVkYjk2MDk2NTE0ZmVhMTAiLCJ0aSI6MTY4OTk1NDgxOTM1MH19
Accept: */*
Referer: https://www.infosecurity-magazine.com/
X-Requested-With: XMLHttpRequest

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options: nosniff
via: 1.1 4a8de0adddd15d5e8cadba8208771b58.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
x-cache: Miss from cloudfront
content-length: 240
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
pragma: no-cache
referrer-policy: strict-origin
server: RX
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers: Content-Type
x-amz-cf-id: OpRn07ZkHP_A63G2GHF_V3xKBuu6JA_EJ0VJZ3kf9O4Sa2fmwAIWHQ==
expires: -1

GET
H2 200 / Show response
www.infosecurity-magazine.com/nav/mobile/ 4 KB
2 KB 21ms
20ms XHR
text/html 13.225.223.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.infosecurity-magazine.com/nav/mobile/

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.223.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-223-98.jfk51.r.cloudfront.net

Software

RX /

Resource Hash

53fc4495c7705b2373e2b73ec881c82dffb40cfbd744d8e5bd8ba7f5a018575b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: Vg8GV1ZVCxACUFBSAgMEV1c=
tracestate: 2916063@nr=0-1-2916063-322535572-2673aa0b4134d703----1689954819352
traceparent: 00-267e36acd288869c6a3768d47486e71b-2673aa0b4134d703-01
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MTYwNjMiLCJhcCI6IjMyMjUzNTU3MiIsImlkIjoiMjY3M2FhMGI0MTM0ZDcwMyIsInRyIjoiMjY3ZTM2YWNkMjg4ODY5YzZhMzc2OGQ0NzQ4NmU3MWIiLCJ0aSI6MTY4OTk1NDgxOTM1Mn19
Accept: */*
Referer: https://www.infosecurity-magazine.com/
X-Requested-With: XMLHttpRequest

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
content-security-policy: default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
x-content-type-options: nosniff
content-encoding: br
via: 1.1 4a8de0adddd15d5e8cadba8208771b58.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK51-C1
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
referrer-policy: strict-origin
server: RX
x-frame-options: SAMEORIGIN
access-control-allow-methods: *
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: private
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'self'; encrypted-media: 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'self'; gamepad 'none'; geolocation 'none'; layout-animations 'self'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'self'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'self'; usb 'none'; web-share 'self'; xr-spatial-tracking 'none'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=()
access-control-allow-headers: Content-Type
x-amz-cf-id: M9PM44f_jYT4RvCXySp5OOs0CAbZZSssj0okATEapeRj7tExUcrR1g==

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 104 KB
19 KB 94ms
94ms XHR
text/plain 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=29451900080027&correlator=2636009043351895&output=ldjh&gdfp_req=1&vrg=202307170101&ptt=17&impl=fifs&iu_parts=1165%2Crx_infosecurity_magazine%2Cnews%2Credeyes-group-targets-individuals&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3&prev_iu_szs=728x90%2C300x250%2C728x90&ifi=1&adks=4255692466%2C3468452233%2C1534223668&sfv=1-0-40&cust_params=topics%3DCybercrime%252CData%2520Protection%252CDigital%2520Forensics%252CHuman%2520Factor%252CInternet%2520Security%252CMalware%252CAdvanced%2520Persistent%2520Threats%252CPhishing%252CThreat%2520Intelligence%252CData%2520Breaches%252CIT%2520Forensics%252CSocial%2520Engineering%252CEmail%2520Security%252CThreats%252C%2520Exploits%2520and%2520Vulnerabilities&sc=1&cookie_enabled=1&abxe=1&dt=1689954819483&lmt=1689733840&dlt=1689954818833&idt=594&adxs=436%2C1046%2C436&adys=8%2C762%2C1142&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fredeyes-group-targets-individuals%2F&frm=20&vis=1&psz=1600x50%7C364x331%7C1600x50&msz=728x50%7C300x250%7C728x50&fws=0%2C0%2C512&ohw=0%2C0%2C0&ga_vid=1042752502.1689954819&ga_sid=1689954819&ga_hid=973320449&ga_fc=true

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

049d2a877b140620469a54ebe23fcc71fd869d7bd030d221f51025ec0d3e669c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19797
x-xss-protection: 0
google-lineitem-id: 6347860246,6348650865,6348650865
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138440332000,138440253528,138440945392
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.infosecurity-magazine.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4A3B 6 KB
3 KB 101ms
34ms Document
text/html 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.infosecurity-magazine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 21 Jul 2023 15:53:39 GMT
expires: Sat, 20 Jul 2024 15:53:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 54ms
29ms Script
application/javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b836876c6014c346a749c23f680845562679daf29c640c99a3d92797a6244b4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 21 Jul 2023 15:53:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: DflSFdkyRucOaDW0H1U81w==
age: 893
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6821
x-ms-lease-status: unlocked
last-modified: Thu, 20 Jul 2023 19:31:36 GMT
server: cloudflare
etag: 0x8DB8957EED518A9
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 7269ee70-201e-0068-4a43-bb86b7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ea49e364ca94bd6-YUL

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 171 KB
47 KB 56ms
19ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e237cfb5b51efd58bf08a6d1cf3f4e49c2ce2e595ef16c2060aa6cb4d966fb3a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 21 Jul 2023 15:53:39 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 46990
x-xss-protection: 0
pragma: public
x-fb-debug: 9+8iWA9fX6ilRXQUb7JZSGcy27X48s4kr4/JO0hVENbOOuyh5bFE1y8IZX51rIIkwSsY0P2bjCQ2RyT2WI8DOg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 oct.js Show response
static.ads-twitter.com/ 56 KB
15 KB 122ms
24ms Script
application/javascript 146.75.36.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/oct.js
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.36.157 Reston, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 15:55:14 GMT
x-amz-server-side-encryption: AES256
etag: "32ad004436155ec972bc50e6238b5b67+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kcgs7200134-IAD

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 260 KB
87 KB 62ms
62ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8VSXE5KKGM&l=dataLayer&cx=c

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bad0b8e8b83e58f5450f0149fbcfd67a669d12d70a4153bed242b17eef209eef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89125
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 21 Jul 2023 15:53:39 GMT

GET
H2 200 tag.aspx Show response
ml314.com/ 31 KB
11 KB 44ms
12ms Script
application/javascript 34.111.234.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?2162023
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 23f95a90d6e6ba09a92bd4eae99823b0a6b0137a9abe10e3c050c062fb15efe4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:37:32 GMT
content-encoding: br
age: 967
x-guploader-uploadid: ADPycdsgm9kpPiRKf4JpfW5QdOCN74IXQm5EEcmBdYzBJe50CC6nFVXO35dqSKvwLJDB0a6CaKA41HYxA4FOCVw3GMCa
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10525
last-modified: Mon, 10 Apr 2023 17:13:24 GMT
server: UploadServer
etag: W/"b0965f051977c0dd95ffe2c736cac352"
vary: Accept-Encoding
x-goog-generation: 1681146804366265
x-goog-hash: crc32c=wVdAwA==, md5=sJZfBRl3wN2V/+LHNsrDUg==
content-type: application/javascript
cache-id: YUL-62c5aa93
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 32213
accept-ranges: none

GET
H2 200 container.html Show response
02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9804 6 KB
3 KB 21ms
20ms Document
text/html 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.infosecurity-magazine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 21 Jul 2023 15:53:39 GMT
expires: Sat, 20 Jul 2024 15:53:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D646 0
0 44ms
44ms Fetch
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvehhuuepHyq1-Hdy01SyVT43Rf2PTeVC6cWqJAkGeeyfGaL-M95FaL61t2ZB_CTwXit4eO7jUW--ZopjO-mcnOdko4NdkNU2UGegjpI2GXMAd6e_KTVtfv0ErhWiyIa3PwXCqRhlSfu3pqtkbA8hlYq-EiFxnnQIFRI4K82gswEHj4UCgsVqVGL6thUbVgnWpIPPiF6BcwYb6MTbmy5zo9lRw3fiX2Mrl1t313veikkC-hWMGThMFOfvv5Ncbkgg92MNkxJ3CcXnJBxPglCmpyOL2xK5-owicTlfmgzLbIAjb043xaLe3fLap8tanO0_D5aHk3OsVKLc05dPAduSzTsFEzOpW-QIhMIvXymMWbwfwKYSzpXD2ntT_YVSTfUTS9_ClTcTPsZlHrurmlH5cH&sai=AMfl-YQE9MH71TTodx02-dDELf9HyAF_Li3JXGLS6dQz3FH2QRu0wOw_-URLHOkCbWhM06czczjCg4p5ujkWfMBFVAskQp2R4Ssvv8xD9CQTHCAzpemNpBjxuJiNkBGTl7ZS1uEeiQMpWDU4xSrtksl8&sig=Cg0ArKJSzN7R3zojajPwEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Jul 2023 15:53:39 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame D646 3 KB
2 KB 75ms
20ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:12:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2474
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Aug 2023 15:12:25 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D646 179 KB
57 KB 104ms
49ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Jul 2023 15:53:39 GMT

