threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Submission: On May 11 via api (May 11th 2020, 9:18:54 pm UTC) from US

Summary HTTP 227 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 52 IPs in 10 countries across 42 domains to perform 227 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com.
TLS certificate: Issued by Thawte EV RSA CA 2018 on June 17th 2019. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
9	13.225.87.36 13.225.87.36	16509 (AMAZON-02) (AMAZON-02)
5	2606:4700:303... 2606:4700:3035::6812:2130	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
8	2600:9000:215... 2600:9000:2156:b800:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
11	2600:9000:201... 2600:9000:2016:3600:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 10	2a00:1450:400... 2a00:1450:4001:81e::2004	15169 (GOOGLE) (GOOGLE)
24	194.146.38.23 194.146.38.23	41436 (CLOUDWEBM...) (CLOUDWEBMANAGE-EU)
8	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81f::2002	15169 (GOOGLE) (GOOGLE)
4	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
10 15	2606:2800:233... 2606:2800:233:97b6:26be:138a:cba8:bb01	15133 (EDGECAST) (EDGECAST)
4	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
1 5	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE)
1	134.209.131.220 134.209.131.220	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT)
3	23.210.249.164 23.210.249.164	16625 (AKAMAI-AS) (AKAMAI-AS)
1	72.251.249.13 72.251.249.13	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:825::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:820::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE)
1	91.228.74.149 91.228.74.149	27281 (QUANTCAST) (QUANTCAST)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1 1	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
2	143.204.90.242 143.204.90.242	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:20e... 2600:9000:20eb:1200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE)
4	23.210.249.92 23.210.249.92	16625 (AKAMAI-AS) (AKAMAI-AS)
20	185.167.98.14 185.167.98.14	41436 (CLOUDWEBM...) (CLOUDWEBMANAGE-EU)
1 2	35.157.89.106 35.157.89.106	16509 (AMAZON-02) (AMAZON-02)
1 1	138.201.34.178 138.201.34.178	24940 (HETZNER-AS) (HETZNER-AS)
14	2a00:1450:400... 2a00:1450:4001:81a::2001	15169 (GOOGLE) (GOOGLE)
3	3.120.54.253 3.120.54.253	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	199.232.53.140 199.232.53.140	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1 2	91.228.74.170 91.228.74.170	27281 (QUANTCAST) (QUANTCAST)
4	52.57.231.210 52.57.231.210	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:81b::2001	15169 (GOOGLE) (GOOGLE)
2	185.94.180.124 185.94.180.124	35220 (SPOTX-AMS) (SPOTX-AMS)
2	185.86.138.79 185.86.138.79	201081 (SMARTADSE...) (SMARTADSERVER)
2	23.8.15.54 23.8.15.54	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	151.101.13.108 151.101.13.108	54113 (FASTLY) (FASTLY)
1 2	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
2 3	52.18.161.147 52.18.161.147	16509 (AMAZON-02) (AMAZON-02)
5 5	52.28.46.116 52.28.46.116	16509 (AMAZON-02) (AMAZON-02)
1 5	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1 1	216.58.210.2 216.58.210.2	15169 (GOOGLE) (GOOGLE)
1 1	134.209.129.254 134.209.129.254	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	205.185.216.42 205.185.216.42	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1370	41041 (VCLK-EU-) (VCLK-EU-)
227	52

18 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 13.225.87.36 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-36.fra2.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3035::6812:2130 (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:2156:b800:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:2016:3600:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:81e::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 194.146.38.23 (None, )

ASN41436 (CLOUDWEBMANAGE-EU, GB)

live.sekindo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:2800:233:97b6:26be:138a:cba8:bb01 (United States) 10 redirects

ASN15133 (EDGECAST, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.172.36 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com

teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.209.131.220 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.210.249.164 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-164.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.249.13 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.149 (United Kingdom)

ASN27281 (QUANTCAST, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.90.242 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-90-242.fra50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:1200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.210.249.92 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-92.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 185.167.98.14 (Amsterdam, Netherlands)

ASN41436 (CLOUDWEBMANAGE-EU, GB)

video.sekindo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.157.89.106 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-89-106.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.34.178 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.178.34.201.138.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:81a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.120.54.253 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-54-253.eu-central-1.compute.amazonaws.com

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.53.140 (Manchester, United Kingdom)

ASN54113 (FASTLY, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.228.74.170 (United Kingdom) 1 redirects

ASN27281 (QUANTCAST, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.57.231.210 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-231-210.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:81b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.124 (Netherlands)

ASN35220 (SPOTX-AMS, NL)

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.138.79 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.8.15.54 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-8-15-54.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.18.161.147 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-161-147.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.28.46.116 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-46-116.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.156.0.31 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.210.2 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s07-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.209.129.254 (North Bergen, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

sync.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

serverbid-sync.nyc3.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1370 (Sweden)

ASN41041 (VCLK-EU-, SE)

aol-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	sekindo.com live.sekindo.com video.sekindo.com	3 MB
36	threatpost.com threatpost.com assets.threatpost.com media.threatpost.com	1 MB
23	advertising.com 15 redirects adserver-us.adtech.advertising.com ads.adaptv.advertising.com pixel.advertising.com	10 KB
22	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	291 KB
11	google.com 2 redirects www.google.com adservice.google.com	3 KB
10	ampproject.org cdn.ampproject.org	314 KB
10	rubiconproject.com fastlane.rubiconproject.com prebid-server.rubiconproject.com eus.rubiconproject.com	8 KB
10	doubleclick.net 2 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	125 KB
9	adlightning.com tagan.adlightning.com	228 KB
8	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	292 B
7	yahoo.com 2 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	6 KB
6	adnxs.com ib.adnxs.com acdn.adnxs.com	3 KB
5	openx.net 1 redirects teachingaids-d.openx.net eu-u.openx.net u.openx.net	1 KB
5	admetricspro.com qd.admetricspro.com	163 KB
4	googletagservices.com www.googletagservices.com	97 KB
3	adsrvr.org 2 redirects match.adsrvr.org	1 KB
3	quantserve.com 1 redirects secure.quantserve.com pixel.quantserve.com	9 KB
3	gstatic.com www.gstatic.com fonts.gstatic.com	252 KB
3	casalemedia.com as-sec.casalemedia.com	3 KB
3	google.de adservice.google.de www.google.de	2 KB
2	smartadserver.com prg.smartadserver.com	2 KB
2	spotxchange.com search.spotxchange.com	2 KB
2	bidswitch.net 1 redirects x.bidswitch.net	916 B
2	googleapis.com fonts.googleapis.com	2 KB
2	amazon-adsystem.com c.amazon-adsystem.com	29 KB
2	google-analytics.com 1 redirects www.google-analytics.com	19 KB
2	serverbid.com 1 redirects e.serverbid.com sync.serverbid.com	748 B
1	dotomi.com aol-match.dotomi.com	104 B
1	digitaloceanspaces.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	reddit.com www.reddit.com	3 KB
1	linkedin.com www.linkedin.com
1	facebook.com graph.facebook.com	458 B
1	twitter.com analytics.twitter.com	651 B
1	loopme.me 1 redirects csync.loopme.me	224 B
1	quantcount.com rules.quantcount.com	356 B
1	t.co t.co	448 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	youtube.com www.youtube.com
1	googletagmanager.com www.googletagmanager.com	35 KB
1	lijit.com ap.lijit.com	702 B
1	kasperskycontenthub.com kasperskycontenthub.com	398 B
0	adap.tv Failed sync.adap.tv Failed
227	42

	Domain	Requested by
24	live.sekindo.com	threatpost.com live.sekindo.com
20	video.sekindo.com	threatpost.com live.sekindo.com
17	threatpost.com	threatpost.com securepubads.g.doubleclick.net
15	adserver-us.adtech.advertising.com	10 redirects threatpost.com
14	tpc.googlesyndication.com	tagan.adlightning.com threatpost.com cdn.ampproject.org
11	media.threatpost.com	threatpost.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net threatpost.com
10	www.google.com	2 redirects threatpost.com tagan.adlightning.com
9	tagan.adlightning.com	threatpost.com tagan.adlightning.com
8	pagead2.googlesyndication.com	tagan.adlightning.com threatpost.com pagead2.googlesyndication.com securepubads.g.doubleclick.net
8	assets.threatpost.com	threatpost.com
5	ups.analytics.yahoo.com	1 redirects threatpost.com
5	pixel.advertising.com	5 redirects
5	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net threatpost.com
5	qd.admetricspro.com	threatpost.com
4	prebid-server.rubiconproject.com	live.sekindo.com
4	ads.pubmatic.com	live.sekindo.com qd.admetricspro.com
4	fastlane.rubiconproject.com	qd.admetricspro.com
4	ib.adnxs.com	qd.admetricspro.com live.sekindo.com
4	hbopenbid.pubmatic.com	qd.admetricspro.com live.sekindo.com
4	www.googletagservices.com	threatpost.com tagan.adlightning.com securepubads.g.doubleclick.net
3	match.adsrvr.org	2 redirects threatpost.com
3	googleads.g.doubleclick.net	tagan.adlightning.com threatpost.com
3	ads.adaptv.advertising.com	live.sekindo.com
3	as-sec.casalemedia.com	qd.admetricspro.com live.sekindo.com
2	u.openx.net	1 redirects live.sekindo.com
2	pr-bh.ybp.yahoo.com	1 redirects threatpost.com
2	acdn.adnxs.com	live.sekindo.com qd.admetricspro.com
2	eus.rubiconproject.com	live.sekindo.com qd.admetricspro.com
2	prg.smartadserver.com	live.sekindo.com
2	search.spotxchange.com	live.sekindo.com
2	pixel.quantserve.com	1 redirects threatpost.com
2	x.bidswitch.net	1 redirects threatpost.com
2	fonts.googleapis.com	live.sekindo.com
2	c.amazon-adsystem.com	live.sekindo.com c.amazon-adsystem.com
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	www.gstatic.com	www.google.com
2	teachingaids-d.openx.net	qd.admetricspro.com live.sekindo.com
2	adservice.google.de	tagan.adlightning.com
1	aol-match.dotomi.com	threatpost.com
1	serverbid-sync.nyc3.cdn.digitaloceanspaces.com	qd.admetricspro.com
1	sync.serverbid.com	1 redirects
1	eu-u.openx.net	qd.admetricspro.com
1	cm.g.doubleclick.net	1 redirects
1	adservice.google.com	tagan.adlightning.com
1	fonts.gstatic.com	threatpost.com
1	www.reddit.com	threatpost.com
1	www.linkedin.com	threatpost.com
1	graph.facebook.com	threatpost.com
1	analytics.twitter.com	tagan.adlightning.com
1	csync.loopme.me	1 redirects
1	rules.quantcount.com	secure.quantserve.com
1	t.co	threatpost.com
1	www.google.de	threatpost.com
1	stats.g.doubleclick.net	1 redirects
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.youtube.com	threatpost.com
1	www.googletagmanager.com	threatpost.com
1	ap.lijit.com	qd.admetricspro.com
1	e.serverbid.com	qd.admetricspro.com
1	kasperskycontenthub.com	threatpost.com
0	sync.adap.tv Failed	threatpost.com
227	63

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
thunderspy.io
blogs.intel.com
register.gotowebinar.com
akismet.com
t.co
indd.adobe.com
spotlight.threatpost.com

Subject Issuer	Validity	Valid
threatpost.com Thawte EV RSA CA 2018	`2019-06-17` - `2020-06-17`	a year	crt.sh
*.adlightning.com Amazon	`2019-08-19` - `2020-09-19`	a year	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-02-04` - `2020-10-09`	8 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
assets.threatpost.com Amazon	`2020-03-04` - `2021-04-04`	a year	crt.sh
kasperskycontenthub.com Thawte RSA CA 2018	`2019-06-14` - `2020-06-13`	a year	crt.sh
media.threatpost.com Amazon	`2020-03-04` - `2021-04-04`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
www.sekindo.com Go Daddy Secure Certificate Authority - G2	`2019-05-23` - `2020-06-18`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.adtech.advertising.com DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
e.serverbid.com Let's Encrypt Authority X3	`2020-03-24` - `2020-06-22`	3 months	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
www.google.de GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2019-10-07` - `2020-09-29`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-03-01` - `2020-08-28`	6 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-04-15` - `2020-07-14`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2020-04-10` - `2020-10-10`	6 months	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2020-04-06` - `2020-10-03`	6 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.spotxchange.com GeoTrust RSA CA 2018	`2019-03-18` - `2021-03-17`	2 years	crt.sh
*.smartadserver.com DigiCert Global CA G2	`2020-02-03` - `2022-02-03`	2 years	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2020-04-13` - `2021-04-14`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-01-04` - `2020-07-02`	6 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-02-13` - `2020-08-11`	6 months	crt.sh
*.nyc3.cdn.digitaloceanspaces.com DigiCert SHA2 Secure Server CA	`2020-03-11` - `2021-04-14`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh

This page contains 28 frames:

Primary Page: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Frame ID: CC18732F6F48FE42D9C2FBCC1B272F9B
Requests: 93 HTTP requests in this frame

Frame: https://www.youtube.com/embed/7uvSZA1F9os?feature=oembed
Frame ID: 9C77264CA1C68201C2E35B82ED5253A7
Requests: 1 HTTP requests in this frame

Frame: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1589231903&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Frame ID: C38E59F687592E8FDBEBE1F384665BB6
Requests: 48 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: F443DF1FB3282F7219E0693E441DF9AE
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: 0677BDEFDFF10CAF0E3DEA82CACDEF1B
Requests: 22 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Frame ID: 7147BDC7C9848A4941405AA6157463B2
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&theme=standard&size=normal&cb=1uxseks8t7f9
Frame ID: 11AAC6658BC1A5AEB09FF4A9937A350C
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-2a28c82-67ba8475.js
Frame ID: B7748103292A4AB80BA3D2858AE0082C
Requests: 14 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&theme=light&size=normal&cb=3827etob3z1p
Frame ID: 8FC33D6FD4C419CA678E9CA7FCEA4736
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 295DE3B270B86519576C9691629E8CD7
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-2a28c82-67ba8475.js
Frame ID: DE9C89B68E298F3AB81A4D0FEE1D43CA
Requests: 18 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-2a28c82-67ba8475.js
Frame ID: D49E524845395D3711683B83803E3349
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/zrt_lookup.html
Frame ID: DA6FA9B4444A9317868F064C6643F30A
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=v5f28unfiqtu
Frame ID: 53996BF6CAB2DC442B846CA3FAE30D98
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=2m83vs3bfqjd
Frame ID: 01CC99B44CB63E8644C1EFA1D039551E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7500593236707325&output=html&h=250&slotname=7047286166&adk=3026389540&adf=3173046726&w=970&psa=0&guci=1.2.0.0.2.2.0.0&format=970x250&url=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&ea=0&flash=0&wgl=1&dt=1589231905588&bpp=23&bdt=709&idt=373&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1647710577881&frm=23&ife=4&pv=2&ga_vid=1122339299.1589231904&ga_sid=1589231906&ga_hid=331718083&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=308&ady=10&biw=1585&bih=1200&isw=970&ish=250&ifk=845997885&scr_x=0&scr_y=0&eid=21065925%2C21066085&oid=3&pvsid=1000347430724622&pem=707&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.lll8ck5w95bt&fsb=1&dtd=392
Frame ID: B8DFD5CCE8616F140DE7DEC7C3503FB3
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Frame ID: 0799DA28431C6FEAEF6C5094F5AD5098
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: FB0D297124A8691382023551FE48B441
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 13EFB78EE58A4CB54D8585297197F2FE
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: A0CB89461EF7058EC6591B704F8E3635
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 8EFC2C9244DBFAF647268C041E001960
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
Frame ID: C50AAACA4C9AAEDD4916DD977EDC7AB8
Requests: 1 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: 8B1B4B1C1310A81D62B47EB4D813582C
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 9F202F346EA2DF7549DA95F745CAA5A2
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 9931F71359C22C4D7974921B1D1D8BD4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 01A200C139383337180456ECA16ADA7E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: E41535FB3410FB07175A94A3FBD38018
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=
Frame ID: 20C09A63B582F61D0E321765823A42F9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /\/prebid\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Page Statistics