GET
H2 200 14846558050607646150
tpc.googlesyndication.com/simgad/ Frame D646 101 KB
101 KB 75ms
21ms Image
image/png 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14846558050607646150

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

051ad4275e260af35441788ba01b0bf78498cda465caf8891198ebb831e81d9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 09:59:55 GMT
x-content-type-options: nosniff
age: 21224
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 102940
x-xss-protection: 0
last-modified: Wed, 17 May 2023 15:10:44 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 20 Jul 2024 09:59:55 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 569F 0
0 44ms
44ms Fetch
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvTSt0nQYTiL1bPA2ypsCUZJezaIX3RtT5TpOci9qxAj3K0uQdUk7_r2w0gqX9AdNTdGwreFB-7IzJHGGJaJCjFmI8Sk7S3SR5j9RwvIhaQ2GQ6hULK1v-zYGa6IijY_85jGHyWzRkd1b-5p79_sqaG9O2Qf8yx1od8QdMOy1lp_oTg0Y1D4CNBE5qvQTrgQHdTBwyy3c8DFTQjLqtOj5nOaHksIVK3lLgs7hKJIqYJ6AIDJiVn0PfgCJS2l9axguMHuzy3OLTxwurvDSy8cbXE6CVmFtTIvlOw1-y44x684_keYNRTKrIiNXqTD7Y8_ARqXWxI2-XuCHiBinF1i9k-1ge25KtAgVdhObMWef4HC-OeGq2mpeYmtzv1_6diGJjAHxkhI6YyU7UD0qlQISEK&sai=AMfl-YRzPR5paCq8lxph69PzwZ6KW9cyirfOSJd10gC_FJO64ysJ6KEY2IzgaI1OXtVd5u2AcQWUe-9Roqeh0cKd2c5TuUuHWtQRowP6o4op3b0xSle_Usv13H3gT-5YmCSzJ6MkW3FIxPErQAWyFmSC&sig=Cg0ArKJSzHZsQ-JGNpjgEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Jul 2023 15:53:39 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/ Frame 569F 3 KB
1 KB 48ms
20ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230719/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:12:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2474
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 04 Aug 2023 15:12:25 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 569F 179 KB
56 KB 109ms
82ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Jul 2023 15:53:39 GMT

GET
H2 200 8378669705757800192
tpc.googlesyndication.com/simgad/ Frame 569F 33 KB
33 KB 68ms
42ms Image
image/jpeg 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8378669705757800192

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f5cf4640a6724d20056eb82372199d701f87901783f98c749e0b60f62e8d255

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 08:21:34 GMT
x-content-type-options: nosniff
age: 27125
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33734
x-xss-protection: 0
last-modified: Wed, 17 May 2023 15:06:24 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 20 Jul 2024 08:21:34 GMT

GET
DATA 200
OK truncated
/ Frame D646 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 28e7cac60da4aecc140c35138ca8dc18a6e029d09b325f351f5a9cc8c9743918

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 569F 206 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3205ddc3fac65fef3e2e4a284516d800068181f15a1fcf92131c906e71d5c49

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 utsync.ashx Show response
ml314.com/ 644 B
1 KB 32ms
29ms Script
application/javascript 34.111.234.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=81370&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fredeyes-group-targets-individuals%2F&pv=1689954819724_0exwyrww5&bl=en-us&cb=2641377&return=&ht=&d=&dc=&si=1689954819724_0exwyrww5&cid=&s=1600x1200&rp=&v=2.5.3.49
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d83d76d2d7492933bdccbde3b894926b7a998ec6856d9f25b2614994e465f542

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:39 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/javascript; charset=utf-8
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 644
expires: 0

GET
H/1.1 200
OK ud.ashx Show response
in.ml314.com/ 20 B
482 B 234ms
99ms Script
application/javascript 35.169.197.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://in.ml314.com/ud.ashx?topiclimit=&cb=2162023&v=2.5.3.49
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.169.197.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-169-197-194.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date: Fri, 21 Jul 2023 15:53:39 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public
Connection: keep-alive
Content-Length: 138
Expires: Sat, 22 Jul 2023 15:53:39 GMT

GET
H2 200 6b575081-117f-49ba-bff7-347875107505.json Show response
cdn.cookielaw.org/consent/6b575081-117f-49ba-bff7-347875107505/ 3 KB
2 KB 57ms
34ms XHR
application/x-javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6b575081-117f-49ba-bff7-347875107505/6b575081-117f-49ba-bff7-347875107505.json

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60a3a7f932316a94621e08b843050b7fa26b89d8ca8a5d99a2e8fb492ead42d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 21 Jul 2023 15:53:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 62009
content-md5: alvR47ZcS0B0s8qS2dAF8g==
content-length: 1456
x-ms-lease-status: unlocked
last-modified: Mon, 06 Mar 2023 07:40:28 GMT
server: cloudflare
etag: 0x8DB1E160E4CF493
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: bc717eda-201e-0027-7ae1-5a42af000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ea49e379f9d713f-YUL
expires: Sat, 22 Jul 2023 15:53:39 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 9804 24 KB
7 KB 28ms
27ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com
URL: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 09:19:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 369253
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 16 Jul 2024 09:19:26 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 9804 16 KB
7 KB 37ms
36ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com
URL: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:35:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1096
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6830
x-xss-protection: 0
last-modified: Wed, 24 May 2023 18:59:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 21 Jul 2023 16:35:23 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9804 179 KB
56 KB 95ms
95ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com
URL: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57333
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689766554590483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Jul 2023 15:53:39 GMT

GET
H2 200 adsct
t.co/i/ 43 B
377 B 221ms
46ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=1&eci=1&event_id=f508cf9d-b616-4347-b375-5102d60fa0e5&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e771ecb7-3f47-40cd-8f9e-efa6e01bce86&tw_document_href=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fredeyes-group-targets-individuals%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o7tzd&type=javascript&version=2.3.29

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-response-time: 5
date: Fri, 21 Jul 2023 15:53:39 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: b8e6e06783556884
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: a60521b272ebc0cdf915f4385243119ba6d851c6eb5fcad9f80503b6c48bdb63
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
394 B 180ms
39ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=1&eci=1&event_id=f508cf9d-b616-4347-b375-5102d60fa0e5&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e771ecb7-3f47-40cd-8f9e-efa6e01bce86&tw_document_href=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fredeyes-group-targets-individuals%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o7tzd&type=javascript&version=2.3.29

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-response-time: 5
date: Fri, 21 Jul 2023 15:53:39 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 0e7bc38cf5d9cddd
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: fea6c9ca27adc0048434fa61e53a7b22f66013ce75fb610b26e3c05c4fadfddb
content-length: 43

GET
H2 200 580638648955413 Show response
connect.facebook.net/signals/config/ 384 KB
110 KB 94ms
93ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/580638648955413?v=next&r=stable

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3dc0f37d182281a92426ac1d983047ccdd758ea55afb320fdb79d4032c8bef38

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 21 Jul 2023 15:53:39 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 6Ox74iAnBjIEDMqkDyuYui3Tp7TpsYFkBQo2cQ/SgdAATlDP0d5iak/8PfaOg9U1Ctkl+uJWBQl/OqoRgx51nw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
264 B 113ms
32ms Ping
text/plain 2607:f8b0:4006:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-8VSXE5KKGM&gtm=45je37j0&_p=973320449&_gaz=1&cid=1042752502.1689954819&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1689954819&sct=1&seg=0&dl=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fredeyes-group-targets-individuals%2F&dt=RedEyes%20Group%20Targets%20Individuals%20with%20Wiretapping%20Malware%20-%20Infosecurity%20Magazine&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8VSXE5KKGM&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:807::200e Stony Point, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:39 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.infosecurity-magazine.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
264 B 111ms
30ms Ping
text/plain 2607:f8b0:4004:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-8VSXE5KKGM&cid=1042752502.1689954819&gtm=45je37j0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8VSXE5KKGM&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c08::9c Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:39 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.infosecurity-magazine.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
408 B 116ms
36ms Image
image/gif 2607:f8b0:4006:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8VSXE5KKGM&cid=1042752502.1689954819&gtm=45je37j0&aip=1&z=513342856

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2003 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3637243632966697019&redir=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3637243632966697019&redir=

42 B
941 B

35ms
34ms

Image
image/gif

54.197.170.208
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3637243632966697019&redir=

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

HTTP/1.1

Server

54.197.170.208 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-170-208.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

DCS: dcs-prod-va6-2-v049-07a7b5c16.edge-va6.demdex.com 10 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: NR6lQSAHQg0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-va6-2-v049-04db09df7.edge-va6.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: ILEdD1ODS0c=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3637243632966697019&redir=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3

200

csync.ashx
ml314.com/
Redirect Chain

https://idsync.rlcdn.com/395886.gif?partner_uid=3637243632966697019
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYzNzI0MzYzMjk2NjY5NzAxORAAGg0Ig9TqpQYSBQjoBxAAQgBKAA
https://ml314.com/csync.ashx?fp=7d3a8a7dd04fc0301ca6796c9281ed911d39110653cd5e2b2b9ff382445b1b31f4cb09cee1a4f8eb&person_id=3637243632966697019&eid=50082

43 B
60 B

30ms
30ms

Image
image/gif

34.111.234.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=7d3a8a7dd04fc0301ca6796c9281ed911d39110653cd5e2b2b9ff382445b1b31f4cb09cee1a4f8eb&person_id=3637243632966697019&eid=50082
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/
Protocol: H3
Server: 34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/gif
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Sat, 22 Jul 2023 11:53:40 GMT

Redirect headers

date: Fri, 21 Jul 2023 15:53:40 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ml314.com/csync.ashx?fp=7d3a8a7dd04fc0301ca6796c9281ed911d39110653cd5e2b2b9ff382445b1b31f4cb09cee1a4f8eb&person_id=3637243632966697019&eid=50082
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

utsync.ashx
ml314.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=4b91b962-f38e-4965-b9e0-81f7aa61df25&gdpr=0&gdpr_consent=

43 B
64 B

32ms
31ms

Image
image/gif

34.111.234.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/utsync.ashx?eid=53819&et=0&fp=4b91b962-f38e-4965-b9e0-81f7aa61df25&gdpr=0&gdpr_consent=
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/
Protocol: H3
Server: 34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:39 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: 0,Sat, 22 Jul 2023 11:53:40 GMT

Redirect headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:40 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ml314.com/utsync.ashx?eid=53819&et=0&fp=4b91b962-f38e-4965-b9e0-81f7aa61df25&gdpr=0&gdpr_consent=
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 241

GET
H3

200

csync.ashx
ml314.com/
Redirect Chain

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3637243632966697019
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3637243632966697019
https://ml314.com/csync.ashx?fp=bd870631057b36b20d7a306355c8706&eid=50146&person_id=3637243632966697019

43 B
60 B

29ms
28ms

Image
image/gif

34.111.234.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=bd870631057b36b20d7a306355c8706&eid=50146&person_id=3637243632966697019
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/
Protocol: H3
Server: 34.111.234.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/gif
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Sat, 22 Jul 2023 11:53:40 GMT

Redirect headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:40 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ml314.com/csync.ashx?fp=bd870631057b36b20d7a306355c8706&eid=50146&person_id=3637243632966697019
cache-control: no-cache
x-server: 10.40.37.167
content-length: 0
expires: 0

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2MddJ4SBNw9AwqcougPfJ9u4aKhG-hO7nG7kJaVX_oKQ&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_p...
https://ml314.com/csync.ashx?fp=2MddJ4SBNw9AwqcougPfJ9u4aKhG-hO7nG7kJaVX_oKQ&person_id=3637243632966697019&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil%26referre...
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20

70 B
440 B

26ms
26ms

Image
image/gif

52.55.144.0
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/
Protocol: HTTP/1.1
Server: 52.55.144.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-55-144-0.compute-1.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/gif
Date: Fri, 21 Jul 2023 15:53:40 GMT
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

date: Fri, 21 Jul 2023 15:53:39 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html; charset=utf-8
location: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 193
expires: Sat, 22 Jul 2023 11:53:40 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
295 B 109ms
41ms XHR
application/json 2606:4700::6812:1d26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d26 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.infosecurity-magazine.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7ea49e387c917156-YUL
access-control-allow-headers: Content-Type

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D646 0
0 87ms
44ms Fetch
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssoT1H4GS-43dPMxmDBmvTbIH5tc8JtXkFuNFMKyIOzHZ_v23FdoswtQDEe6kL5r6wWNSa0mN4wiJoVjhQDNYsINYjYfazOuWQO-2E4EXzlB7yhJt3oYcyZHog6cJIvzzylcNwfNYUujFNhsxWVsOgN_dclujKBeHUXLTVkyRqbNZLL8ixDnp_YgeCD0OlE7tjY9K7tPGl9qSdJsecMlYZx3t5XqpKpTIJ1yWV4He8BdENt_WaMxql_gsoZYUJKInWf_ck_e5yFXKv4tlPnvHnfnff1yo9ysmfhYqwZOoIinOgU3EURJRT6Yoqv5z_A_4ZFWyQw0D4X43m4Qzd136Hn5d-_uUFhY5SDMrvEPhAPbkjVgzJq5d5oBldqnlQilD2fi7Btu4exIfxsydoKqq3F7A8&sai=AMfl-YTfX9J7qixCrLu-ei3XbgkV7KyY7EE1jsZ26nW1rA6zcV79Hx6yqpvrN4plgHXHNmy_7Wf_YJCzLQFBSTHi_EfK7RkZvB_1atAdB3rtw1AKKuL-FHdX4LM97vL0SFkxyl_HiMW9m8trlQ0Z53pB&sig=Cg0ArKJSzBWBFmGpNhXkEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Jul 2023 15:53:39 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9804 0
0 49ms
47ms Fetch
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssuejuh1jIUS9m4SrVpbQCuL9GtyEyI9BCyktChgKa5Ha68GmCOpngfWW-8JpJe8q_hmJ4EGRXHs4_CCNEBY1fhCFNIfwpun7YclAIZQb7U4zP14Vx7Z-6-2gm4Ka6m7MLXFHB3JmCD61ZA2FLWF5eA_SA-L9WZagDrGS6_thgsXT1GjtLaMw-kra0lJrCozJpPXPR3HAXP4TyH45H96Ga5Fsn1QKZtrgmlkRSPCIKTIaTJQULD7JnU_7bmPSbFP_0Y5sBW6Pyu51QYwBHG9Sf7iMu385cpCHEGq4GeTjFh56NEAdmIMicWurXESUF-IR-mwsfwidi1OqVAHO8hLqfPrljlxJ4xL9b7lq0fi3YWdj6e-NHNGtjPrkfvvIe43-gKK0x1ewoFDk9qaAYdLSf9&sai=AMfl-YRLyNZA4KaKLu0k9JU811pbxo-qciHSZVaLueaMLv92F5TldSRi78TQU9XRwxA8SWKTbMAWMc9YGPgMIrmXJV66k6gCl07mpQdTgbuy1W17zvelili5vUTGE8KV7jBerawsCLzwm9vNP4_YLCcg&sig=Cg0ArKJSzEp_OLCRBBSZEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com
URL: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 impl_v96.js Show response
www.googletagservices.com/dcm/ Frame 9804 49 KB
20 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v96.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 02:35:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 134296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20157
x-xss-protection: 0
last-modified: Mon, 22 May 2023 16:41:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 19 Jul 2024 02:35:23 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 569F 0
0 45ms
43ms Fetch
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsunXGBZ0G0AaO0ryR4eKyfxWQyDC58Jgcp9Zlgh_3m_pYUelVS_vVj5NUYLsqPGm7QgAUXNU7gYMrZnbgj5fX3P66zYJXGIcQ-MENgw1Y5azjKmrz14_Zo7IPB7HaopuVEpRPh6jTz-l0tD9_a8P1qhAEqunHYyix4OjXtjd-pajdewDQt4Ry33At_q9UOh5mxXn_KwkR1lgCjgWs2uwdK8HqrCPjifgTPBtyTySh_-C8wYVdji1BPEdJAcAG0kgv4iS4y8RGVV1rWkNaTWrQysjCOmv_okhcPgIcphq9CoTlTx2lxUPiZ2tDLdbNHQ3H52PFgQn04ezUTR738LRWHuTEWOqAlS_kglG4Oi-gwZMjTXoeYtLgSqmfAYJD-n_kgxR7U_gC5sy4dewSgwBPu3WpQ&sai=AMfl-YTh8fg18E4OElt0NAYxliguVrOlJETfK4Dh-7Jl2Y_gx5cFpDBltWc7sgMiPhh72ERad0VAAnO9YB1A40Z6Vij4lPmQq3EQN-2xvbn7c5ODT9kq280FBTVfWrwPrJ8MOsRwPKbxH5bNDaPn6ubs&sig=Cg0ArKJSzPE77zj2tx4NEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Jul 2023 15:53:39 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202302.1.0/ 405 KB
98 KB 23ms
23ms Script
application/javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202302.1.0/otBannerSdk.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e70be2849f7e7f7f27dc4eb168538ef25474e4799e1a4a4d9aee01f57f4c5a3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 21 Jul 2023 15:53:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: +3NcDg7IRUqn5oCiPaN6Hg==
age: 70212
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99858
x-ms-lease-status: unlocked
last-modified: Fri, 10 Mar 2023 03:55:12 GMT
server: cloudflare
etag: 0x8DB211B3FF3862E
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: c029008f-f01e-012a-64e1-5aebf6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ea49e39092c4bd6-YUL