227
Requests

99 %
HTTPS

39 %
IPv6

42
Domains

63
Subdomains

52
IPs

10
Countries

5959 kB
Transfer

10105 kB
Size

0
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://thunderspy.io/
Title: in a Sunday post

Search URL Search Domain Scan URL

URL: https://blogs.intel.com/technology/2020/05/more-information-on-thunderspy/#gs.5r8k14
Title: blog post

Search URL Search Domain Scan URL

URL: https://register.gotowebinar.com/register/5064791868226032141?source=ART
Title: On May 13 at 2 p.m. ET

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23Oracle
Title: #Oracle

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23security
Title: #security

Search URL Search Domain Scan URL

URL: https://t.co/XQviDDb7ux
Title: https://t.co/XQviDDb7ux

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost
Title: Follow @threatpost

Search URL Search Domain Scan URL

URL: https://indd.adobe.com/view/01579c19-a6ca-4cb0-8106-ed4d5d02a292
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://spotlight.threatpost.com/
Title: HackerOne Spotlight

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=4567df5d210e998;misc=1589231903727; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4567df5d210e998;misc=1589231903727 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1Af289489e-93cc-11ea-bf20-121160e138ec;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4567df5d210e998;misc=1589231903727

Request Chain 37

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=46a2033b77cccb2;misc=1589231903727; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1589231902;v=2;cmd=bid;cors=yes;alias=46a2033b77cccb2;misc=1589231903727 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1Af2891018-93cc-11ea-97d1-1245d65848a4;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=46a2033b77cccb2;misc=1589231903727

Request Chain 38

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=4799472eb936545;misc=1589231903727; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4799472eb936545;misc=1589231903727 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4799472eb936545;misc=1589231903727

Request Chain 39

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=487d5f308c36718;misc=1589231903727; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=487d5f308c36718;misc=1589231903727 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1Af289122a-93cc-11ea-bcc4-124a081e334a;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=487d5f308c36718;misc=1589231903727

Request Chain 40

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=4944235140767ac;misc=1589231903727; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4944235140767ac;misc=1589231903727 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1Af2891de2-93cc-11ea-bac8-128b912572ea;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4944235140767ac;misc=1589231903727

Request Chain 76

https://www.google-analytics.com/r/collect?v=1&_v=j82&aip=1&a=800095118&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&ul=en-us&de=UTF-8&dt=Millions%20of%20Thunderbolt-Equipped%20Devices%20Open%20to%20%27ThunderSpy%27%20Attack%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAEAB~&jid=1671576784&gjid=504743844&cid=1122339299.1589231904&tid=UA-35676203-21&_gid=708783439.1589231904&_r=1&gtm=2wg4t0PM29HLF&z=1913209453 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-35676203-21&cid=1122339299.1589231904&jid=1671576784&_gid=708783439.1589231904&gjid=504743844&_v=j82&z=1913209453 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1122339299.1589231904&jid=1671576784&_v=j82&z=1913209453 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1122339299.1589231904&jid=1671576784&_v=j82&z=1913209453&slf_rd=1&random=1892861574

Request Chain 94

https://x.bidswitch.net/sync?ssp=sekindo&user_id=5eb9c11ff0944&custom_data=5eb9c11ff0944&gdpr=1&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5eb9c11ff0944&custom_data=5eb9c11ff0944&gdpr=1&gdpr_consent=

Request Chain 95

https://csync.loopme.me/?redirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D HTTP 307
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=06dc6407-9ae1-409e-982c-1149f647c1a6

Request Chain 177

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XrnBIQAAAGJGpyTo

Request Chain 178

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://pixel.advertising.com/ups/55953/sync?uid=11dfb934-3a89-46aa-9a0d-7772fc83f5c9&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=11dfb934-3a89-46aa-9a0d-7772fc83f5c9 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=11dfb934-3a89-46aa-9a0d-7772fc83f5c9&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=11dfb934-3a89-46aa-9a0d-7772fc83f5c9&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0

Request Chain 179

https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEOCxT8MNdRt9CpAqwCMgblM&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOCxT8MNdRt9CpAqwCMgblM&google_cver=1&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0

Request Chain 180

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 196

https://sync.serverbid.com/ss/2000891.html HTTP 302
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Request Chain 201

https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/adtech/1Af2b675f8-93cc-11ea-a084-12783854d8e0?gdpr=1&gdpr_consent= HTTP 302
https://pixel.advertising.com/ups/56465/sync?uid=y-lLmNnNR1lxmGgxHitk1_L1_A8kjPHylm7v82&_origin=0&nsync=0 HTTP 302
https://ups.analytics.yahoo.com/ups/56465/sync?uid=y-lLmNnNR1lxmGgxHitk1_L1_A8kjPHylm7v82&_origin=0&nsync=0&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0

Request Chain 202

https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=MBZ7kmZCK5ooR3qfPRA0nTwWKckoF3-ZN0cqbUcB HTTP 302
https://ups.analytics.yahoo.com/ups/55965/sync?_origin=0&gdpr=1&uid=MBZ7kmZCK5ooR3qfPRA0nTwWKckoF3-ZN0cqbUcB&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0

Request Chain 227

https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent= HTTP 302
https://u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=

227 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/ 81 KB
21 KB 804ms
252ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e8c57aec62d13d4f21e80d1adae68c2d7b87236ced9abd0cf3b9319004f0a38b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatpost.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server: nginx
Date: Mon, 11 May 2020 21:18:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/?p=155620>; rel=shortlink
X-Frame-Options: SAMEORIGIN
X-Debug-Auth: off
X-Request-Host: threatpost.com
x-cache-hit: HIT
Content-Encoding: gzip

GET
H/1.1 200
OK main.css
threatpost.com/wp-content/themes/threatpost-2018/assets/css/ 236 KB
36 KB 489ms
231ms Stylesheet
text/css 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1588841067
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7d9944f6f4e2d0330ca2a9d758a404fdca5937f4a0ddf939247ca3505f9f0bbc

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:23 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 May 2020 08:44:27 GMT
Server: nginx
ETag: W/"5eb3ca6b-3b1cb"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 18 May 2020 21:18:23 GMT

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 33 KB
12 KB 531ms
418ms Script
application/javascript 13.225.87.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-36.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2f434a5ff30176f3810c20f487df766e3f37a71b9560d0f48994e486e5d0e4ae

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:24 GMT
content-encoding: gzip
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
status: 200
content-length: 12120
x-amz-meta-git_commit: 0d4dfcb
last-modified: Mon, 11 May 2020 17:08:14 GMT
server: AmazonS3
etag: "d4d3a6825340340d11b685fd434c1e89"
x-amz-version-id: PhulWJgFgdlJy2mDiXloA7RwM9zz4eiW
via: 1.1 e5b747ffd1713cb17ddd7d55234a3301.cloudfront.net (CloudFront)
cache-control: max-age=900
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: gkd1OChbNuOYmOCfuCPrXyKxbo0c4kGA5n-lISfCeZYE_AQkivihnQ==

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 18 KB
3 KB 204ms
161ms Script
application/javascript 2606:4700:3035::6812:2130
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6812:2130 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e00db38c7c200422a1b2604eccaee91db1aa7dd5aead5383f62b85cead19068

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 23 Mar 2020 17:20:59 GMT
server: cloudflare
status: 200
etag: W/"4871-5a188dbd16705-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 591eeea0cb1a07ae-FRA
cf-request-id: 02a733787f000007ae8da7d200000001
expires: Mon, 11 May 2020 21:19:00 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 43 KB
15 KB 61ms
39ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d50297c2a63dd7cdb65fc438f2aa1211b75c9c90dae17fdb373d754f17f9dffe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "513 / 168 of 1000 / last-modified: 1589225898"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 14394
x-xss-protection: 0
expires: Mon, 11 May 2020 21:18:22 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 218 KB
61 KB 224ms
181ms Script
application/javascript 2606:4700:3035::6812:2130
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6812:2130 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aaf45a172ec90c76bcecd61c68d998c2256fe9b1700371e80011d1161c5ab629

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 27 Sep 2019 21:07:46 GMT
server: cloudflare
status: 200
etag: W/"367ba-5938f47194c80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 591eeea0cb1f07ae-FRA
cf-request-id: 02a733787f000007ae8da7e200000001
expires: Mon, 11 May 2020 21:23:03 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 275 B
236 B 631ms
588ms Script
application/javascript 2606:4700:3035::6812:2130
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6812:2130 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 08 Feb 2020 20:49:18 GMT
server: cloudflare
status: 200
etag: W/"113-59e16a3cfb471-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 591eeea0cb2307ae-FRA
cf-request-id: 02a7337880000007ae8da7f200000001
expires: Mon, 11 May 2020 21:22:54 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 294 KB
86 KB 220ms
177ms Script
application/javascript 2606:4700:3035::6812:2130
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6812:2130 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f40f7297122393e1425eec62e78a75c3211f7ad3f6b09a356aa317fcedc2cf3

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 26 Feb 2020 03:30:32 GMT
server: cloudflare
status: 200
etag: W/"49929-59f723a0fd39e-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 591eeea0cb2407ae-FRA
cf-request-id: 02a7337880000007ae8da80200000001
expires: Mon, 11 May 2020 21:22:54 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 16 KB
12 KB 545ms
503ms Script
application/javascript 2606:4700:3035::6812:2130
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6812:2130 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bcf391dd0b006a87698ac0894d71039d610480913d24fcdaa1f2fdeeeda943e3

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 24 Nov 2019 00:06:08 GMT
server: cloudflare
status: 200
etag: W/"41f6-5980c69fe949d-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 591eeea0cb2707ae-FRA
cf-request-id: 02a7337880000007ae8da81200000001
expires: Mon, 11 May 2020 21:23:03 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 77 KB
17 KB 679ms
551ms Stylesheet
text/css 2600:9000:2156:b800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=f818c007

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2156:b800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a9ccdefe0a821df80b8292afc4991c8f61a16a5d1b6507bc0409a50d7cd805d1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 16546
x-cache-hit: HIT
last-modified: Thu, 07 May 2020 08:44:26 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: g-o7BW5EOlejhX12UjaqD_WbBraAB4Y-cCqPteZMYyKAKJIF3r4EsQ==
expires: Tue, 12 May 2020 20:29:53 GMT

GET
H/1.1 200
OK jquery.js Show response
threatpost.com/wp-includes/js/jquery/ 95 KB
37 KB 504ms
241ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:23 GMT
Content-Encoding: gzip
Last-Modified: Wed, 18 Dec 2019 22:32:15 GMT
Server: nginx
ETag: W/"5dfaa8ef-17a69"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 18 May 2020 21:18:23 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 175 KB
55 KB 677ms
548ms Script
application/x-javascript 2600:9000:2156:b800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/themes/threatpost-2018/assets/js/main.js,wp-content/themes/threatpost-2018/assets/js/loadmore.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=f818c007

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2156:b800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3dbd06bf1d690a4c0fcbfcd77c26a032558b9f9698bb7261191bfb19656bf8ca

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 55954
x-cache-hit: HIT
last-modified: Thu, 07 May 2020 08:44:27 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: tx7_oTXnkojm6p1rN6nkB-gC9RPhPqdp29fnsAJhXFY7TsijIuMwGg==
expires: Tue, 12 May 2020 20:29:52 GMT

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
398 B 722ms
149ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=1208554064&back=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:23 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: HIT
Transfer-Encoding: chunked
X-Debug-Auth: off
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Request-Host: kasperskycontenthub.com
X-XSS-Protection: 1; mode=block

GET
H2 200 thunderbolt.png
media.threatpost.com/wp-content/uploads/sites/103/2020/05/11111147/ 511 KB
512 KB 67ms
27ms Image
image/png 2600:9000:2016:3600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/05/11111147/thunderbolt.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2016:3600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b5ee9a5b1b80ef8d03d1d67542671dd9fb9cbdd2c4f955dc14eb3417a9dcdd70

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 15:39:11 GMT
via: 1.1 23d92aa442d5ae9ed0313643d8764687.cloudfront.net (CloudFront), 1.1 0e4b604319ca1dc81c333441f110c482.cloudfront.net (CloudFront)
last-modified: Mon, 11 May 2020 15:11:49 GMT
server: AmazonS3
age: 20353
etag: "bf33146af2b987d6eee72a271e554941"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, HAM50-C2
accept-ranges: bytes
content-length: 522887
x-amz-cf-id: UsGEPi5hLj6Wws_hSk8dYtQwnlOxtUw4xS_V2ZcALCWX2BgmIcZ16w==
expires: Tue, 11 May 2021 15:11:47 GMT

GET
H2 200 0.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2018/08/15115541/ 10 KB
11 KB 59ms
20ms Image
image/jpeg 2600:9000:2016:3600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/08/15115541/0.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2016:3600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5b1b3e1dbec0a6b898bf6b8f17caa692c112ba2d215a1300b1c014c75f9f5ad8

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 17 Feb 2020 07:12:59 GMT
via: 1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront), 1.1 0e4b604319ca1dc81c333441f110c482.cloudfront.net (CloudFront)
last-modified: Mon, 20 Aug 2018 15:57:19 GMT
server: AmazonS3
age: 7308325
etag: "756a0525b47f4557fdfec408731afd91"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, HAM50-C2
accept-ranges: bytes
content-length: 10662
x-amz-cf-id: CTSL0fL3nW8bFfnxrEfz9Kdn1Fei8Ry7oSulcgCiQwyokF_FGWhWpA==
expires: Tue, 20 Aug 2019 15:57:18 GMT