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 67ms
18ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=580638648955413&ev=PageView&dl=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fredeyes-group-targets-individuals%2F&rl=&if=false&ts=1689954820033&sw=1600&sh=1200&v=next&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1689954820027.1633210531&cs_est=true&it=1689954819783&coo=false&rqm=GET

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 21 Jul 2023 15:53:40 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=3756773004;ord=dyors4;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssOJrsPHpnlFNICtghgf046gzT8goi73cF2q_hhHGjVe... Show response
ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/ Frame 9804 63 KB
30 KB 150ms
74ms Script
text/javascript 142.250.65.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=3756773004;ord=dyors4;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssOJrsPHpnlFNICtghgf046gzT8goi73cF2q_hhHGjVemoEF7S5zrRBPamU7H_ImU7cbbdn-3oxPrksIVMcEoUKHz3VZ_TTe6c_OE0Z1JVe0L4MHxxDHiwRfxwfu8dYWWGaJLHMJ0CBjQNmKVhnUjlH-kYTCA8WVvKf_3HtpbFPXiPU6yux6xEZmY2UwuWVLfF2DWhgyeywjY5NfW-Gtbc6jn4Sbu541m4weg2Q-YNtA0qhBHtId_eqx2dGzMCw_o7Syx63qOiXLDJ4vpdTqwpAiducgztpqNKKMnmPrtwtEyLx4QiC-mwnwjskNEvMyrEbt_WsG0GKh_6-LQKacfRa5Cw1zoUMGmNQWsQKe4DwWC1trC2C-NLHCzGqkdiqdUSVWWiDKCFPPFPSpdvu%26sai%3DAMfl-YRaKiFV8zbveOyEjJ0NqrlST44m4-i3Y7QKyeU6vgIa4PPOxQJDIUeHTbq1PUx6UqG0Tf9pRMEULlLi2qf2VSpGP0tDLkVbb1V2gcvQvqbKju9sbYY88WEzsGuJwXcoyYdLVHTVIQxt-SkYgtJU%26sig%3DCg0ArKJSzBDYLe7LEDKyEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com%2F$0;xdt=1;crlt=dGrTRuOyH3;stc=1;chaa=1;sttr=136;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v96.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f6.1e100.net

Software

cafe /

Resource Hash

b4c9d53f85eeb6c9253768880a616b5b723efe6bc4d18518423dbde663697dbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29814
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6b575081-117f-49ba-bff7-347875107505/2ca9783c-e3b0-47d5-889b-bd0759260e50/ 53 KB
14 KB 34ms
33ms Fetch
application/x-javascript 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6b575081-117f-49ba-bff7-347875107505/2ca9783c-e3b0-47d5-889b-bd0759260e50/en.json

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00e70321427a6db08053549dc7efd05e3371b4aaa3db383284295b0da386f950

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 21 Jul 2023 15:53:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 62010
content-md5: 8pgIlg/gSXWQIiVQqSHEng==
content-length: 13991
x-ms-lease-status: unlocked
last-modified: Mon, 06 Mar 2023 07:40:29 GMT
server: cloudflare
etag: 0x8DB1E160EFE0466
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 0a7233cc-b01e-010f-13e1-5a7345000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ea49e397a55713f-YUL
expires: Sat, 22 Jul 2023 15:53:40 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 197 KB
71 KB 60ms
60ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-875375440

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

80216a6fe9274fb9a14b22abf7fc618ca8496fb857eeb0dd3d5144c2e537744e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72349
x-xss-protection: 0
last-modified: Fri, 21 Jul 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 21 Jul 2023 15:53:40 GMT

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/202302.1.0/assets/ 9 KB
3 KB 31ms
31ms Fetch
application/json 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202302.1.0/assets/otCenterRounded.json

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c4f86e9ccc5e942b4003bd9fed721d599fdeb7bcc1a2db63a95cba24de5f828

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 21 Jul 2023 15:53:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Ad42vPYfEjbgt2jOvy2ZBw==
age: 62010
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2639
x-ms-lease-status: unlocked
last-modified: Fri, 10 Mar 2023 03:55:05 GMT
server: cloudflare
etag: 0x8DB211B3C080A8D
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ce2a6fc0-801e-00a9-60e1-5a0d0e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ea49e39dad8713f-YUL

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202302.1.0/assets/ 62 KB
15 KB 26ms
25ms Fetch
application/json 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202302.1.0/assets/otPcCenter.json

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cef181b89850405f733232c050e35b633a648eacee98005f2663b481ac3b0db4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 21 Jul 2023 15:53:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: V5/ea3CdVX7pMOqnWq49VA==
age: 62010
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14749
x-ms-lease-status: unlocked
last-modified: Fri, 10 Mar 2023 03:55:05 GMT
server: cloudflare
etag: 0x8DB211B3BF12A5F
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 9d53f45f-901e-001c-6fe1-5a00f1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ea49e39dadb713f-YUL

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202302.1.0/assets/ 21 KB
4 KB 37ms
37ms Fetch
text/css 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202302.1.0/assets/otCommonStyles.css

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 21 Jul 2023 15:53:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 62010
x-ms-lease-status: unlocked
last-modified: Fri, 10 Mar 2023 03:55:17 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 56c6b21b-001e-00de-0ce1-5a884f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7ea49e39dadc713f-YUL

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230719/r20110914/elements/html/ Frame 9804 11 KB
4 KB 72ms
20ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230719/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N939402.154638INFOSECURITY-MAGAZ/B29595140.362265631;dc_ver=96.284;sz=728x90;u_sd=1;dc_adk=3756773004;ord=dyors4;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssOJrsPHpnlFNICtghgf046gzT8goi73cF2q_hhHGjVemoEF7S5zrRBPamU7H_ImU7cbbdn-3oxPrksIVMcEoUKHz3VZ_TTe6c_OE0Z1JVe0L4MHxxDHiwRfxwfu8dYWWGaJLHMJ0CBjQNmKVhnUjlH-kYTCA8WVvKf_3HtpbFPXiPU6yux6xEZmY2UwuWVLfF2DWhgyeywjY5NfW-Gtbc6jn4Sbu541m4weg2Q-YNtA0qhBHtId_eqx2dGzMCw_o7Syx63qOiXLDJ4vpdTqwpAiducgztpqNKKMnmPrtwtEyLx4QiC-mwnwjskNEvMyrEbt_WsG0GKh_6-LQKacfRa5Cw1zoUMGmNQWsQKe4DwWC1trC2C-NLHCzGqkdiqdUSVWWiDKCFPPFPSpdvu%26sai%3DAMfl-YRaKiFV8zbveOyEjJ0NqrlST44m4-i3Y7QKyeU6vgIa4PPOxQJDIUeHTbq1PUx6UqG0Tf9pRMEULlLi2qf2VSpGP0tDLkVbb1V2gcvQvqbKju9sbYY88WEzsGuJwXcoyYdLVHTVIQxt-SkYgtJU%26sig%3DCg0ArKJSzBDYLe7LEDKyEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=1,https%3A%2F%2Fwww.infosecurity-magazine.com%2F$0;xdt=1;crlt=dGrTRuOyH3;stc=1;chaa=1;sttr=136;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 17:26:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80806
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Aug 2023 17:26:54 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9804 0
0 112ms
38ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv_Ev-duiPr_GH_k1iBbaWHXHEK_iL-13hnt8mMx9o5aH_Q2_MeMtbHNMpbz4Oit2TtN7zAvJ8wJGbCrenK1SCxOMnKdOSQZthbE6C6HqRCckELexu5fG2ACvWOD-Dp2S-xj845lH5x5dwPlBQe4K5Ue5QcCTsW6eShYMeDnkv8kZ68lsqo6djHKG2E&sai=AMfl-YRkuQ98GTFbrOkGaWTJE45x2ydrpxoj4866P3rFYHh4dho-xyJwawyvq26Nk2dBk-WP0Iqhrh8OoddjkvxfjHAGzi9aSDTnVWbVRw&sig=Cg0ArKJSzBCLEVUo6jgREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230719.64875&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Jul 2023 15:53:40 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9804 41 KB
13 KB 25ms
20ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 14:11:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6116
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Jul 2024 14:11:44 GMT

GET
H2 200 13854587416233782547
s0.2mdn.net/simgad/ Frame 9804 5 MB
5 MB 83ms
23ms Image
image/gif 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/13854587416233782547

Requested by

Host: 02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com
URL: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be163e2134074109283b01c8babdb64daf4601766efde31f5e2c04e60984e1f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 17:48:04 GMT
x-content-type-options: nosniff
age: 165936
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4914069
x-xss-protection: 0
last-modified: Wed, 15 Mar 2023 20:01:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 18 Jul 2024 17:48:04 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/875375440/ 3 KB
2 KB 539ms
484ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/875375440/?random=1689954820339&cv=11&fst=1689954820339&bg=ffffff&guid=ON&async=1&gtm=45be37j0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fredeyes-group-targets-individuals%2F&hn=www.googleadservices.com&frm=0&tiba=RedEyes%20Group%20Targets%20Individuals%20with%20Wiretapping%20Malware%20-%20Infosecurity%20Magazine&auid=400285659.1689954820&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f433c95727f57c2f7bfa7755a973d32e81b0ba666ab3567f137cb67ec776c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1377
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 9804 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9969b1560ba54990dfc6ef80a4cce1a430b51d056fd892e3d3414e5c9a9e261

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F566 22 KB
8 KB 22ms
21ms Document
text/html 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 6115
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 21 Jul 2023 14:11:45 GMT
expires: Sat, 20 Jul 2024 14:11:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js Show response
pagead2.googlesyndication.com/bg/ Frame F566 37 KB
15 KB 27ms
25ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vVBxlHWLSq1fuQw2L5BPyxsDoAp2pX6f0RpBSmAaURU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd507194758b4aad5fb90c362f904fcb1b03a00a76a57e9fd11a414a601a5115

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 19:28:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 246328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14655
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 Jul 2024 19:28:12 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9804 0
0 39ms
37ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv_Ev-duiPr_GH_k1iBbaWHXHEK_iL-13hnt8mMx9o5aH_Q2_MeMtbHNMpbz4Oit2TtN7zAvJ8wJGbCrenK1SCxOMnKdOSQZthbE6C6HqRCckELexu5fG2ACvWOD-Dp2S-xj845lH5x5dwPlBQe4K5Ue5QcCTsW6eShYMeDnkv8kZ68lsqo6djHKG2E&sai=AMfl-YRkuQ98GTFbrOkGaWTJE45x2ydrpxoj4866P3rFYHh4dho-xyJwawyvq26Nk2dBk-WP0Iqhrh8OoddjkvxfjHAGzi9aSDTnVWbVRw&sig=Cg0ArKJSzBCLEVUo6jgREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=291&vt=11&dtpt=290&dett=2&cstd=0&cisv=r20230719.64875&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Jul 2023 15:53:40 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9804 0
0 46ms
44ms Fetch
image/gif 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu7SLPyL8i3r14kq2CpRiOqYUrW2LkvVAQyo3PVDJPsMrykgI_dxoG_AwIp5zkmDbvuXrDxo6xEox6ura_yTssTukSlCaAWQ1pVfEw-05SrcPNq893Sd-DfCWCS3L3X8AN42jSFkHs6ZO_pbVme1SxqcFi21On417NAVYBMWDmzCiDuMCsf4734c1gEm4AT9pIMtDVTs6gHUFX8XTJNvFUYaUGX8SKbld9pOMWYSvDp7sWGZ-Sn3L3_5Wxxe8vpZrbg-hxWhz3SExYQZt0LpAWIHQroewc4KpEzzge8RXjGPVaXkFujjeSL21JcEvkz-GHy5RbxajeW5IZzx9yxzJXgWj7BSNs32zEyVb_xFEA7gB1RB-CuxC7GgxqT5lFNpm3n2fts4YO3_TMbobwoazGjUbw&sai=AMfl-YTaxXWTUmQphHE03R2he2Wa7G-JoNJiVPN5ztj7o2SMUDhJaKpssdPRZm1q794wsvPpY4nt3_MrOZRSya0ltr5WQrTaKIy5tN9FcEhMzV5nsVz5zoFJl4Yo1JMAvEcUVkw1u-QEJZKzvBQPL-zo&sig=Cg0ArKJSzDVTnffRXxtXEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:40 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 21 Jul 2023 15:53:40 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame CED5 0
59 B 19ms
19ms Document
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.infosecurity-magazine.com
Referer: https://www.infosecurity-magazine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.infosecurity-magazine.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Fri, 21 Jul 2023 15:53:40 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F566 0
20 B 43ms
43ms Image
image/gif 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B00kOBKq6ZN6JCZqfNZfnr5AKAAAAADgB4AQC&bg=!p6SlpPDNAAZsPphkTD47ADkAdvg8WkHnyWzh9wiRT4LHb1ipw0tE4VOzEjOsK1s2XQTrtMi_BMRyXtRr9ushznzF2aNXVOkd01cCAAAA81IAAAANaAEHmQNW52hrBMIUe57DHptiF1GEaGQtvE-jzemWLH9GF0Fis2fzPEGMSsiUaidoWl-dMZFtxgo64AQBLJN8hRzI-Kv5AuFAHIf54CkktEjz77dGuYCA8SlgN4ciTHu5l0Ais9zpB9UFgOtYrVfRFe4wNZ4qk5MJkywtfhdlXrIdEKBuMULLH2UT9HVc6H4tEoUMvARJQcI2OE3PAh3uQTo4hUairil5Xlhg1WglRsoJroyPcNVMr-YOenkZ34AG8xBhekAqZEPzxKw1K161Y6V7Gw-_wK-xYd5wmscAVF1SzZVMuhzAczdqWc-dCce4-lDTLWMUvwdnLsh0qtqEfG1UefSreYkqd2iybhSdtmV5jGl74fsZ-XkUW5NCvOiRdUJEq-F4j2-REEl6xlsjZPe_YbIrUyIKsEY4hO2IRvMVc-XdKzCeYXHx-2kmfbrtCMluAFIdtpYobi_YWK6s-ZDtk6hB07XlQdA47eNX56HjEtx2jNK92a1CCXol3_08fbanES2srpvjT9tzGjBew5R9o04tAXEvPokZjiWo2bc2UeG_dVaVMKgCuJX-P5ZLOS0GUC6Cm6-SNTB0jGgEjrwqO2D8bGyAVXRgud5vsHX1DHWBRzJiD0-m6cgoqNFGIo5JEIE0yFyUSXEfRxLqxdEpJtQqfxzoa8RG2fzEfbCW0xbbcWg9Q-yJfvggRmySxQj9l7VZQDVLSLOHXNiIcGhrmOQBPS9MwGXmVSiIDpH9y7EXYZML0An-hoTm8TcqBgnttvFfJ0qOCzjcngUGKQfohtc2XVR-9kQagFdFwW_TRpIdPpQjLYz5nHy9itdbW50_eiLm9fvzqQK_nv0ZfYjdZK3gv_uOog4nDc1hDN-vNCjZE9EZYxY3G-qJMSUzBB1f8Dni6bWhfLZjkVWKSvxqq3s9rGqD_NPVCF1gTdgSSb70cd-OSyfQcIXRgqI3GXc3M6dJRB6fj4EC2RK_RCYJv0SJyzPittgSp5VQjTzNg9kIiyPR-xjb6E5VN5D18q-Uh8d56FZIQ0FCRJbuN3l3E3x9cBXh-whUUreR7NbxHNsEMChsRBQVp1WbCXHk86fqQk67MTppCXV3vvRYgoBD3zf91kaJrp2Do5NEf0FX562RgnVaGXZ150g