GET
H2 200 subscribe2.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/ 8 KB
9 KB 55ms
15ms Image
image/jpeg 2600:9000:2016:3600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2016:3600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 06:22:32 GMT
via: 1.1 7ce1191b390045e05b9cc74f7514b77b.cloudfront.net (CloudFront), 1.1 0e4b604319ca1dc81c333441f110c482.cloudfront.net (CloudFront)
last-modified: Tue, 19 Feb 2019 20:14:58 GMT
server: AmazonS3
age: 7484152
etag: "5ba45563f793f39ef6baf02645651654"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, HAM50-C2
accept-ranges: bytes
content-length: 8281
x-amz-cf-id: E4T1QiOVIGCmCTD2Aiwk7xVt84ElXKtIGyPZQqxExrEJ-hPm9rBlgw==
expires: Wed, 19 Feb 2020 20:14:57 GMT

GET
H2 200 android-device-identifiers-featured-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/05/05101528/ 13 KB
13 KB 81ms
42ms Image
image/jpeg 2600:9000:2016:3600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/05/05101528/android-device-identifiers-featured-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2016:3600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 925f3a8ea4e0a2b1a3335e25eb33be7124cf58a465fcd796f7b2c2d2cfc54759

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 05 May 2020 14:17:17 GMT
via: 1.1 fc7091924e65025d5bfb92361ec3e660.cloudfront.net (CloudFront), 1.1 0e4b604319ca1dc81c333441f110c482.cloudfront.net (CloudFront)
last-modified: Tue, 05 May 2020 14:15:48 GMT
server: AmazonS3
age: 543667
etag: "7e40addc9181cd07bdaade16e6bc53c2"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, HAM50-C2
accept-ranges: bytes
content-length: 13294
x-amz-cf-id: v8m-sJA-FvwnPGz27kSmecdIaAfh-8rluUmwPJC507XV6lYgUFbnKg==
expires: Wed, 05 May 2021 14:15:44 GMT

GET
H2 200 coronavirus-2-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/03/27081539/ 22 KB
22 KB 119ms
80ms Image
image/jpeg 2600:9000:2016:3600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/27081539/coronavirus-2-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2016:3600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1fe46ed988ea7d920f4af5493b3835cbd9799f7ae29c020f3cb25092922671d3

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 31 Mar 2020 10:00:54 GMT
via: 1.1 fabe381dacc990f9c402cdc69b69dd26.cloudfront.net (CloudFront), 1.1 0e4b604319ca1dc81c333441f110c482.cloudfront.net (CloudFront)
last-modified: Fri, 27 Mar 2020 12:15:43 GMT
server: AmazonS3
age: 3583050
etag: "c842dfbeb8451b358a3be301b60db41b"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, HAM50-C2
accept-ranges: bytes
content-length: 22416
x-amz-cf-id: bDdwKqIufdUpb9A04T-Us6LAzzS3DgELCepK0W-V8_FI14N6-Refww==
expires: Sat, 27 Mar 2021 12:15:42 GMT

GET
H2 200 iphone.min_-1-540x270.png
media.threatpost.com/wp-content/uploads/sites/103/2018/07/13132850/ 220 KB
221 KB 114ms
75ms Image
image/png 2600:9000:2016:3600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/07/13132850/iphone.min_-1-540x270.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2016:3600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27477adf0a390602dfc6d000081ae3f8f21a42ec7e0a78c27261abb5ace9fb28

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 17 Feb 2020 11:43:07 GMT
via: 1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront), 1.1 0e4b604319ca1dc81c333441f110c482.cloudfront.net (CloudFront)
last-modified: Fri, 13 Jul 2018 17:28:53 GMT
server: AmazonS3
age: 7292117
etag: "f23d603738f060753a4233b0b49ed0cf"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, HAM50-C2
accept-ranges: bytes
content-length: 225767
x-amz-cf-id: 0x9zAMIbUMhdSAak61TpWU4CJY7B-4WqL-cDOu3_Yc1geDrWJk8l-Q==
expires: Sat, 13 Jul 2019 17:28:50 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 674 B
874 B 33ms
15ms Script
text/javascript 2a00:1450:4001:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c3be3fd706a009d066170f2c15b042666996ac5002c98c244874e19ac14bf088

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 445
x-xss-protection: 1; mode=block
expires: Mon, 11 May 2020 21:18:23 GMT

GET
H2 200 forcepoint-vpn-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2019/09/20105955/ 2 KB
2 KB 57ms
56ms Image
image/jpeg 2600:9000:2016:3600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/09/20105955/forcepoint-vpn-64x64.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2016:3600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 22bce61f4ab1cabf0df284f75cf064654e2c82fd992de9b8bd951f3bb43a87ca

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 04 May 2020 16:08:55 GMT
via: 1.1 befe3b8553d90339ecf78e5d7cefa60b.cloudfront.net (CloudFront), 1.1 0e4b604319ca1dc81c333441f110c482.cloudfront.net (CloudFront)
last-modified: Fri, 20 Sep 2019 14:59:58 GMT
server: AmazonS3
age: 623369
etag: "f99bca485823b84c6c1ecf501c34469c"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, HAM50-C2
accept-ranges: bytes
content-length: 1822
x-amz-cf-id: uTeUAkDTenpClHsznAM09OI66o40zUxKu5sRJSHutWmDxQTt0Ebqkg==
expires: Sat, 19 Sep 2020 14:59:55 GMT

GET
H2 200 Cloud_Security-64x64.png
media.threatpost.com/wp-content/uploads/sites/103/2019/12/30144523/ 10 KB
10 KB 57ms
57ms Image
image/png 2600:9000:2016:3600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/12/30144523/Cloud_Security-64x64.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2016:3600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 25cbfbe95753b2b7cc509e199271f8ab339b45f4c4b28a098e3cc7b40ae644cb

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 Apr 2020 19:28:22 GMT
via: 1.1 8d31bbd9d6638cdacab37047b8045da4.cloudfront.net (CloudFront), 1.1 0e4b604319ca1dc81c333441f110c482.cloudfront.net (CloudFront)
last-modified: Mon, 30 Dec 2019 19:45:26 GMT
server: AmazonS3
age: 957002
etag: "e0c44979b2a4d9528a72a1630d5e8652"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, HAM50-C2
accept-ranges: bytes
content-length: 10225
x-amz-cf-id: eTiYKA3w1KZ_bdI_GVahFA1nPjIhGAV4dvSMqMc1PKw0SbMJjQhUfw==
expires: Tue, 29 Dec 2020 19:45:23 GMT

GET
H2 200 georgia-cyberattack-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2019/10/29085447/ 2 KB
2 KB 58ms
57ms Image
image/jpeg 2600:9000:2016:3600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/10/29085447/georgia-cyberattack-64x64.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2016:3600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c9fff884f49d2eb540f6d6d4dadd4817909c8c90d28dade868c5344baf68a2ba

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 23 Apr 2020 15:28:23 GMT
via: 1.1 e1e056e45a0f8d6bc22b223900511170.cloudfront.net (CloudFront), 1.1 0e4b604319ca1dc81c333441f110c482.cloudfront.net (CloudFront)
last-modified: Tue, 29 Oct 2019 12:54:50 GMT
server: AmazonS3
age: 1576201
etag: "6fedc25eeb3b0b57727f204f291f52a1"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, HAM50-C2
accept-ranges: bytes
content-length: 1648
x-amz-cf-id: ykJnsFAYH4iYElv1G6xU0Cd9sJmAseDdeSlWQNi04770k0jmO8F7uw==
expires: Wed, 28 Oct 2020 12:54:47 GMT

GET
H2 200 Artificial-Intelligence-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/08/23105243/ 3 KB
3 KB 58ms
57ms Image
image/jpeg 2600:9000:2016:3600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/08/23105243/Artificial-Intelligence-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2016:3600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c093719869fa0fa0375b76f64d9d01908527177983a0740ec475e2bf8dae79c9

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 21 Apr 2020 13:26:15 GMT
via: 1.1 129372028f60828d8c084fb619a69bc0.cloudfront.net (CloudFront), 1.1 0e4b604319ca1dc81c333441f110c482.cloudfront.net (CloudFront)
last-modified: Thu, 23 Aug 2018 14:52:46 GMT
server: AmazonS3
age: 1756329
etag: "89110595e41b038a49ae024d66f9354e"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1, HAM50-C2
accept-ranges: bytes
content-length: 2924
x-amz-cf-id: MHkUYg5u0bKTj_b5UC8RsiCHyRiyhSG__o86MtE7KeOjjI6Atbon1w==
expires: Fri, 23 Aug 2019 14:52:43 GMT

GET
H2 200 data-center-64x64.png
media.threatpost.com/wp-content/uploads/sites/103/2020/01/15162631/ 8 KB
9 KB 58ms
57ms Image
image/png 2600:9000:2016:3600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/01/15162631/data-center-64x64.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2016:3600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d36800d5a9c72e02424db4f2ee2d3e3391388e8b7e863533f73c788df14ab5e

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 16 Feb 2020 06:15:20 GMT
via: 1.1 a75b67932d84d80b40e12159613deb17.cloudfront.net (CloudFront), 1.1 0e4b604319ca1dc81c333441f110c482.cloudfront.net (CloudFront)
last-modified: Wed, 15 Jan 2020 21:26:52 GMT
server: AmazonS3
age: 7398184
etag: "93668d327fc4fcc8e57177484d96236e"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, HAM50-C2
accept-ranges: bytes
content-length: 8414
x-amz-cf-id: CgEOlEcf-oNxNR6JWsXnKx5xNZGXdxURahf4cyJuP-j6b2Em_D2w0w==
expires: Thu, 14 Jan 2021 21:26:49 GMT

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ 25 KB
7 KB 233ms
63ms Script
text/javascript 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: 6283556eed980913d54973a8d8e11a6e78107144420a6efc0bded40fb66d9269

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:23 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/javascript; charset=utf-8

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 285ms
281ms Script
application/x-javascript 2600:9000:2156:b800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/jquery.json.min.js&ver=f818c007

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2156:b800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 926
x-cache-hit: HIT
last-modified: Thu, 07 May 2020 08:44:22 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: Empfoudd4g0UTE56it2QoZn5d1lRsgnmqm2yj6cT0VxPPVGvnMiFWA==
expires: Tue, 12 May 2020 20:29:52 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 34 KB
12 KB 924ms
133ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.4.17.15
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 May 2020 08:44:22 GMT
Server: nginx
ETag: W/"5eb3ca66-88c2"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 18 May 2020 21:18:24 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 7 KB
3 KB 356ms
352ms Script
application/x-javascript 2600:9000:2156:b800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/conditional_logic.min.js&ver=f818c007

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2156:b800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:24 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 2685
x-cache-hit: HIT
last-modified: Thu, 07 May 2020 08:44:23 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: b1XuUU23KgMiqbVwe60FMTsEFvaPusprk8FXYhZkMvkM4OchlHQxnQ==
expires: Tue, 12 May 2020 20:29:52 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 5 KB
2 KB 357ms
354ms Script
application/x-javascript 2600:9000:2156:b800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/placeholders.jquery.min.js&ver=f818c007

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2156:b800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:24 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 1747
x-cache-hit: HIT
last-modified: Thu, 07 May 2020 08:44:23 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: -Ag0CIZl5JIMrLBoByDYPtUe3EZ_YtRgqH0VlRZSHDKoAYGvIzmwTg==
expires: Tue, 12 May 2020 20:30:08 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 676 B
517 B 20ms
16ms Script
text/javascript 2a00:1450:4001:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=5.3.2

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

93fd30f6863ebddd9220238163700a7f4049fd2b6a2f43896f4f9eefae4103c4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 446
x-xss-protection: 1; mode=block
expires: Mon, 11 May 2020 21:18:23 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 355ms
351ms Script
application/x-javascript 2600:9000:2156:b800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/js/wp-embed.min.js,wp-content/plugins/akismet/_inc/form.js&ver=f818c007

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2156:b800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a2e2059610101cb4718d6d9cf8d6e44243838304968710f35ed7f44188a9c279

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:24 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 947
x-cache-hit: HIT
last-modified: Wed, 18 Dec 2019 22:32:15 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: NHOyb9khhWCCa4y65Gk3pEy5GJIRBz4bhAB1Cbikkx0YPhbX8hv14g==
expires: Tue, 12 May 2020 20:30:04 GMT

GET
H2 200 b-0d4dfcb.js Show response
tagan.adlightning.com/math-aids-threatpost/ 36 KB
13 KB 66ms
64ms Script
application/javascript 13.225.87.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-36.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 667a53e3145f4c8b641a886082ce900423662980c5fe3d784383c3d481de2320

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 22 Apr 2020 04:11:43 GMT
content-encoding: gzip
age: 1703201
x-cache: Hit from cloudfront
status: 200
content-length: 12549
x-amz-meta-git_commit: 0d4dfcb
last-modified: Wed, 22 Apr 2020 03:15:52 GMT
server: AmazonS3
etag: "17acdbb1a7a117b8f53f3f84e0db205b"
x-amz-version-id: HwMWPPcis1b0hnhKcUJr6rhRxxqLZtvX
via: 1.1 e5b747ffd1713cb17ddd7d55234a3301.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: W9eORJIFA3jsWrKIv8agR8cQx37kyzQC3wUT_7zuRj1hh83cm25sCw==

GET
H2 200 bl-2a28c82-67ba8475.js Show response
tagan.adlightning.com/math-aids-threatpost/ 98 KB
41 KB 76ms
74ms Script
application/javascript 13.225.87.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-2a28c82-67ba8475.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-36.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89d66cabfb961cd87a89dedc66f047e0f24c1d9ebd761abfed3bdc70357b8b88

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 17:10:19 GMT
content-encoding: gzip
age: 14885
x-cache: Hit from cloudfront
status: 200
content-length: 41658
x-amz-meta-git_commit: 2a28c82
last-modified: Mon, 11 May 2020 17:08:00 GMT
server: AmazonS3
etag: "0fb751e5b7030b42e479d139d8a7f9fa"
x-amz-version-id: 7ONhkHFpmFrbFXLmLb37hAc_5iXzbn10
via: 1.1 e5b747ffd1713cb17ddd7d55234a3301.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: pQcqyyrAbZ4Q66gGciWK0yo0eIAoUTqlEvbrKd-_KQT5GAmI4SnVYg==

GET
H2 200 pubads_impl_2020050602.js Show response
securepubads.g.doubleclick.net/gpt/ 243 KB
88 KB 223ms
93ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

c4b5c1f949f059e3abb05ddcb7cc9944f8c16811e0eb1db9003bc5f8a4eb0634

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 06 May 2020 17:23:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89224
x-xss-protection: 0
expires: Mon, 11 May 2020 21:18:23 GMT

GET
H2 200 integrator.sync.js Show response
adservice.google.de/adsid/ 113 B
898 B 35ms
15ms Script
application/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.sync.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 108
x-xss-protection: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
115 B 224ms
106ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 11 May 2020 21:18:23 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

GET
H2

200

ADTECH;apid=1Af289489e-93cc-11ea-bf20-121160e138ec;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4567df5d210e998;misc=1589231903727 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=4567df5d210e998;misc=1589231903727;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4567df5d210e998;misc=1589231903727
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1Af289489e-93cc-11ea-bf20-121160e138ec;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4567df5d210e998;misc=15...