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D646 42 B
64 B 98ms
44ms Fetch
image/gif 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstMVwVW2D2No68F8c32WDMBCeMdjZxjM7uKDz5wqoz4RDVCps6wXq3fckFdAd_2hGN30fX3UM7seMbachLzW6weVQbo5exqU6MFTrT2GUOIPXPDcys0&sig=Cg0ArKJSzPNEGviA8kC4EAE&id=lidar2&mcvt=1006&p=810,1046,1060,1346&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20230719&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=3468452233&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689954819652&rpt=226&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/875375440/ 42 B
455 B 108ms
44ms Image
image/gif 2607:f8b0:4006:823::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/875375440/?random=1689954820339&cv=11&fst=1689951600000&bg=ffffff&guid=ON&async=1&gtm=45be37j0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fredeyes-group-targets-individuals%2F&frm=0&tiba=RedEyes%20Group%20Targets%20Individuals%20with%20Wiretapping%20Malware%20-%20Infosecurity%20Magazine&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1002301249&rmt_tld=0&ipr=y

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2004 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/875375440/ 42 B
154 B 44ms
43ms Image
image/gif 2607:f8b0:4006:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/875375440/?random=1689954820339&cv=11&fst=1689951600000&bg=ffffff&guid=ON&async=1&gtm=45be37j0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fredeyes-group-targets-individuals%2F&frm=0&tiba=RedEyes%20Group%20Targets%20Individuals%20with%20Wiretapping%20Malware%20-%20Infosecurity%20Magazine&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1002301249&rmt_tld=1&ipr=y

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2003 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 569F 42 B
64 B 45ms
43ms Fetch
image/gif 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstEopLCXGuc0i6GRLmNJDsr4h5Vv9LWNNbQiFNex9-4F-OvMzO8rcac7EQc0DySWjIf1ZrxMqGO7FVCVVTv-Hj0ySf4XhO7zPu7Ob6hUQyzkW3ZvGil&sig=Cg0ArKJSzIJwXT7k10GaEAE&id=lidar2&mcvt=1000&p=1102,436,1192,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230719&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=1534223668&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689954819681&rpt=257&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nr-spa-1216.min.js Show response
js-agent.newrelic.com/ 49 KB
19 KB 56ms
12ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1216.min.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-encoding: br
via: 1.1 varnish
date: Fri, 21 Jul 2023 15:53:41 GMT
strict-transport-security: max-age=300
x-amz-request-id: 2HPF12BFKCQCBM5Y
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 19141
x-amz-id-2: nQArEc4Hgcm7jvjHjAf8EdNu0uzELUnHUgf0A/jB/mF9goghLjk/JWVGszhYOCYn86ARGDhgIB0=
x-served-by: cache-yul12831-YUL
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1689954821.067009,VS0,VE0
etag: "63e2df852d15ab21d7ff8fc4363222e8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 133117

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 51ms
50ms XHR
application/json 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202307170101&st=env

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47c0b9f9639ba0e21e49ae91055cf72d84be6e17b2c9b1c1356925a716dd0640

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11759
x-xss-protection: 0

GET
H2 200 RX_Logo_-_primary_logo_for_everyday_use.png
cdn.cookielaw.org/logos/c7f35e9f-bc78-43c8-9f0e-7cd83009704c/d5d2d0ac-164a-4501-8141-3a264a81333e/95f66c83-9442-43f5-9fb4-8a136c33442a/ 51 KB
51 KB 30ms
30ms Image
image/png 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/c7f35e9f-bc78-43c8-9f0e-7cd83009704c/d5d2d0ac-164a-4501-8141-3a264a81333e/95f66c83-9442-43f5-9fb4-8a136c33442a/RX_Logo_-_primary_logo_for_everyday_use.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

279b6c8b97bfb37476d6d075d1431d85a380ca36ebe6af4146844cfb135c21d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 21 Jul 2023 15:53:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: yxwPB4FKahj/CgrZY2+Gbg==
age: 85102
content-length: 52319
x-ms-lease-status: unlocked
last-modified: Mon, 02 Aug 2021 09:46:17 GMT
server: cloudflare
etag: 0x8D9559A5FD49D88
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 9d36135a-501e-00e4-55e1-5acbec000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7ea49e3faac94bd6-YUL

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 23ms
23ms Image
image/svg+xml 2606:4700::6812:aa72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aa72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 21 Jul 2023 15:53:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 71674
x-ms-lease-status: unlocked
last-modified: Thu, 20 Jul 2023 13:21:16 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: b19eaae6-001e-00f7-0b34-bbfe0d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7ea49e3faacb4bd6-YUL

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 53ms
52ms Script
text/javascript 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 21 Jul 2023 15:53:41 GMT

GET
H/1.1 200
OK NRJS-70b3f9b2c6f17cc4471 Show response
bam.eu01.nr-data.net/1/ 56 B
651 B 545ms
175ms Script
text/javascript 185.221.85.3
NEW-2

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/1/NRJS-70b3f9b2c6f17cc4471?a=241052313&v=1216.487a282&to=MhBSZQoZXxEDUkdRWQtacWIoV0UHD0FfWUIABh9GHRpBAwVUHVlFFQ0%3D&rst=14470&ck=1&ref=https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/&ap=11961&be=12221&fe=14377&dc=12697&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1689954806640,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:74,%22c%22:74,%22s%22:91,%22ce%22:114,%22rq%22:114,%22rp%22:12188,%22rpe%22:12192,%22dl%22:12193,%22di%22:12696,%22ds%22:12696,%22de%22:12697,%22dc%22:14376,%22l%22:14376,%22le%22:14422%7D,%22navigation%22:%7B%7D%7D&fp=12700&fcp=12700&jsonp=NREUM.setToken
Requested by: Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.85.3 , Ireland, ASN206998 (NEW-2, IE),
Reverse DNS
Software: cloudflare /
Resource Hash: f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Date: Fri, 21 Jul 2023 15:53:41 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
cross-origin-resource-policy: cross-origin
Connection: keep-alive
CF-Ray: 7ea49e429efb34d7-DUB