944 B
1 KB

156ms
156ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1Af289489e-93cc-11ea-bf20-121160e138ec;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4567df5d210e998;misc=1589231903727
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 4bd92ed529a4ba1ef909f0ae3782a7b7336b35ea58828863f24e115e369d9ffa

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:24 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:23 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1Af289489e-93cc-11ea-bf20-121160e138ec;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4567df5d210e998;misc=1589231903727
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1Af2891018-93cc-11ea-97d1-1245d65848a4;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=46a2033b77cccb2;misc=1589231903727 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=46a2033b77cccb2;misc=1589231903727;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1589231902;v=2;cmd=bid;cors=yes;alias=46a2033b77cccb2;misc=1589231903727
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1Af2891018-93cc-11ea-97d1-1245d65848a4;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=46a2033b77cccb2;misc=15...

945 B
1 KB

170ms
169ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1Af2891018-93cc-11ea-97d1-1245d65848a4;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=46a2033b77cccb2;misc=1589231903727
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: e9db32c507d6f307ecdf792f4e077c82206ece704ad465b6ff97968d946ce6ab

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:24 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:23 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1Af2891018-93cc-11ea-97d1-1245d65848a4;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=46a2033b77cccb2;misc=1589231903727
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4799472eb936545;misc=1589231903727 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=4799472eb936545;misc=1589231903727;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4799472eb936545;misc=1589231903727
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4799472eb936545;misc=15...

942 B
1 KB

167ms
167ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4799472eb936545;misc=1589231903727
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 533cc0698433c867c4a58583ce5e346f39650c7e955777c7feea04866aebc9c0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:24 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 942
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:24 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4799472eb936545;misc=1589231903727
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1Af289122a-93cc-11ea-bcc4-124a081e334a;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=487d5f308c36718;misc=1589231903727 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=487d5f308c36718;misc=1589231903727;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=487d5f308c36718;misc=1589231903727
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1Af289122a-93cc-11ea-bcc4-124a081e334a;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=487d5f308c36718;misc=15...

945 B
1 KB

153ms
152ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1Af289122a-93cc-11ea-bcc4-124a081e334a;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=487d5f308c36718;misc=1589231903727
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 72261237e99cd1d300a4e00ca5a297c82e75ec56d17f064a31c2fdde0131d509

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:24 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:23 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1Af289122a-93cc-11ea-bcc4-124a081e334a;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=487d5f308c36718;misc=1589231903727
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1Af2891de2-93cc-11ea-bac8-128b912572ea;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4944235140767ac;misc=1589231903727 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=4944235140767ac;misc=1589231903727;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4944235140767ac;misc=1589231903727
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1Af2891de2-93cc-11ea-bac8-128b912572ea;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4944235140767ac;misc=15...

944 B
1 KB

151ms
151ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1Af2891de2-93cc-11ea-bac8-128b912572ea;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4944235140767ac;misc=1589231903727
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: e8e0fa6594e536d393b228ed2dd0fdb1565b890f2560fe30ccd8ff553f8fbe44

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:24 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:23 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1Af2891de2-93cc-11ea-bac8-128b912572ea;cfp=1;rndc=1589231903;v=2;cmd=bid;cors=yes;alias=4944235140767ac;misc=1589231903727
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
712 B 168ms
54ms XHR
application/json 37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.36 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:25 GMT
X-Proxy-Origin: 165.231.142.36; 165.231.142.36; 692.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.113:80
AN-X-Request-Uuid: 56fa1793-0c01-4197-bfc0-6ea9814cb113
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
712 B 168ms
54ms XHR
application/json 37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.36 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:25 GMT
X-Proxy-Origin: 165.231.142.36; 165.231.142.36; 692.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.230:80
AN-X-Request-Uuid: 8c7ed049-02cd-49ad-8b79-65473e3a189a
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
teachingaids-d.openx.net/w/1.0/ 174 B
570 B 297ms
229ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=5744cb88-8a03-4232-919b-e0452b7bd6cd%2C5744cb88-8a03-4232-919b-e0452b7bd6cd%2C30a90117-b209-47f1-8850-13d4281d03b1%2Cb1ddfd71-c7b8-4982-b21f-d6fd5f1f263e%2Cb1ddfd71-c7b8-4982-b21f-d6fd5f1f263e&nocache=1589231903731&pubcid=6962d2b1-d1bc-4c90-996a-949dc9df58c4&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divIds=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720&
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.185.0 /
Resource Hash: 6783832b21d035d22bf361bdb1bfebf608213bd883366bdc0611e056d8405473

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: gzip
server: OXGW/16.185.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 v2 Show response
e.serverbid.com/api/ 711 B
649 B 406ms
149ms XHR
application/json 134.209.131.220
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.209.131.220 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: br
status: 200
vary: Origin
content-type: application/json
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 372

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
2 KB 324ms
141ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=5744cb88-8a03-4232-919b-e0452b7bd6cd&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7099391639189112
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 2f60e0cd10c7b5f5d5cf4c4699dcfe56e658905bc60c1ede0d961f0610ca2dff

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:23 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=409
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
2 KB 326ms
140ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=30a90117-b209-47f1-8850-13d4281d03b1&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.12965584364867433
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 5986133b7d568177549179916549f17761b51b4edf62b2dd4815128a74cb2661

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:23 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=277
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
2 KB 283ms
95ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=b1ddfd71-c7b8-4982-b21f-d6fd5f1f263e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.2388187244882949
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 877f858d0fe0a3575a7a62d55796489562d9531ddaeb78be7037a97a299ea899

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:23 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=252
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
2 KB 323ms
135ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=b1ddfd71-c7b8-4982-b21f-d6fd5f1f263e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5803572575102602
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: f6018f267f5654f6f4ed28ddc8957a25a214a1920a387e35da4d85adcdb62463

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:23 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=364
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 25 B
1017 B 274ms
148ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=438654&v=7.2&r=%7B%22id%22%3A%2235b637686b42ff6%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2236498f29f5b4cf4%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22375030175f10521%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22382d9b266848281%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1&
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 67365fc440e113f396e7e952dd4fe0e6c9620a40636ce9ce678c67c8d175badf

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Akamai-Age-Ms: 1589231903978
Expires: Mon, 11 May 2020 21:18:23 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
702 B 176ms
58ms XHR
application/json 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.8.0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 2da64b71aa7e176bff1a474dea899079cca9416a274a440e8c052de8b83ae63f

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 11 May 2020 21:18:23 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 44

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 108 KB
35 KB 47ms
25ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3c3c5d6587cb1508ff66752c507b8d936fe479a204e15f9eb43aa84a7f065a54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:23 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35743
x-xss-protection: 0
last-modified: Mon, 11 May 2020 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 11 May 2020 21:18:23 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 11 KB
4 KB 922ms
132ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 May 2020 08:44:25 GMT
Server: nginx
ETag: W/"5eb3ca69-2b9f"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 18 May 2020 21:18:24 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 11 KB
4 KB 393ms
132ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 May 2020 08:44:25 GMT
Server: nginx
ETag: W/"5eb3ca69-2b9f"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 18 May 2020 21:18:24 GMT

GET
H2 200 7uvSZA1F9os
www.youtube.com/embed/ Frame 9C77 0
0 156ms
135ms Document
text/html 2a00:1450:4001:825::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/7uvSZA1F9os?feature=oembed

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/7uvSZA1F9os?feature=oembed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

status: 200
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache
expires: Tue, 27 Apr 1971 19:44:06 GMT
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
strict-transport-security: max-age=31536000
content-encoding: br
date: Mon, 11 May 2020 21:18:23 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: VISITOR_INFO1_LIVE=i_N3PkuksQM; path=/; domain=.youtube.com; secure; expires=Sat, 07-Nov-2020 21:18:23 GMT; httponly; samesite=None YSC=J8zu6lfN8dY; path=/; domain=.youtube.com; secure; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Mon, 11-May-2020 21:48:23 GMT VISITOR_INFO1_LIVE=i_N3PkuksQM; path=/; domain=.youtube.com; secure; expires=Sat, 07-Nov-2020 21:18:23 GMT; httponly; samesite=None
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/-wV2EAWEOTlEtZh4vNQtn3H1/ 298 KB
121 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-wV2EAWEOTlEtZh4vNQtn3H1/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10de7d69af358751d5f0146c012cf400cb2940c6dbdb7d624061e60914c48666

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 04 May 2020 19:15:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 04 May 2020 04:09:11 GMT
server: sffe
age: 612145
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123152
x-xss-protection: 0
expires: Tue, 04 May 2021 19:15:58 GMT

GET
H/1.1 200
OK logo.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 329ms
145ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1588841067
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:24 GMT
Last-Modified: Thu, 07 May 2020 08:44:25 GMT
Server: nginx
ETag: "5eb3ca69-4a32"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 18994
Expires: Mon, 18 May 2020 21:18:24 GMT

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 502ms
242ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1588841067
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:24 GMT
Last-Modified: Thu, 07 May 2020 08:44:25 GMT
Server: nginx
ETag: "5eb3ca69-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20920
Expires: Tue, 11 May 2021 21:18:24 GMT

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 481ms
226ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1588841067
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:24 GMT
Last-Modified: Thu, 07 May 2020 08:44:25 GMT
Server: nginx
ETag: "5eb3ca69-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20900
Expires: Tue, 11 May 2021 21:18:24 GMT

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 429ms
174ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1588841067
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:24 GMT
Last-Modified: Thu, 07 May 2020 08:44:25 GMT
Server: nginx
ETag: "5eb3ca69-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20680
Expires: Tue, 11 May 2021 21:18:24 GMT

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 484ms
227ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1588841067
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:24 GMT
Last-Modified: Thu, 07 May 2020 08:44:26 GMT
Server: nginx
ETag: "5eb3ca6a-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20884
Expires: Tue, 11 May 2021 21:18:24 GMT

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 495ms
234ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1588841067
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:24 GMT
Last-Modified: Thu, 07 May 2020 08:44:25 GMT
Server: nginx
ETag: "5eb3ca69-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 15820
Expires: Tue, 11 May 2021 21:18:24 GMT

GET
H/1.1 200
OK mail-plane-light.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
722 B 761ms
131ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1588841067
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 May 2020 08:44:25 GMT
Server: nginx
ETag: W/"5eb3ca69-33c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 18 May 2020 21:18:24 GMT

GET
H/1.1 200
OK twitter-blue.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
847 B 763ms
133ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1588841067
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 May 2020 08:44:25 GMT
Server: nginx
ETag: W/"5eb3ca69-364"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 18 May 2020 21:18:24 GMT

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame C38E 2 KB
1 KB 64ms
63ms Script
text/javascript 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1589231903&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: 50815ead29c255cd91ada7e4aec28b88f0c1f5003b024836ae93c378badffe3b

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:23 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/javascript; charset=utf-8

GET
H/1.1 200
OK mail-plane-large-dark.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
722 B 422ms
141ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1588841067
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 May 2020 08:44:25 GMT
Server: nginx
ETag: W/"5eb3ca69-32c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 18 May 2020 21:18:24 GMT

GET
H/1.1 200
OK logo-white.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 470ms
182ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1588841067
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:25 GMT
Last-Modified: Thu, 07 May 2020 08:44:25 GMT
Server: nginx
ETag: "5eb3ca69-260a"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 9738
Expires: Mon, 18 May 2020 21:18:25 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 53ms
6ms Script
text/javascript 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 2389
date: Mon, 11 May 2020 20:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18433
expires: Mon, 11 May 2020 22:38:35 GMT

GET
H/1.1 200
OK quant.js Show response
secure.quantserve.com/ 21 KB
8 KB 328ms
76ms Script
application/x-javascript 91.228.74.149
QUANTCAST

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.quantserve.com/quant.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.149 , United Kingdom, ASN27281 (QUANTCAST, US),

Reverse DNS

Software

QS /

Resource Hash

b68b4d1e6d63eabb8a4f663f7755454028aa22d9a0edc88d5b77c58e932d7fa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Last-Modified: Mon, 11-May-2020 21:18:24 GMT
Server: QS
Etag: M0-004a9efe
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=604800
Strict-Transport-Security: max-age=86400
Content-Length: 8025
Expires: Mon, 18 May 2020 21:18:24 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 175ms
58ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:24 GMT
content-encoding: gzip
age: 76513
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-fra19120-FRA
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1589231904.211210,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H/1.1 200
OK iab_consent_sdk.v1.0.js Show response
live.sekindo.com/content/ClientDetections/ Frame C38E 19 KB
6 KB 60ms
58ms Script
application/javascript 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1589231903&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:23 GMT
Content-Encoding: gzip
Last-Modified: Wed, 12 Feb 2020 15:01:36 GMT
Server: nginx
ETag: W/"5e441350-4be0"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Tue, 11 May 2021 21:18:23 GMT

GET
H/1.1 200
OK DetectGDPR2.v1.0.js Show response
live.sekindo.com/content/ClientDetections/ Frame C38E 8 KB
3 KB 117ms
56ms Script
application/javascript 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/ClientDetections/DetectGDPR2.v1.0.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1589231903&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: ace61d80f3fe90bbb02ab328d9705b57a9c8a95d3a0bf6b4cd510d4dacd033df

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:23 GMT
Content-Encoding: gzip
Last-Modified: Sun, 26 Jan 2020 18:48:12 GMT
Server: nginx
ETag: W/"5e2ddeec-211f"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Tue, 11 May 2021 21:18:23 GMT

GET
H/1.1 200
OK DetectGDPR.v1.0.js Show response
live.sekindo.com/content/ClientDetections/ Frame C38E 7 KB
3 KB 167ms
56ms Script
application/javascript 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/ClientDetections/DetectGDPR.v1.0.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1589231903&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: 993ebc45d9927d420801f05819222e8cc1aa523187e4c0b290df02b23ce18093

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Last-Modified: Sun, 26 Jan 2020 11:58:13 GMT
Server: nginx
ETag: W/"5e2d7ed5-1d87"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Tue, 11 May 2021 21:18:24 GMT

GET
H/1.1 200
OK hls.0.12.4_1.min.js Show response
live.sekindo.com/content/video/hls/ Frame C38E 247 KB
85 KB 171ms
60ms Script
application/javascript 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1589231903&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: 7d0492c66125b1c2bdc419641e41542857e7d90e323d355ee0b8bb268da121fb

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:23 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 15:31:55 GMT
Server: nginx
ETag: W/"5e1352eb-3dcb9"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Tue, 11 May 2021 21:18:23 GMT

GET
H/1.1 200
OK prebidVid.2.44.3_4.min.js Show response
live.sekindo.com/content/prebid/ Frame C38E 272 KB
101 KB 201ms
89ms Script
application/javascript 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1589231903&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: 2c167f4042d1338b33e2822f3b3dca3646bffcac14747d934c50794192dc3c2b

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:23 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 May 2020 09:21:08 GMT
Server: nginx
ETag: W/"5eafde84-4415a"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Tue, 11 May 2021 21:18:23 GMT

GET
H/1.1 200
OK liveVideo.php Show response
live.sekindo.com/live/ Frame C38E 410 KB
116 KB 216ms
104ms Script
text/html 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D31325F30307D7B7331323334383830387D7B433235397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A5549433867566D6C6C64324669624755674C794179494338674D54553D7D7B4C363631357DFEFE&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Viewable+%2F+2+%2F+15&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5eb9c11ff0944&debugInfo=12348808_ABT+%2F+Viewable+%2F+2+%2F+15&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.32469940185547&geoLong=18.055999755859375&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1589231903&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=undefined
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: 973d78aac43659e01a8787cab841d7ad06244f14412ee920d772674698ed4188

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:23 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j82&aip=1&a=800095118&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&ul=en-us&de=UTF-...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-35676203-21&cid=1122339299.1589231904&jid=1671576784&_gid=708783439.1589231904&gjid=504743844&_v=j82&z=1913209453
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1122339299.1589231904&jid=1671576784&_v=j82&z=1913209453
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1122339299.1589231904&jid=1671576784&_v=j82&z=1913209453&slf_rd=1&random=1892861574

42 B
517 B

37ms
18ms

Image
image/gif

2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1122339299.1589231904&jid=1671576784&_v=j82&z=1913209453&slf_rd=1&random=1892861574

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:24 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=1122339299.1589231904&jid=1671576784&_v=j82&z=1913209453&slf_rd=1&random=1892861574
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
448 B 273ms
165ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 112
pragma: no-cache
last-modified: Mon, 11 May 2020 21:18:24 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 43b19be4bd09a2ce563e976639a74d9e
x-transaction: 00fcffa4004182d1
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame C38E 101 KB
26 KB 189ms
82ms Script
application/javascript 143.204.90.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D31325F30307D7B7331323334383830387D7B433235397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A5549433867566D6C6C64324669624755674C794179494338674D54553D7D7B4C363631357DFEFE&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Viewable+%2F+2+%2F+15&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5eb9c11ff0944&debugInfo=12348808_ABT+%2F+Viewable+%2F+2+%2F+15&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.32469940185547&geoLong=18.055999755859375&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-90-242.fra50.r.cloudfront.net
Software: Server /
Resource Hash: 0875862efc0b3318a2104d27726d71f6f61d95a6e04ef6becb2793e66b2bc27a

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 14:04:57 GMT
content-encoding: gzip
server: Server
age: 26006
etag: ad48a5f558eb50f381edaa87211f6c91
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 6vatwfPBqL9PniPU7FFaKFgA4ltV0yQdTVY3QzdE3j9Gdn3BbBDEuA==
via: 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 3 B
356 B 374ms
359ms Script
application/x-javascript 2600:9000:20eb:1200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:1200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:14:33 GMT
via: 1.1 3df1d6f6e1999cb29078ddff1a62bd1d.cloudfront.net (CloudFront)
last-modified: Fri, 03 Mar 2017 23:52:35 GMT
server: AmazonS3
age: 232
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Error from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=300
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: s1O8UiOLYyiCU4JgaRJFSLfCbp-vnkHqZ7vkRwyXu_5Re6mzYHz20g==

GET
H2 200 css
fonts.googleapis.com/ Frame F443 2 KB
1 KB 35ms
15ms Stylesheet
text/css 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto&display=swap

Requested by

Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D31325F30307D7B7331323334383830387D7B433235397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A5549433867566D6C6C64324669624755674C794179494338674D54553D7D7B4C363631357DFEFE&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Viewable+%2F+2+%2F+15&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5eb9c11ff0944&debugInfo=12348808_ABT+%2F+Viewable+%2F+2+%2F+15&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.32469940185547&geoLong=18.055999755859375&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 11 May 2020 21:18:24 GMT
server: ESF
date: Mon, 11 May 2020 21:18:24 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 May 2020 21:18:24 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0677 2 KB
626 B 35ms
22ms Stylesheet
text/css 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 11 May 2020 21:18:24 GMT
server: ESF
date: Mon, 11 May 2020 21:18:24 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 May 2020 21:18:24 GMT

GET
H/1.1 200
OK user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7147 0
0 180ms
59ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D31325F30307D7B7331323334383830387D7B433235397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A5549433867566D6C6C64324669624755674C794179494338674D54553D7D7B4C363631357DFEFE&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Viewable+%2F+2+%2F+15&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5eb9c11ff0944&debugInfo=12348808_ABT+%2F+Viewable+%2F+2+%2F+15&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.32469940185547&geoLong=18.055999755859375&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

Last-Modified: Tue, 14 Apr 2020 10:28:34 GMT
ETag: "1300708-2eae-5a33da96f833f"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 4169
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=128198
Expires: Wed, 13 May 2020 08:55:02 GMT
Date: Mon, 11 May 2020 21:18:24 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK placeHolder.png
live.sekindo.com/content/video/splayer/assets/ 23 KB
24 KB 59ms
56ms Image
image/png 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/content/video/splayer/assets/placeHolder.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: 76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:23 GMT
Last-Modified: Sun, 11 Jun 2017 08:03:58 GMT
Server: nginx
ETag: "593cf96e-5dbf"
Content-Type: image/png
Cache-Control: no-cache, private
Accept-Ranges: bytes
Content-Length: 23999
Expires: Mon, 11 May 2020 21:18:22 GMT

GET
H/1.1 200
OK vid5eb040639afb8598934116.jpg
video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0677 10 KB
10 KB 229ms
58ms Image
image/jpeg 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.jpg?cbuster=1588609128

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

534363d27d1f09a683387b81782402b5f2a048f213b3990fd1e28e11fd04c0bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:20 GMT
Last-Modified: Mon, 04 May 2020 16:53:14 GMT
Server: Tengine
ETag: "5eb0487a-270a"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 9994
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5eac8838dc5d3137845426.jpg
video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0677 14 KB
14 KB 253ms
81ms Image
image/jpeg 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5eac8838dc5d3137845426.jpg?cbuster=1588365375

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

e3a59eba123b8a0e2cf8a54eb06a12491f840d7d4d822a5fbe02927551beb888

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:20 GMT
Last-Modified: Fri, 01 May 2020 20:51:25 GMT
Server: Tengine
ETag: "5eac8bcd-37d8"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 14296
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5eb0405c255a4496381919.jpg
video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0677 7 KB
8 KB 228ms
56ms Image
image/jpeg 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5eb0405c255a4496381919.jpg?cbuster=1588609119

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

5ba8ef0da1dcc34d139660c846ec54fb0d775940b11966251d235c1578ff6f87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:20 GMT
Last-Modified: Mon, 04 May 2020 16:53:05 GMT
Server: Tengine
ETag: "5eb04871-1de1"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 7649
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5eb427ad3921b097296914.jpg
video.sekindo.com/uploads/cn15/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0677 15 KB
16 KB 254ms
82ms Image
image/jpeg 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn15/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5eb427ad3921b097296914.jpg?cbuster=1588864944

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

683e1b018e8f26073c9d28cc27d021f3bb04a624bb12322d1c9015ae0be5561c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:20 GMT
Last-Modified: Thu, 07 May 2020 15:39:11 GMT
Server: Tengine
ETag: "5eb42b9f-3cf7"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 15607
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5ea9b12a2b080511747751.jpg
video.sekindo.com/uploads/cn14/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0677 12 KB
13 KB 227ms
60ms Image
image/jpeg 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn14/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5ea9b12a2b080511747751.jpg?cbuster=1588179246

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

3bc8c6062c104270a0fdd4a021264fd8cc70a25dc9513f2367082e15b3ded839

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:20 GMT
Last-Modified: Wed, 29 Apr 2020 17:19:14 GMT
Server: Tengine
ETag: "5ea9b712-313b"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 12603
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5ea9b134a2572065315780.jpg
video.sekindo.com/uploads/cn14/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0677 10 KB
10 KB 63ms
63ms Image
image/jpeg 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn14/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5ea9b134a2572065315780.jpg?cbuster=1588179256

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

2264d1adc9a2943dff769c67f74bb3451f92c0e22de0bfd265d43cad7960ba3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:20 GMT
Last-Modified: Wed, 29 Apr 2020 17:19:23 GMT
Server: Tengine
ETag: "5ea9b71b-27b6"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 10166
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5eab197cb7742854461958.jpg
video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0677 4 KB
4 KB 58ms
58ms Image
image/jpeg 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5eab197cb7742854461958.jpg?cbuster=1588271494

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

def79cde0ac4d7ee1bd4e8ce443b36005949f3f727561279b24b73ae253b2443

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:20 GMT
Last-Modified: Thu, 30 Apr 2020 19:02:19 GMT
Server: Tengine
ETag: "5eab20bb-ff4"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 4084
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5ea9b1310b068262966464.jpg
video.sekindo.com/uploads/cn14/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0677 20 KB
21 KB 69ms
69ms Image
image/jpeg 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn14/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5ea9b1310b068262966464.jpg?cbuster=1588179252

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

e06616d095afb6debcaa29e8708a95d1aad89145aabbcf104f205f8331ed7728

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:20 GMT
Last-Modified: Wed, 29 Apr 2020 17:19:18 GMT
Server: Tengine
ETag: "5ea9b716-51d7"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 20951
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5eac29a4d3159436361928.jpg
video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0677 22 KB
23 KB 66ms
65ms Image
image/jpeg 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5eac29a4d3159436361928.jpg?cbuster=1588341160

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

00e3d76bc28c0bba7a096ce2072223eac6fb0e704c7d95262e0a2eb1fe4aa7d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:20 GMT
Last-Modified: Fri, 01 May 2020 14:01:42 GMT
Server: Tengine
ETag: "5eac2bc6-5892"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 22674
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5eac29a89cbdc513790848.jpg
video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0677 16 KB
16 KB 67ms
66ms Image
image/jpeg 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5eac29a89cbdc513790848.jpg?cbuster=1588341172

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

85055b2bd2813119f5d846f6084e183be9800ea624cf0ed4540ec7655f870eb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:20 GMT
Last-Modified: Fri, 01 May 2020 14:01:48 GMT
Server: Tengine
ETag: "5eac2bcc-3e29"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 15913
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

sync
x.bidswitch.net/ul_cb/ Frame C38E
Redirect Chain

https://x.bidswitch.net/sync?ssp=sekindo&user_id=5eb9c11ff0944&custom_data=5eb9c11ff0944&gdpr=1&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5eb9c11ff0944&custom_data=5eb9c11ff0944&gdpr=1&gdpr_consent=

43 B
379 B

55ms
54ms

Image
image/gif

35.157.89.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5eb9c11ff0944&custom_data=5eb9c11ff0944&gdpr=1&gdpr_consent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.89.106 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-89-106.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Mon, 11 May 2020 21:18:24 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status: 302
date: Mon, 11 May 2020 21:18:24 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5eb9c11ff0944&custom_data=5eb9c11ff0944&gdpr=1&gdpr_consent=
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

liveCS.php
live.sekindo.com/live/ Frame C38E
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=06dc6407-9ae1-409e-982c-1149f647c1a6

0
347 B

61ms
61ms

Image
text/html

194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=06dc6407-9ae1-409e-982c-1149f647c1a6
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-store
Content-Type: text/html; charset=utf-8

Redirect headers

status: 307
date: Mon, 11 May 2020 21:18:24 GMT
content-length: 0
location: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=06dc6407-9ae1-409e-982c-1149f647c1a6

GET
H/1.1 200
OK vid5eb040639afb8598934116.jpg
video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame F443 10 KB
10 KB 228ms
55ms Image
image/jpeg 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn13/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.jpg?cbuster=1588609128

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

534363d27d1f09a683387b81782402b5f2a048f213b3990fd1e28e11fd04c0bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://amli.sekindo.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:20 GMT
Last-Modified: Mon, 04 May 2020 16:53:14 GMT
Server: Tengine
ETag: "5eb0487a-270a"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 9994
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame F443 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame F443 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 137 KB
37 KB 279ms
278ms XHR
text/plain 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=738816376293837&correlator=2851879946976124&output=ldjh&impl=fifs&adsid=NT&eid=21065733&vrg=2020050602&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200511&iu_parts=21707124336%2CThreatPost-970x250-ATF%2CThreatPost-300x250-ATF%2CThreatPost-300x600-ATF%2CThreatPost-2x2-Skin&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fmillions-thunderbolt-devices-thunderspy-attack%252F155620%252F%26urlquery%3Dgoogfc%26contentid%3D155620%26category%3Dhacks%26contenttags%3Dapple-2%252Cdell%252Chp%252Cintel-0%252Clenovo%252Cperipheral%252Cphysical-accessibility-attack%252Cport%252Cthunderbolt%252Cthunderspy&cookie_enabled=1&bc=31&abxe=1&lmt=1589231904&dt=1589231904556&dlt=1589231902798&idt=866&frm=20&biw=1585&bih=1200&oid=3&adxs=429%2C1075%2C1075%2C0&adys=10%2C257%2C1563%2C0&adks=1015519800%2C654286612%2C375389812%2C3385906655&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&dssz=41&icsg=176173059&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x90%7C300x250%7C300x250%7C1585x2&msz=728x90%7C300x250%7C300x250%7C1585x2&ga_vid=1122339299.1589231904&ga_sid=1589231905&ga_hid=800095118&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

a48040c2daceb0e950a3ad6d02d0e79363440776915878e3f517030d69e2da8a

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15528459692347487880/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15528459692347487880/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNL4kJnerOkCFbzQuwgdxUQNlw&gqi=&layout=/sadbundle/%24csp%253Der3%24/15528459692347487880/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15528459692347487880/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15528459692347487880/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNL4kJnerOkCFbzQuwgdxUQNlw&gqi=&layout=/sadbundle/%24csp%253Der3%24/15528459692347487880/index.html
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
google-creative-id: 138290554453,-1,-1,138301519116
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36640
x-xss-protection: 0
google-lineitem-id: 5193129080,-1,-1,5283645110
pragma: no-cache
server: cafe
google-mediationtag-id: -2
date: Mon, 11 May 2020 21:18:24 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 26ms
6ms Other
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame C38E 87 KB
4 KB 95ms
95ms XHR
application/json 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=1&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn13%2Fvideo%2Fusers%2Fconverted%2F28530%2Fvideo_5d5baf9fe4c32389620327%2Fvid5eb040639afb8598934116.mp4&vid_content_id=781737&vid_content_desc=Apple+sees+growth+amid+pandemic&vid_content_title=Apple+sees+growth+amid+pandemic&vid_content_duration=48&debugInformation=ABT%20/%20Viewable%20/%202%20/%2015&x=400&y=225&fpl=2&pubUrl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D31325F30307D7B7331323334383830387D7B433235397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A5549433867566D6C6C64324669624755674C794179494338674D54553D7D7B4C363631357DFEFE&isApp=0&geoLati=59.32469940185547&geoLong=18.055999755859375&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5eb9c11ff0944&cbuster=1589231904574&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D31325F30307D7B7331323334383830387D7B433235397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A5549433867566D6C6C64324669624755674C794179494338674D54553D7D7B4C363631357DFEFE&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Viewable+%2F+2+%2F+15&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5eb9c11ff0944&debugInfo=12348808_ABT+%2F+Viewable+%2F+2+%2F+15&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.32469940185547&geoLong=18.055999755859375&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: ae428ed5bed53a71f99ddf51c89bc8333d0ba44c51deefb7c6cae54f67d209f7