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E9BA 13 KB
5 KB 20ms
19ms Document
text/html 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2001 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.infosecurity-magazine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 28409
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 21 Jul 2023 08:00:12 GMT
expires: Sat, 20 Jul 2024 08:00:12 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame ACC6 783 B
953 B 45ms
44ms Document
text/html 2607:f8b0:4006:823::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: www.infosecurity-magazine.com
URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2004 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5c0503002a6be60b49c9bdf56e7c731f5d31b8a957b0e8b04ecc07f79fc2211b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-U5Dbm5CiA62jBB8TcrF5_g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.infosecurity-magazine.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-U5Dbm5CiA62jBB8TcrF5_g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 21 Jul 2023 15:53:41 GMT
expires: Fri, 21 Jul 2023 15:53:41 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 jSb6HqOEQjzv91X74bVaduN6Su8C1pNfo89i8sAbrkg.js Show response
pagead2.googlesyndication.com/bg/ Frame E9BA 37 KB
14 KB 20ms
20ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/jSb6HqOEQjzv91X74bVaduN6Su8C1pNfo89i8sAbrkg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d26fa1ea384423ceff755fbe1b55a76e37a4aef02d6935fa3cf62f2c01bae48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 19:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 246264
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14598
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 17 Jul 2024 19:29:17 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame ACC6 0
0 40ms
40ms Image
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202307170101&jk=29451900080027&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:821::2002 Stony Point, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame E9BA 0
10 B 20ms
19ms Image
text/plain 2607:f8b0:4006:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ousQhA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:816::2001 Stony Point, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 15:53:41 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9804 42 B
64 B 41ms
41ms Fetch
image/gif 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu2SSm9-UTKrNIccBiXYRd42ZwFL_nghRNFUxWiGZv5N_EUZW8M2Jged8jSRZeW6AU84igz9hl_p3tWW8_t1WkrKCxkbRM8bbbkUaqI4lS8ZbL74dGs&sig=Cg0ArKJSzMy53gTsPaQbEAE&id=lidar2&mcvt=1000&p=8,436,98,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=4255692466&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689954819641&rpt=875&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9804 42 B
64 B 41ms
41ms Fetch
image/gif 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv7QpGoi8PoA2Xsxvy-Z59Qa7St-WsZRPj1tffgnzGyuTYKhdzaSI4SVscTBH1ogfaKLcM_GibdCmUktW8r9VMF-yMARzFP4kw&sig=Cg0ArKJSzLGCX69yuQSzEAE&id=lidar2&mcvt=1004&p=0,0,90,728&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20230719&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=3756773004&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689954819641&rpt=882&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Stony Point, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jul 2023 15:53:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 44ms
43ms Image
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202307170101&jk=29451900080027&bg=!aWqlaj7NAAZsPphkTD47ADkAdvg8WuFugfkSvKjKSf-ECHkyHNNwpVSGEITZMSrEJnomU5bZ1YSP95y8uqtIlI4KJz9r8lmT4usCAAAAm1IAAAATaAEHmQLtYIVDtLeiGGsTmpisN4GvSB_beEvxIHwEk79YfKootrRoaCoEPuEwPqNohrqFSmHCndUH8f1fRLKQbsB2AZAJmwXX-UwmfYAFaQom0NrwFChMkaiMCU2fZuwAPcr0dq-AbbCOmR1_GEXIhKZgheIUhVbACZvR_UQdHG0xEGTK5KqjyMaJ5bbScl_u_oLJnTd1zrx38ttSTFIERC6ckOV51h6mo5c6BRPdrBcPzfvD2sjqPx8MCVKLcdYVz4PR6My27TEDOrJasO0RBApKHZX9eDMXsuG-GClA4mO3eLstQh_qZ8e_F3aPwLWyKaayRsNNAhrs2RcD8Io3sWXAlO_iZzu-eG9j5yu9-HBUx9sppDsMbY86oaL5lu8e215vNEVnk8rsoFx34xqWI5DmwEO5zMqGiki9GYb-0QaQRIC0eQYKrD4I0ctwv8GJPay92KylAiySXpyrVg135OXcETkNMVZvrJQsHScA6_j66pLdHONk46sATK8OqeI3CiCzarRA0SHuDP-Dv0yBDBgvHNKHtK9vmFYdhxmNJIdaOHBBlgXqTFZTSXG6o3wFnu_yblSX-95Y5ntM5fYbWDrdWFDVKCnNxReWZ00mAKvltEs4CJdIaNsaKLvor-MQ8SY-eWhvAVj1jeNJWW3NRCJ_-yqXZgkTQXk_YafQBwA2BIANLR46BE51XXIAjtihL1fu4s2H-GFkzmvGF0xEEKZW3ZC0rqjaKivXLkaO7qrTjVEPH0nkLZmwVLLnSwDtrbQSqXKq3CzH1_XpPeDmJEMkZT0wfRYwBg2AQ0huUKDsRRYG93ynSBvCsooSk23tLtPNRiWIP5fuQQwOlQSPzHqpXk7WpgKmic7vIvRVowtY7m7YfpCME4B1yH0yWZYKbwSlFqE-jQIMx4t061yOf2PUNoFQ5aTngLSAwxF6G60TPS6WpiHjTIvUxwJNTZbdCIOUG3MBx1M79yBy1fppPZ8rETQv0ethCtZJw6-eEtr-FgA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:821::2002 Stony Point, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.infosecurity-magazine.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.infosecurity-magazine.com/news/redeyes-group-targets-individuals	1969-12-31 23:59:59	Name: ISM.ScreenSize Value: 1600
.infosecurity-magazine.com/	1970-01-20 13:27:21	Name: _gid Value: GA1.2.80908015.1689954819
.infosecurity-magazine.com/	1970-01-20 22:47:30	Name: __gads Value: ID=c69fb9bb3ee91de9:T=1689954819:RT=1689954819:S=ALNI_MY2UOS5moObIMXH09XDzrtonOLoiQ
.infosecurity-magazine.com/	1970-01-20 22:47:30	Name: __gpi Value: UID=00000cfff12c38f8:T=1689954819:RT=1689954819:S=ALNI_MbdyPwgK3Aa50naIrAQZE-30VnDJA
.doubleclick.net/	1970-01-20 23:01:54	Name: IDE Value: AHWqTUnt8CVFEJLhjlgV6i9ElcrtZUMVTIH-7JkbOuvC7-beOMOvTLV-6a8aX3vXrtI
.ml314.com/	1970-01-20 22:12:57	Name: pi Value: 3637243632966697019
.ml314.com/	1970-01-20 13:46:04	Name: tp Value: 4%3b7%2f21%2f2023+11%3a53%3a39+AM%3b0
.infosecurity-magazine.com/	1970-01-20 23:01:54	Name: _ga_8VSXE5KKGM Value: GS1.1.1689954819.1.0.1689954819.60.0.0
.infosecurity-magazine.com/	1970-01-20 23:01:54	Name: _ga Value: GA1.1.1042752502.1689954819
.adsrvr.org/	1970-01-20 22:12:57	Name: TDID Value: 4b91b962-f38e-4965-b9e0-81f7aa61df25
.twitter.com/	1970-01-20 23:01:54	Name: personalization_id Value: "v1_9PG+uB1v4ywgMiQXRGB2Pg=="
.demdex.net/	1970-01-20 17:45:06	Name: demdex Value: 16902824719784534243677735492002518145
.t.co/	1970-01-20 23:01:54	Name: muc_ads Value: 93da135c-ba79-42b8-bcd3-34bad5681c90
.adsrvr.org/	1970-01-20 22:12:57	Name: TDCPM Value: CAESFgoHZDB0cm8xahILCJz_nfWVg4U8EAUYBSABKAIyCwjuk7ahrIOFPBAFOAE.
.infosecurity-magazine.com/	1970-01-20 15:35:30	Name: _fbp Value: fb.1.1689954820027.1633210531
.rlcdn.com/	1970-01-20 22:11:30	Name: rlas3 Value: Ajfhkime9WfHF2QPQMnDX1hpcyIvwQTLjmX6WIlLYEI=
.rlcdn.com/	1970-01-20 14:52:18	Name: pxrc Value: CITU6qUGEgUI6AcQABIFCNtOEAA=
.crwdcntrl.net/	1970-01-20 19:54:39	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-20 19:54:39	Name: _cc_id Value: bd870631057b36b20d7a306355c8706
.dpm.demdex.net/	1970-01-20 17:45:06	Name: dpm Value: 16902824719784534243677735492002518145
.ml314.com/	1970-01-20 13:25:54	Name: u Value: aHR0cHM6Ly93d3cuaW5mb3NlY3VyaXR5LW1hZ2F6aW5lLmNvbS8=
.eyeota.net/	1970-01-20 22:12:57	Name: mako_uid Value: 18979281fe7-6c910000010a5b68
.eyeota.net/	1970-01-20 13:25:55	Name: SERVERID Value: 23400~DM
.doubleclick.net/	1970-01-20 17:45:06	Name: APC Value: Aa3gxNpJLR2EkJAJsINNE8PBiu4QAPSw2q1nbQPZU86RBLUlF36ivQ
.infosecurity-magazine.com/	1970-01-20 15:35:30	Name: _gcl_au Value: 1.1.400285659.1689954820
.infosecurity-magazine.com/	1970-01-20 22:11:30	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Fri+Jul+21+2023+15%3A53%3A41+GMT%2B0000+(GMT)&version=202302.1.0&isIABGlobal=false&hosts=&consentId=98cfc923-2ef5-4fb2-ae52-d039decfba76&interactionCount=0&landingPath=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fnews%2Fredeyes-group-targets-individuals%2F&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0%2C6%3A0
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 82511f60da4be581