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 3490

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame C38E 87 KB
4 KB 126ms
126ms XHR
application/json 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=1&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn13%2Fvideo%2Fusers%2Fconverted%2F28530%2Fvideo_5d5baf9fe4c32389620327%2Fvid5eb040639afb8598934116.mp4&vid_content_id=781737&vid_content_desc=Apple+sees+growth+amid+pandemic&vid_content_title=Apple+sees+growth+amid+pandemic&vid_content_duration=48&debugInformation=ABT%20/%20Viewable%20/%202%20/%2015&x=320&y=180&fpl=2&pubUrl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D31325F30307D7B7331323334383830387D7B433235397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A5549433867566D6C6C64324669624755674C794179494338674D54553D7D7B4C363631357DFEFE&isApp=0&geoLati=59.32469940185547&geoLong=18.055999755859375&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5eb9c11ff0944&cbuster=1589231904574&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D31325F30307D7B7331323334383830387D7B433235397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A5549433867566D6C6C64324669624755674C794179494338674D54553D7D7B4C363631357DFEFE&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Viewable+%2F+2+%2F+15&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5eb9c11ff0944&debugInfo=12348808_ABT+%2F+Viewable+%2F+2+%2F+15&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.32469940185547&geoLong=18.055999755859375&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: 0a3f4272de6a38b1e429da24ebf7c1c86d2d9f3f257f02ed27046a27b8fd9df1

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 3582

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame C38E 24 KB
2 KB 77ms
77ms XHR
application/json 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=0&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn13%2Fvideo%2Fusers%2Fconverted%2F28530%2Fvideo_5d5baf9fe4c32389620327%2Fvid5eb040639afb8598934116.mp4&vid_content_id=781737&vid_content_desc=Apple+sees+growth+amid+pandemic&vid_content_title=Apple+sees+growth+amid+pandemic&vid_content_duration=48&debugInformation=ABT%20/%20Viewable%20/%202%20/%2015&x=400&y=225&fpl=2&pubUrl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D31325F30307D7B7331323334383830387D7B433235397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A5549433867566D6C6C64324669624755674C794179494338674D54553D7D7B4C363631357DFEFE&isApp=0&geoLati=59.32469940185547&geoLong=18.055999755859375&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5eb9c11ff0944&cbuster=1589231904575&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D31325F30307D7B7331323334383830387D7B433235397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A5549433867566D6C6C64324669624755674C794179494338674D54553D7D7B4C363631357DFEFE&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Viewable+%2F+2+%2F+15&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5eb9c11ff0944&debugInfo=12348808_ABT+%2F+Viewable+%2F+2+%2F+15&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.32469940185547&geoLong=18.055999755859375&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: d03b8681e381be20d81ccb091e9c0f6717818cca7ece73c47a7e6591cf5ce90c

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 1817

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame C38E 6 KB
3 KB 166ms
56ms XHR
application/javascript 143.204.90.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.90.242 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-90-242.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 07:04:46 GMT
content-encoding: gzip
vary: Origin
age: 51219
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 09 Apr 2020 23:46:54 GMT
server: AmazonS3
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: NWCPd8TPENRcpCETg7FHojGrEHQ8WVbahM82xAvced4strgFAOetog==

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame C38E 0
59 B 58ms
58ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 11 May 2020 21:18:24 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame C38E 0
215 B 225ms
60ms XHR
application/json 3.120.54.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.54.253 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-54-253.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Server: adaptv/1.0
Connection: keep-alive
Content-Length: 0
Content-Type: application/json

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0677 43 B
463 B 61ms
61ms Image
image/gif 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=6&serverTime=1589231904&s=58057&sta=12381395&x=400&y=225&msta=12348808&vid_vastType=3&vid_viewabilityState=0&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Viewable%20%2F%202%20%2F%2015&playbackMethod=auto&isApp=0&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb9c11ff0944&rvn=${VP_RVN_MACRO}&attemptMultiplier=10&contentFileId=0&mediaPlayListId=0&playerVer=3.0.0&cbuster=1589231904657&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:23 GMT
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Content-Disposition: inline; filename="pixel.gif"
Content-Type: image/gif
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/-wV2EAWEOTlEtZh4vNQtn3H1/ 298 KB
120 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-wV2EAWEOTlEtZh4vNQtn3H1/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=5.3.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10de7d69af358751d5f0146c012cf400cb2940c6dbdb7d624061e60914c48666

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 04 May 2020 19:15:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 04 May 2020 04:09:11 GMT
server: sffe
age: 612146
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123152
x-xss-protection: 0
expires: Tue, 04 May 2021 19:15:58 GMT

GET
H2 200 flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
567 B 272ms
271ms Image
image/svg+xml 2600:9000:2156:b800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:b800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=f818c007
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: public
date: Mon, 11 May 2020 21:18:24 GMT
content-encoding: gzip
last-modified: Thu, 07 May 2020 08:44:24 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: W/"5eb3ca68-ec"
x-cache: Miss from cloudfront
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
x-amz-cf-id: UAFD-M1WZ7YS5OK6sLabEcQaiBX5JMPzDKX5zjPC7nF-XIMe2wRZ0Q==
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
expires: Mon, 18 May 2020 21:18:24 GMT

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 426ms
409ms Font
font/woff2 2600:9000:2156:b800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:b800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=f818c007
Origin: https://threatpost.com

Response headers

date: Mon, 11 May 2020 21:18:25 GMT
via: 1.1 a394c864b23364262af48fed4e7e9fad.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 77160
pragma: public
last-modified: Thu, 07 May 2020 08:44:25 GMT
server: nginx
etag: "5eb3ca69-12d68"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: o4hxlXz1OEL5QG8X-XfQl6HFFzjhNbPcHUqyJ7Q37YYiPBIT5dXcdQ==
expires: Tue, 11 May 2021 21:18:25 GMT

GET
H/1.1 200
OK photo-newsletter.jpg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 83 KB
83 KB 514ms
218ms Image
image/jpeg 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/photo-newsletter.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 940e0c3385928422aae38e1a74f1d84b462d8ce1a056c686fde505a0bf3162bb

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: public
Date: Mon, 11 May 2020 21:18:25 GMT
Last-Modified: Thu, 07 May 2020 08:44:25 GMT
Server: nginx
ETag: "5eb3ca69-14c88"
Content-Type: image/jpeg
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 85128
Expires: Mon, 18 May 2020 21:18:25 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
651 B 679ms
196ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 121
pragma: no-cache
last-modified: Mon, 11 May 2020 21:18:25 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e788b3bb712039951f3f100aae778919
x-transaction: 00a9114a001b1477
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame 11AA 0
0 62ms
61ms Document
text/html 2a00:1450:4001:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&theme=standard&size=normal&cb=1uxseks8t7f9

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vV2736gfTw6F9eBDlARmtA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&theme=standard&size=normal&cb=1uxseks8t7f9
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 11 May 2020 21:18:24 GMT
content-security-policy: script-src 'report-sample' 'nonce-vV2736gfTw6F9eBDlARmtA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10500
server: GSE
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame C38E 24 KB
2 KB 83ms
82ms XHR
application/json 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=0&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn13%2Fvideo%2Fusers%2Fconverted%2F28530%2Fvideo_5d5baf9fe4c32389620327%2Fvid5eb040639afb8598934116.mp4&vid_content_id=781737&vid_content_desc=Apple+sees+growth+amid+pandemic&vid_content_title=Apple+sees+growth+amid+pandemic&vid_content_duration=48&debugInformation=ABT%20/%20Viewable%20/%202%20/%2015&x=320&y=180&fpl=2&pubUrl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D31325F30307D7B7331323334383830387D7B433235397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A5549433867566D6C6C64324669624755674C794179494338674D54553D7D7B4C363631357DFEFE&isApp=0&geoLati=59.32469940185547&geoLong=18.055999755859375&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5eb9c11ff0944&cbuster=1589231904812&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D31325F30307D7B7331323334383830387D7B433235397D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A5549433867566D6C6C64324669624755674C794179494338674D54553D7D7B4C363631357DFEFE&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Viewable+%2F+2+%2F+15&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5eb9c11ff0944&debugInfo=12348808_ABT+%2F+Viewable+%2F+2+%2F+15&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.32469940185547&geoLong=18.055999755859375&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: 872bc43fe948476ecdab79164f38503ecba5fe4fc5ae4f12a0216e1e3c23ad25

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:24 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 1802

GET
H/1.1 200
OK chunklist_640.m3u8 Show response
video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/ Frame C38E 361 B
761 B 633ms
95ms XHR
application/vnd.apple.mpegurl 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/chunklist_640.m3u8
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 816b8f287a0c9b660cb60e0b1a6b7ca6cef72ff82db34c1997578b296721c885

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:21 GMT
Last-Modified: Mon, 04 May 2020 16:54:46 GMT
Server: Tengine
ETag: "5eb048d6-169"
Content-Type: application/vnd.apple.mpegurl
Access-Control-Allow-Origin: *
Expires: Mon, 18 May 2020 21:18:21 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 361
X-Proxy-Cache: HIT

GET
H2 200 / Show response
graph.facebook.com/ 92 B
458 B 56ms
42ms XHR
application/json 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

23ca30e6c91441158bbc3be4b843be9478d7363861ef7616c37f9b588bdd1663

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
x-fb-debug: HSIOEqff3L0bofQTgGNksoFZ4KLLxYDi8GIBps8mWZKjdq7/9otEKk/LsDr91HmZ9B1T76e0sBOPdY+s3dVjcg==
x-fb-trace-id: Dsenv/dlhT2
status: 200
etag: "92f1afb857efaa1eb9a453845e27144c29db43fe"
strict-transport-security: max-age=15552000; preload
content-type: application/json
access-control-allow-origin: *
x-fb-request-id: AuQ7kXCXhuhxx4UYnlhRe0U
cache-control: private, no-cache, no-store, must-revalidate
date: Mon, 11 May 2020 21:18:24 GMT
x-fb-rev: 1002108693
facebook-api-version: v3.0
content-length: 92
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 share
www.linkedin.com/countserv/count/ 0
0 172ms
157ms Script
text/html 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin.com/countserv/count/share?url=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&format=jsonp&callback=jQuery112406404511295275039_1589231903746&_=1589231903747
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 info.json Show response
www.reddit.com/api/ 4 KB
3 KB 1427ms
279ms XHR
application/json 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.53.140 Manchester, United Kingdom, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

d2783190e1faae20befe2df7de68b6348350a2c463c42fc3e4bc15076afb744c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: *
x-cache: MISS
status: 200
vary: accept-encoding
content-length: 1645
x-xss-protection: 1; mode=block
x-served-by: cache-man4135-MAN
x-moose: majestic
expires: -1
server: snooserv
x-timer: S1589231906.014623,VS0,VE184
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=UTF-8
via: 1.1 varnish
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame F443 11 KB
11 KB 29ms
5ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto&display=swap
Origin: https://threatpost.com

Response headers

date: Tue, 14 Apr 2020 23:26:59 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 2325085
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Wed, 14 Apr 2021 23:26:59 GMT

GET
H2 200 bl-2a28c82-67ba8475.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame B774 98 KB
41 KB 73ms
72ms Script
application/javascript 13.225.87.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-2a28c82-67ba8475.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-36.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89d66cabfb961cd87a89dedc66f047e0f24c1d9ebd761abfed3bdc70357b8b88

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 17:10:19 GMT
content-encoding: gzip
age: 14886
x-cache: Hit from cloudfront
status: 200
content-length: 41658
x-amz-meta-git_commit: 2a28c82
last-modified: Mon, 11 May 2020 17:08:00 GMT
server: AmazonS3
etag: "0fb751e5b7030b42e479d139d8a7f9fa"
x-amz-version-id: 7ONhkHFpmFrbFXLmLb37hAc_5iXzbn10
via: 1.1 e5b747ffd1713cb17ddd7d55234a3301.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: YDOxYj_uDfE2BFytJ9y_40cEn_TR8PW_khZl_stLVPxfAxidomSIxg==

GET
H2 200 b-0d4dfcb.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame B774 36 KB
13 KB 75ms
74ms Script
application/javascript 13.225.87.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-36.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 667a53e3145f4c8b641a886082ce900423662980c5fe3d784383c3d481de2320

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 22 Apr 2020 04:11:43 GMT
content-encoding: gzip
age: 1703202
x-cache: Hit from cloudfront
status: 200
content-length: 12549
x-amz-meta-git_commit: 0d4dfcb
last-modified: Wed, 22 Apr 2020 03:15:52 GMT
server: AmazonS3
etag: "17acdbb1a7a117b8f53f3f84e0db205b"
x-amz-version-id: HwMWPPcis1b0hnhKcUJr6rhRxxqLZtvX
via: 1.1 e5b747ffd1713cb17ddd7d55234a3301.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: aFntaq6Xxuz-ttr560hy4UJecNkQH4kqkvS_cYuEZWjqDUkju6Wviw==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B774 107 KB
39 KB 22ms
19ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

975ee123b2e5a299c8a857798c11049fdf09f88fe363254a90ab99263b874cda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 39186
x-xss-protection: 0
server: cafe
etag: 3465331680960370250
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 11 May 2020 21:18:24 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame B774 74 KB
28 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32ab9cbc82797d05b18d1a15697b8dc8e70cba544d3134a07e50c641166da1a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1588975424504927"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28371
x-xss-protection: 0
expires: Mon, 11 May 2020 21:18:24 GMT

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bb5347fd356ae8863aeb2695b9f2125a42b90449cd729e3527456dd1f20897b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1588975424504927"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27855
x-xss-protection: 0
expires: Mon, 11 May 2020 21:18:24 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame 8FC3 0
0 62ms
61ms Document
text/html 2a00:1450:4001:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&theme=light&size=normal&cb=3827etob3z1p

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-EKDoyNkJcgEGQVYLC9kWkQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&theme=light&size=normal&cb=3827etob3z1p
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 11 May 2020 21:18:24 GMT
content-security-policy: script-src 'report-sample' 'nonce-EKDoyNkJcgEGQVYLC9kWkQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10080
server: GSE
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK pixel;r=562447701;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F;fpan=1;fpa=P0-15878855-1589231904961;ns=0;ce=1;qjs=...
pixel.quantserve.com/ 35 B
658 B 396ms
96ms Image
image/gif 91.228.74.170
QUANTCAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=562447701;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F;fpan=1;fpa=P0-15878855-1589231904961;ns=0;ce=1;qjs=1;qv=f473609d-20200430082408;cm=;gdpr=0;ref=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1589231904961;tzo=-120;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2020%2F05%2F11111147%2Fthund%2Ctype.article%2Ctitle.Millions%20of%20Thunderbolt-Equipped%20Devices%20Open%20to%20'ThunderSpy'%20Attack%2Cdescription.If%20an%20attacker%20can%20get%20his%20hands%20on%20a%20Thunderbolt-equipped%20device%20for%20five%20minut%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.170 , United Kingdom, ASN27281 (QUANTCAST, US),

Reverse DNS

Software

QS /

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:25 GMT
Server: QS
Strict-Transport-Security: max-age=86400
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: Fri, 04 Aug 1978 12:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame C38E 185 B
387 B 182ms
76ms XHR
application/json 52.57.231.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.231.210 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-231-210.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 4fbfe635c94808ec9e9c2c9607e19856c82be96741b120f7a714217fdd500541

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:25 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 174
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C38E 19 B
712 B 78ms
77ms XHR
application/json 37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.36 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:27 GMT
X-Proxy-Origin: 165.231.142.36; 165.231.142.36; 692.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.183:80
AN-X-Request-Uuid: e88b71b7-af42-48ec-ac61-911a15e4e197
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame C38E 0
215 B 78ms
78ms XHR
application/json 3.120.54.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.54.253 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-54-253.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Server: adaptv/1.0
Connection: keep-alive
Content-Length: 0
Content-Type: application/json

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame C38E 0
59 B 77ms
77ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 11 May 2020 21:18:25 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ Frame C38E 25 B
1 KB 178ms
177ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=435870&v=8.1&r=%7B%22id%22%3A%221315e761538fe4e%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22144e7f3cd6caa7c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.8%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%2C%7B%22id%22%3A%22152c9a60ee04216%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.8%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&nf=1&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 285a591bac78eebf726461ad27ada02790d8a225f602ec0e63d4f8bbad79453b

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:25 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Akamai-Age-Ms: 1589231905104
Expires: Mon, 11 May 2020 21:18:25 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 295D 0
0 26ms
26ms Document
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 2973
date: Mon, 11 May 2020 20:30:57 GMT
expires: Tue, 11 May 2021 20:30:57 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 2848
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bl-2a28c82-67ba8475.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame DE9C 98 KB
41 KB 79ms
77ms Script
application/javascript 13.225.87.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-2a28c82-67ba8475.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-36.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89d66cabfb961cd87a89dedc66f047e0f24c1d9ebd761abfed3bdc70357b8b88

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 17:10:19 GMT
content-encoding: gzip
age: 14887
x-cache: Hit from cloudfront
status: 200
content-length: 41658
x-amz-meta-git_commit: 2a28c82
last-modified: Mon, 11 May 2020 17:08:00 GMT
server: AmazonS3
etag: "0fb751e5b7030b42e479d139d8a7f9fa"
x-amz-version-id: 7ONhkHFpmFrbFXLmLb37hAc_5iXzbn10
via: 1.1 e5b747ffd1713cb17ddd7d55234a3301.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 1lkv7g8NZUAoGr08XL8XG6LyKKc0Oma4J-he20uc1k_zVGBT73zw3g==

GET
H2 200 b-0d4dfcb.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame DE9C 36 KB
13 KB 112ms
110ms Script
application/javascript 13.225.87.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-36.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 667a53e3145f4c8b641a886082ce900423662980c5fe3d784383c3d481de2320

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 22 Apr 2020 04:11:43 GMT
content-encoding: gzip
age: 1703203
x-cache: Hit from cloudfront
status: 200
content-length: 12549
x-amz-meta-git_commit: 0d4dfcb
last-modified: Wed, 22 Apr 2020 03:15:52 GMT
server: AmazonS3
etag: "17acdbb1a7a117b8f53f3f84e0db205b"
x-amz-version-id: HwMWPPcis1b0hnhKcUJr6rhRxxqLZtvX
via: 1.1 e5b747ffd1713cb17ddd7d55234a3301.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 7Nrj1Ebdgig3fQy0xx1hFTZSYDstEaiFh-3_zrWwIxTVeGBVX9-mzQ==

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012005012256000/ 21 KB
8 KB 186ms
6ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0517f76184f899b738515a124efe8f335f585847387b8889dfa7c0fb132f75a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 20886
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7437
x-xss-protection: 0
server: sffe
date: Mon, 11 May 2020 15:30:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1b9b229ae83eaa45"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 May 2021 15:30:19 GMT

GET
H2 200 bl-2a28c82-67ba8475.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame D49E 98 KB
41 KB 171ms
96ms Script
application/javascript 13.225.87.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-2a28c82-67ba8475.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-36.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89d66cabfb961cd87a89dedc66f047e0f24c1d9ebd761abfed3bdc70357b8b88

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 17:10:19 GMT
content-encoding: gzip
age: 14887
x-cache: Hit from cloudfront
status: 200
content-length: 41658
x-amz-meta-git_commit: 2a28c82
last-modified: Mon, 11 May 2020 17:08:00 GMT
server: AmazonS3
etag: "0fb751e5b7030b42e479d139d8a7f9fa"
x-amz-version-id: 7ONhkHFpmFrbFXLmLb37hAc_5iXzbn10
via: 1.1 e5b747ffd1713cb17ddd7d55234a3301.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: P6YdjBsckuh9t8oHW7sHczjRnEkbSzgN3JUoFxAihppiJ72TcUgrmg==

GET
H2 200 b-0d4dfcb.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame D49E 36 KB
13 KB 174ms
99ms Script
application/javascript 13.225.87.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-36.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 667a53e3145f4c8b641a886082ce900423662980c5fe3d784383c3d481de2320

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 22 Apr 2020 04:11:43 GMT
content-encoding: gzip
age: 1703203
x-cache: Hit from cloudfront
status: 200
content-length: 12549
x-amz-meta-git_commit: 0d4dfcb
last-modified: Wed, 22 Apr 2020 03:15:52 GMT
server: AmazonS3
etag: "17acdbb1a7a117b8f53f3f84e0db205b"
x-amz-version-id: HwMWPPcis1b0hnhKcUJr6rhRxxqLZtvX
via: 1.1 e5b747ffd1713cb17ddd7d55234a3301.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: h18nP5uIPjuD8DFOkHNm3yQa6g8DzSmopo1CswobPaWR5RDe9NxKBg==

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame B774 0
0 100ms
94ms Fetch
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsukEdTCBzIKapANhTARvO8kHek3cM-075PYldMproZOWkWyF06BB6roC_INxGkQozcYl49sx_-b2mll5Yl6H4jpxLbGAZWBNcDxjjywxR67OkvuoUYdwoMRdsC3rHM_BdhlfGslx2oQmOHSIYX0Tdda41xcNqEFAmyFyRF97Sr-MsQbkKeq670NJWWTvuNOPkbnhZ45OABrTULvXrqUv32mn-JdWOoZ12dDZMC-W97BDQ2lEQWccSbroTo0wNodZwdbR0Z6sEaQaoDaZYBzz-ykQ9HZ&sig=Cg0ArKJSzBQc8wzslILwEAE&urlfix=1&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 May 2020 21:18:25 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B774 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 290fd8df275c92837ac4997b74f766adcb8dd66ba3a5e9e4dcc269b6b24d6997

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame C38E 185 B
388 B 65ms
64ms XHR
application/json 52.57.231.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.231.210 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-231-210.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 55136fb81d5ca837da42d07249cb19c6e9b378c96348594952c88ee88aba3a36

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:25 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 175
expires: 0

POST
H/1.1 204
No Content 171621 Show response
search.spotxchange.com/openrtb/2.3/dados/ Frame C38E 0
1 KB 501ms
87ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/171621
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 , Netherlands, ASN35220 (SPOTX-AMS, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 11 May 2020 21:18:25 GMT
X-SpotX-Timing-Transform: 0.000268
X-SpotX-Timing-SpotMarket: 0.022497
X-SpotX-Timing-Page-Mux: 0.000395
X-SpotX-Timing-Page-Require: 0.000394
X-fe: 001
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000030
X-SpotX-Timing-Page: 0.030034
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.003842
Last-Modified: Mon, 11 May 2020 21:18:25 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.019060
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
X-SpotX-Timing-Page-Misc: 0.002587
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.003437
X-SpotX-Timing-Page-URI: 0.000020
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame C38E 0
1 KB 489ms
101ms XHR
application/json 185.86.138.79
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.79 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:25 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 0
expires: -1

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame B774 109 B
174 B 18ms
18ms Script
application/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 May 2020 21:18:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame B774 109 B
894 B 37ms
15ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 May 2020 21:18:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/ Frame B774 217 KB
82 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 83827
x-xss-protection: 0
server: cafe
etag: 14851109439880523126
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 May 2020 21:18:25 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/ Frame DA6F 0
0 61ms
60ms Document
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/zrt_lookup.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20200506/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmiM6iC_fR1V3B6X8jIj11x-2CPzWBlE1Eeanv8Ccu-R9XC1BRliHEegw5U; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Thu, 07 May 2020 02:45:36 GMT
expires: Thu, 21 May 2020 02:45:36 GMT
content-type: text/html; charset=UTF-8
etag: 4094386822458569044
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4444
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 412369
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK w_640_000.ts Show response
video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/ Frame C38E 435 KB
435 KB 83ms
82ms XHR
video/mp2t 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/w_640_000.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 65d1a510c6605e7dddc82196e262206cc308e40532b77ff3bfdcd987322d3d88

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:21 GMT
Last-Modified: Mon, 04 May 2020 16:54:42 GMT
Server: Tengine
ETag: "5eb048d2-6cbbc"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Mon, 18 May 2020 21:18:21 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 445372
X-Proxy-Cache: HIT

GET
BLOB 200
OK 0ac398d1-f9a8-4f17-a57d-0cb50803ae47
https://threatpost.com/ Frame C38E 63 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://threatpost.com/0ac398d1-f9a8-4f17-a57d-0cb50803ae47
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Length: 64352
Content-Type: text/javascript

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012005012256000/ Frame DE9C 204 KB
57 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2b891e379840927eaf16ac1147b0e270c409d7a9e2655dd866a175b996dea9c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/
Origin: https://threatpost.com

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 30435
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57019
x-xss-protection: 0
server: sffe
date: Mon, 11 May 2020 12:51:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bf14143de8659308"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 May 2021 12:51:10 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012005012256000/ Frame DE9C 204 KB
56 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2b891e379840927eaf16ac1147b0e270c409d7a9e2655dd866a175b996dea9c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 30435
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57019
x-xss-protection: 0
server: sffe
date: Mon, 11 May 2020 12:51:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bf14143de8659308"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 May 2021 12:51:10 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012005012256000/v0/ Frame DE9C 16 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/v0/amp-ad-exit-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6911cdf8bbf72eff1b6ae5fa039c42f4ca431e578f4f657dd29c55a65f85fd22

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 46998
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5877
x-xss-protection: 0
server: sffe
date: Mon, 11 May 2020 08:15:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cf1fef681ae7494f"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 May 2021 08:15:07 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012005012256000/v0/ Frame DE9C 98 KB
30 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/v0/amp-analytics-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd0c4ff5bc4e85bcd1ff717afc9d15b8274efe8e644542489bc31fae0346541b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 30414
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30100
x-xss-protection: 0
server: sffe
date: Mon, 11 May 2020 12:51:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "023298bf906f9a2c"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 May 2021 12:51:31 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012005012256000/v0/ Frame DE9C 4 KB
2 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/v0/amp-fit-text-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f9ff4042daa13aa0766bc4854140f7a2942e4deae37d352a617b95000fa54ba

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 47015
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1637
x-xss-protection: 0
server: sffe
date: Mon, 11 May 2020 08:14:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "eed6b15e1dd2165d"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 May 2021 08:14:50 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012005012256000/v0/ Frame DE9C 48 KB
15 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/v0/amp-form-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2c5d4e6a74355f147e25b3ced1d4a66288eab711d0bd3d449ef056fa777c184

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 46998
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15361
x-xss-protection: 0
server: sffe
date: Mon, 11 May 2020 08:15:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d0b45204c403cb94"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 May 2021 08:15:07 GMT

GET
H2 200 13374100567601156455
tpc.googlesyndication.com/daca_images/simgad/ Frame DE9C 70 KB
70 KB 8ms
7ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/13374100567601156455

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69365f595ef2e70fb3bf2392265517af53bbf21331a71c51e876da25d941525e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 Apr 2020 05:29:25 GMT
x-content-type-options: nosniff
age: 1007340
x-dns-prefetch-control: off
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71404
x-xss-protection: 0
last-modified: Wed, 29 Apr 2020 12:04:56 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Apr 2021 05:29:25 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/abg/ Frame DE9C 3 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/en.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 10 May 2020 22:24:00 GMT
x-content-type-options: nosniff
server: cafe
age: 82465
etag: 15880770647744369592
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2982
x-xss-protection: 0
expires: Mon, 11 May 2020 22:24:00 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame DE9C 344 B
459 B 6ms
6ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 May 2020 11:09:01 GMT
x-content-type-options: nosniff
server: cafe
age: 36564
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 12 May 2020 11:09:01 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame DE9C 0
0 14ms
14ms Image
text/html 2a00:1450:4001:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR5qS8UBAPpxH8gniusKdDtUNxEN3XAprq2wxpvYrdpwVAZQsloBzYzN7o_W0qc4Sz6028akhcadQrnY0bPYKtmKK1c3g
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DE9C 0
0 95ms
95ms Image
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C74q4IMG5XtPoJryh7_UPxYm1uAm1yOTrXM3Vyt6rC4fRor3AARABINGH0iBg6gGgAa2lkrYDyAECqQJ74oH49CKyPuACAKgDAcgDCKoEnwJP0NdJMSK0mW89HV7i_K_9CzvNklSIN5xv0pblrIVG9hH4hlm3LBR3tjh_32-v-tDaYiHw5rgS2tYYk6OtKOk3gSiPDvJnENK2Z8fLtWANjbKVatwCGGURIkSaz01OVnuDLnytFWOQ1cuxLkUmLJTSEQfOVwgkZde4_fZ8dhMhoc2Llq2IKTjha3C9lv0opaTSR0t9H5hpTF2fPoigl7WPaqDWV_6auxSq2bsWXypiq0IvExCdWz92bwe3dJ76gn-kdIVcdo_Gvp0DERzXn--roXFDmU0aUreTkJastMwbEe5fIHjpNDulZttH-af5oCtuD9tTiU1hndtswts9BPUJRMIjiUVAmhGWQPno4zqMNEKwo30-BkF4gT8mxHFtf8AE1ZCCkOsC4AQBoAYCgAe72u1JqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEPyMB9IICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNzI2MzU3MzQ0NjgwNDA3OIAKA8gLAdgTAw&sigh=3RZYinoE5F8&tpd=AGWhJmvabLd41WMr_d3OVhhVyBpvv2e4Vl881kTIOL_E1a7GTw
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f98.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame DE9C 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b1b505422d0fc9f5e953cf6d7f72a881d0a16f00e209fdeb5a688b25f331135

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bframe
www.google.com/recaptcha/api2/ Frame 5399 0
0 31ms
29ms Document
text/html 2a00:1450:4001:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=v5f28unfiqtu