22 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'document-domain'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'encrypted-media:'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'layout-animations'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'legacy-image-formats'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'navigation-override'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'oversized-images'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'speaker-selection'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: accelerometer, autoplay, camera, display-capture, fullscreen, geolocation, magnetometer, microphone, midi, payment, picture-in-picture, publickey-credentials-get, sync-xhr, usb, xr-spatial-tracking. Values defined in Permissions-Policy header will be used.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v96.js(Line 77) Message: Unrecognized feature: 'attribution-reporting'.
javascript	warning	URL: https://www.infosecurity-magazine.com/news/redeyes-group-targets-individuals/ Message: The resource https://www.infosecurity-magazine.com/_common/css/23062601/base.css?v=23062601 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

02ffdf0e3d3ef129c6fe8a11eabaee59.safeframe.googlesyndication.com
ad.doubleclick.net
analytics.google.com
analytics.twitter.com
assets.infosecurity-magazine.com
bam.eu01.nr-data.net
cdn.cookielaw.org
cdn.jsdelivr.net
connect.facebook.net
dpm.demdex.net
geolocation.onetrust.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
idsync.rlcdn.com
in.ml314.com
js-agent.newrelic.com
match.adsrvr.org
ml314.com
p.typekit.net
pagead2.googlesyndication.com
ps.eyeota.net
s0.2mdn.net
securepubads.g.doubleclick.net
static.ads-twitter.com
stats.g.doubleclick.net
sync.crwdcntrl.net
t.co
tpc.googlesyndication.com
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.infosecurity-magazine.com
104.244.42.3
104.244.42.5
13.225.223.98
142.250.65.166
142.250.65.194
146.75.36.157
151.101.2.137
185.221.85.3
2600:1400:9000::687e:74b2
2600:141b:13::17d7:8268
2606:4700::6812:1d26
2606:4700::6812:aa72
2607:f8b0:4004:c08::9c
2607:f8b0:4006:807::200e
2607:f8b0:4006:809::2001
2607:f8b0:4006:809::200e
2607:f8b0:4006:80d::2003
2607:f8b0:4006:80e::2002
2607:f8b0:4006:816::2001
2607:f8b0:4006:816::2002
2607:f8b0:4006:817::2006
2607:f8b0:4006:81c::2002
2607:f8b0:4006:81f::2008
2607:f8b0:4006:821::2002
2607:f8b0:4006:823::2004
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
2a04:4e42:200::485
34.111.234.236
35.169.197.194
35.190.60.146
35.71.131.137
44.205.30.65
52.55.144.0
54.197.170.208
00e70321427a6db08053549dc7efd05e3371b4aaa3db383284295b0da386f950
049d2a877b140620469a54ebe23fcc71fd869d7bd030d221f51025ec0d3e669c
051ad4275e260af35441788ba01b0bf78498cda465caf8891198ebb831e81d9c
06d05e25d5735fd4968f4db173509082b3c907133c6178b914fdd44bb4dbf50d
07ac84596d158248a60c2f747f609a508e6e2f1980a23f0608caee79a30291b7
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0f8b805bc586ed61e2124b73fb8ea7951bb654063a39165c9cca36deb13157a9
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1779a49bc11620c55dd5424776fa1e5c44b5cdb705163555ef05afc54e9cde89
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
23f95a90d6e6ba09a92bd4eae99823b0a6b0137a9abe10e3c050c062fb15efe4
279b6c8b97bfb37476d6d075d1431d85a380ca36ebe6af4146844cfb135c21d6
28e7cac60da4aecc140c35138ca8dc18a6e029d09b325f351f5a9cc8c9743918
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3c17d51edb43efcbf42eacd86a144604080cd0f4f7d12aa5ca1404b0dc382804
3c476ce45fb2a5d95295fb703db3bc77254d01679c3ca1ce11a00aaa588e841a
3c4f86e9ccc5e942b4003bd9fed721d599fdeb7bcc1a2db63a95cba24de5f828
3dc0f37d182281a92426ac1d983047ccdd758ea55afb320fdb79d4032c8bef38
3f433c95727f57c2f7bfa7755a973d32e81b0ba666ab3567f137cb67ec776c2e
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47c0b9f9639ba0e21e49ae91055cf72d84be6e17b2c9b1c1356925a716dd0640
4ca1e0e518aaf5d78abd4fc78268ac642cb679dbb56a905d2c57a296566a0bba
4e916eb59cd64cce6fc41e3355180f0284ae0edc2602686431e90f2e7f082652
4f5cf4640a6724d20056eb82372199d701f87901783f98c749e0b60f62e8d255
4f8059cfd6739160b9073e937833a58c728a9791b380f27fcf2d047d76951155
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53fc4495c7705b2373e2b73ec881c82dffb40cfbd744d8e5bd8ba7f5a018575b
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5c0503002a6be60b49c9bdf56e7c731f5d31b8a957b0e8b04ecc07f79fc2211b
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
60a3a7f932316a94621e08b843050b7fa26b89d8ca8a5d99a2e8fb492ead42d6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
778f93243401b2fd6663834b51f4d3f32012d6ee11f40f6169af721331bd1682
80216a6fe9274fb9a14b22abf7fc618ca8496fb857eeb0dd3d5144c2e537744e
843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f
8d26fa1ea384423ceff755fbe1b55a76e37a4aef02d6935fa3cf62f2c01bae48
8fd8835269fa6db5ead59e4bf8338fcdb2e3b0fb63292e7c929ec811ee253c98
92b8f658f04b2a33f95e91a16ef52e0d7873e147db061dc68fc4faa55cde9856
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
a45a4393f8b7ac978e32ac46f58dad43eb83811a4b3d9f7b79cac1f864edd662
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4c9d53f85eeb6c9253768880a616b5b723efe6bc4d18518423dbde663697dbf
b836876c6014c346a749c23f680845562679daf29c640c99a3d92797a6244b4d
bad0b8e8b83e58f5450f0149fbcfd67a669d12d70a4153bed242b17eef209eef
bb20d24b99fd1eae4fd77c1e833ce0a4536189961ceb1114fd272ca31e8ebd82
bd507194758b4aad5fb90c362f904fcb1b03a00a76a57e9fd11a414a601a5115
be163e2134074109283b01c8babdb64daf4601766efde31f5e2c04e60984e1f7
cef181b89850405f733232c050e35b633a648eacee98005f2663b481ac3b0db4
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d0e4a6372d6fb5ffe9505dbe9e94aee8f1b9b96ec8e5e20684cce8b4c5a88fa7
d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838
d83d76d2d7492933bdccbde3b894926b7a998ec6856d9f25b2614994e465f542
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e237cfb5b51efd58bf08a6d1cf3f4e49c2ce2e595ef16c2060aa6cb4d966fb3a
e3205ddc3fac65fef3e2e4a284516d800068181f15a1fcf92131c906e71d5c49
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6adda2557ae402f3052c30b47fbe9e71a96c1c8ff9210688f1fa32d57f5a517
e70be2849f7e7f7f27dc4eb168538ef25474e4799e1a4a4d9aee01f57f4c5a3f
ecde3c0d9f4721fd5bc3989d1e6103966b836786849f65ead031a1c758687ef0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f247341fb469b888a762cfe66b04e7c1397d1c25744988c8e509a0832479bf57
f7fbb92e03e044b3065bcf2c8e6ee284b8b8c0625c7ce7f33785bdda23a46606
f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d
f9969b1560ba54990dfc6ef80a4cce1a430b51d056fd892e3d3414e5c9a9e261

www.infosecurity-magazine.com Open in urlscan Pro 13.225.223.98 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

96 Requests

95 %HTTPS

57 %IPv6

26 Domains

36 Subdomains

33 IPs

2 Countries

6854 kBTransfer

9500 kBSize

27 Cookies

16 Outgoing links

Redirected requests

96 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.infosecurity-magazine.com Open in urlscan Pro
13.225.223.98 Public Scan

Screenshot
Live screenshot

Full Image

96
Requests

95 %
HTTPS

57 %
IPv6

26
Domains

36
Subdomains

33
IPs

2
Countries

6854 kB
Transfer

9500 kB
Size

27
Cookies

96 HTTP transactions
3 data transactions