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-j17RQY9GxL+RWsGOKdQLWw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=v5f28unfiqtu
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 11 May 2020 21:18:25 GMT
content-security-policy: script-src 'report-sample' 'nonce-j17RQY9GxL+RWsGOKdQLWw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1182
server: GSE
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012005012256000/ Frame D49E 204 KB
56 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2b891e379840927eaf16ac1147b0e270c409d7a9e2655dd866a175b996dea9c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Origin: https://threatpost.com

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 30435
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57019
x-xss-protection: 0
server: sffe
date: Mon, 11 May 2020 12:51:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bf14143de8659308"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 May 2021 12:51:10 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012005012256000/ Frame D49E 204 KB
56 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2b891e379840927eaf16ac1147b0e270c409d7a9e2655dd866a175b996dea9c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 30435
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57019
x-xss-protection: 0
server: sffe
date: Mon, 11 May 2020 12:51:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bf14143de8659308"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 May 2021 12:51:10 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012005012256000/v0/ Frame D49E 98 KB
29 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005012256000/v0/amp-analytics-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd0c4ff5bc4e85bcd1ff717afc9d15b8274efe8e644542489bc31fae0346541b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 30414
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30100
x-xss-protection: 0
server: sffe
date: Mon, 11 May 2020 12:51:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "023298bf906f9a2c"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 May 2021 12:51:31 GMT

GET
H2 200 7464639028652035684
tpc.googlesyndication.com/simgad/ Frame D49E 330 B
447 B 8ms
7ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7464639028652035684

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f19e7ee6cdf20bd478c037707c447b7cd469051de4dadeac32a795efb463c2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 23:20:40 GMT
x-content-type-options: nosniff
age: 2325465
x-dns-prefetch-control: off
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 330
x-xss-protection: 0
last-modified: Tue, 28 Jan 2020 23:02:00 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Apr 2021 23:20:40 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame D49E 0
57 B 102ms
101ms Image
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu2Y_rr6ttsdc5oQpAV65krNlQ9i0x2-qtrbs3Ry9Rq05BzDjIvoI9QjFVS2LFjP-ockYNI61bAuc3iLxkDhq0MrhCajkt4OrNPxYuqROjk0rEIWxRMAFkOPWA-95Qo6VM70uDuDu5-ptTEh-O27_BP3625O-sLszghiQjemm-TLIffIT4cRDMo3CHVtqDn78825NY6s12mv9U7wNsJbEUinEd0FwwOFkNMkg8af8bQA5RGwFAmADpABKw_oc3vJrUcFe_VaUOio5WvuObPdw&sig=Cg0ArKJSzNwFZTUhHtwEEAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 May 2020 21:18:25 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 l
www.google.com/ads/measurement/ Frame D49E 0
0 14ms
13ms Image
text/html 2a00:1450:4001:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRe-dYPz8q4ayppeEpWrsB9694q2Y908sHRWZTy0sLqJ6c0yE9B-aHyGVDl1miqda9Yhy7AkyK9l45ufHIQn4RnA4aYkA
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame D49E 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f528bffb8d1361e705631754ad4a8d46c1092064790c8e3dede2554218482b1e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bframe
www.google.com/recaptcha/api2/ Frame 01CC 0
0 21ms
20ms Document
text/html 2a00:1450:4001:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=2m83vs3bfqjd

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lvM1irWGhE1ZA48DXAVBxg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=2m83vs3bfqjd
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 11 May 2020 21:18:25 GMT
content-security-policy: script-src 'report-sample' 'nonce-lvM1irWGhE1ZA48DXAVBxg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1178
server: GSE
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame B8DF 0
0 180ms
180ms Document
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7500593236707325&output=html&h=250&slotname=7047286166&adk=3026389540&adf=3173046726&w=970&psa=0&guci=1.2.0.0.2.2.0.0&format=970x250&url=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&ea=0&flash=0&wgl=1&dt=1589231905588&bpp=23&bdt=709&idt=373&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1647710577881&frm=23&ife=4&pv=2&ga_vid=1122339299.1589231904&ga_sid=1589231906&ga_hid=331718083&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=308&ady=10&biw=1585&bih=1200&isw=970&ish=250&ifk=845997885&scr_x=0&scr_y=0&eid=21065925%2C21066085&oid=3&pvsid=1000347430724622&pem=707&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.lll8ck5w95bt&fsb=1&dtd=392

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7500593236707325&output=html&h=250&slotname=7047286166&adk=3026389540&adf=3173046726&w=970&psa=0&guci=1.2.0.0.2.2.0.0&format=970x250&url=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&ea=0&flash=0&wgl=1&dt=1589231905588&bpp=23&bdt=709&idt=373&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1647710577881&frm=23&ife=4&pv=2&ga_vid=1122339299.1589231904&ga_sid=1589231906&ga_hid=331718083&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=308&ady=10&biw=1585&bih=1200&isw=970&ish=250&ifk=845997885&scr_x=0&scr_y=0&eid=21065925%2C21066085&oid=3&pvsid=1000347430724622&pem=707&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.lll8ck5w95bt&fsb=1&dtd=392
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmiM6iC_fR1V3B6X8jIj11x-2CPzWBlE1Eeanv8Ccu-R9XC1BRliHEegw5U; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 11 May 2020 21:18:26 GMT
server: cafe
content-length: 22149
x-xss-protection: 0
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame B774 73 KB
27 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bb5347fd356ae8863aeb2695b9f2125a42b90449cd729e3527456dd1f20897b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1588975424504927"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27855
x-xss-protection: 0
expires: Mon, 11 May 2020 21:18:26 GMT

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 0799 0
0 228ms
60ms Document
text/html 23.8.15.54
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.8.15.54 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-8-15-54.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rsid=1|C9y6JkdC6P3ZTGan0csCYSLnoLJML5uAvHM6TpX2M2B2qoGSNATnR8WMZ7rlho/RRR2s2jWpYWaqeROXMyiRSjT4sl0Fg1EK+hUVPpaRFBhKo2m2B6AxOMW+DfS3NzCR; ses15=; vis15=300372^1; ses2=; vis2=300372^1; khaos=KA2ZN55I-1Y-LWH8; audit=1|hLZGFuTafB0A5rxh8VivP/EELEMXO+DLJICHoKI1OKG86+IV5MpYWkD3pCcW8TpHcpj76PKZXj8oT2OqK/B16qwRNgFmLHdP
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 23 Apr 2020 20:31:59 GMT
Content-Encoding: gzip
Content-Length: 9124
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=54262
Expires: Tue, 12 May 2020 12:22:48 GMT
Date: Mon, 11 May 2020 21:18:26 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame FB0D 0
0 223ms
57ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

Connection: keep-alive
Content-Length: 506
Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 11 May 2020 21:18:26 GMT
Age: 24147391
X-Served-By: cache-jfk8138-JFK, cache-fra19156-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 391291, 1273536
X-Timer: S1589231906.401245,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 13EF 0
0 68ms
67ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=159196:2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

Last-Modified: Tue, 14 Apr 2020 10:27:52 GMT
ETag: "13006b6-a4bb-5a33da6f1a023"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 15243
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=133092
Expires: Wed, 13 May 2020 10:16:38 GMT
Date: Mon, 11 May 2020 21:18:26 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame A0CB 0
0 155ms
86ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=159196:2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

Last-Modified: Tue, 14 Apr 2020 10:27:52 GMT
ETag: "13006b6-a4bb-5a33da6f1a023"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 15243
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=133092
Expires: Wed, 13 May 2020 10:16:38 GMT
Date: Mon, 11 May 2020 21:18:26 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 %7Bcombo_uid%7D
pr-bh.ybp.yahoo.com/sync/adaptv_ortb/ Frame C38E 43 B
687 B 43ms
42ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/adaptv_ortb/%7Bcombo_uid%7D

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:26 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET

sync
sync.adap.tv/ Frame C38E
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D
https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XrnBIQAAAGJGpyTo

0
0

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55953/ Frame C38E
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
https://pixel.advertising.com/ups/55953/sync?uid=11dfb934-3a89-46aa-9a0d-7772fc83f5c9&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=11dfb934-3a89-46aa-9a0d-7772fc83f5c9
https://ups.analytics.yahoo.com/ups/55953/sync?uid=11dfb934-3a89-46aa-9a0d-7772fc83f5c9&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=11dfb934-3a89-46aa-9a0d-7772fc83f5c9&apid=1Af2b675f8-93cc-11ea...

0
1 KB

257ms
54ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55953/sync?uid=11dfb934-3a89-46aa-9a0d-7772fc83f5c9&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=11dfb934-3a89-46aa-9a0d-7772fc83f5c9&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.106 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:26 GMT
Server: ATS/7.1.2.106
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Mon, 11 May 2020 21:18:26 GMT
location: https://ups.analytics.yahoo.com/ups/55953/sync?uid=11dfb934-3a89-46aa-9a0d-7772fc83f5c9&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=11dfb934-3a89-46aa-9a0d-7772fc83f5c9&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/57304/ Frame C38E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc
https://pixel.advertising.com/ups/57304/sync?uid=CAESEOCxT8MNdRt9CpAqwCMgblM&google_cver=1
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOCxT8MNdRt9CpAqwCMgblM&google_cver=1&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0

0
1 KB

272ms
54ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOCxT8MNdRt9CpAqwCMgblM&google_cver=1&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.106 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:26 GMT
Server: ATS/7.1.2.106
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Mon, 11 May 2020 21:18:26 GMT
location: https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOCxT8MNdRt9CpAqwCMgblM&google_cver=1&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame DE9C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

95ms
95ms

Image
text/html

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f98.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Mon, 11 May 2020 21:18:26 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 13374100567601156455
tpc.googlesyndication.com/daca_images/simgad/ Frame DE9C 70 KB
70 KB 6ms
5ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/13374100567601156455

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69365f595ef2e70fb3bf2392265517af53bbf21331a71c51e876da25d941525e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 30 Apr 2020 05:29:25 GMT
x-content-type-options: nosniff
age: 1007341
x-dns-prefetch-control: off
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71404
x-xss-protection: 0
last-modified: Wed, 29 Apr 2020 12:04:56 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Apr 2021 05:29:25 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/abg/ Frame DE9C 3 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 10 May 2020 22:24:00 GMT
x-content-type-options: nosniff
server: cafe
age: 82466
etag: 15880770647744369592
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2982
x-xss-protection: 0
expires: Mon, 11 May 2020 22:24:00 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame DE9C 344 B
410 B 7ms
7ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 May 2020 11:09:01 GMT
x-content-type-options: nosniff
server: cafe
age: 36565
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 12 May 2020 11:09:01 GMT

GET
H2 200 7464639028652035684
tpc.googlesyndication.com/simgad/ Frame D49E 330 B
399 B 8ms
5ms Image
image/png 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7464639028652035684

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f19e7ee6cdf20bd478c037707c447b7cd469051de4dadeac32a795efb463c2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 14 Apr 2020 23:20:40 GMT
x-content-type-options: nosniff
age: 2325466
x-dns-prefetch-control: off
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 330
x-xss-protection: 0
last-modified: Tue, 28 Jan 2020 23:02:00 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Apr 2021 23:20:40 GMT

GET
H/1.1 200
OK w_640_001.ts Show response
video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/ Frame C38E 245 KB
245 KB 79ms
79ms XHR
video/mp2t 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/w_640_001.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: c80409cf8eeb6812965f184315ff020686fe890716cf809b6bad6f8e707d3eda

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:22 GMT
Last-Modified: Mon, 04 May 2020 16:54:43 GMT
Server: Tengine
ETag: "5eb048d3-3d230"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Mon, 18 May 2020 21:18:22 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 250416
X-Proxy-Cache: HIT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0677 0
379 B 73ms
73ms Image
text/html 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=16&serverTime=1589231904&s=0&sta=12348808&x=320&y=180&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Viewable%20%2F%202%20%2F%2015&isApp=0&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb9c11ff0944&contentFileId=781737&mediaPlayListId=5946&playerVer=3.0.0&contentMatchType=&isExcludeFromOpt=0&cbuster=1589231906395&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:25 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK w_640_002.ts Show response
video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/ Frame C38E 447 KB
447 KB 61ms
60ms XHR
video/mp2t 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/w_640_002.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 4ca5010543b93cf19f7eb1471af4408b6a3431e33c4ed36da0b059c45a57431d

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:22 GMT
Last-Modified: Mon, 04 May 2020 16:54:43 GMT
Server: Tengine
ETag: "5eb048d3-6fc34"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Mon, 18 May 2020 21:18:22 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 457780
X-Proxy-Cache: HIT

GET
H/1.1 200
OK w_640_003.ts Show response
video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/ Frame C38E 261 KB
261 KB 59ms
58ms XHR
video/mp2t 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/w_640_003.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 4cf01d0c55cde099a24da34175e2a9c503f516d7d95f8c159b7b22dc61d36782

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:22 GMT
Last-Modified: Mon, 04 May 2020 16:54:44 GMT
Server: Tengine
ETag: "5eb048d4-4138c"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Mon, 18 May 2020 21:18:22 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 267148
X-Proxy-Cache: HIT

GET
H/1.1 200
OK w_640_004.ts Show response
video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/ Frame C38E 344 KB
344 KB 57ms
56ms XHR
video/mp2t 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/w_640_004.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 89069f9cbb486f890db3b5e111373febf132297939f5f927e02b338e564ed720

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:22 GMT
Last-Modified: Mon, 04 May 2020 16:54:44 GMT
Server: Tengine
ETag: "5eb048d4-55f7c"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Mon, 18 May 2020 21:18:22 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 352124
X-Proxy-Cache: HIT

GET
H/1.1 200
OK w_640_005.ts Show response
video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/ Frame C38E 415 KB
415 KB 57ms
57ms XHR
video/mp2t 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/w_640_005.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 5248af289bfbe46dfc55fd940df51c6696cabd7ea1aad68cb4e9e5478cbfc47d

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:22 GMT
Last-Modified: Mon, 04 May 2020 16:54:45 GMT
Server: Tengine
ETag: "5eb048d5-67bb0"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Mon, 18 May 2020 21:18:22 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 424880
X-Proxy-Cache: HIT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0677 0
379 B 60ms
60ms Image
text/html 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=36&serverTime=1589231904&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Viewable%20%2F%202%20%2F%2015&isApp=0&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb9c11ff0944&contentFileId=0&mediaPlayListId=0&cbuster=1589231906828&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:25 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame B774 42 B
178 B 40ms
40ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss9FX81pMLd_2msfr3FVMaQaSQLP4KzIs0RcROn0YixM0BMHGoHehQFW89sLMFIeXqf-dIi41Y6oU2SqT5nt0sdG9PvAzOMbqvkeVuvtiU&sig=Cg0ArKJSzAitWEAsEfAGEAE&adk=1015519800&tt=-1&bs=1585%2C1200&mtos=1079,1079,1079,1079,1079&tos=1079,0,0,0,0&p=10,308,260,1278&mcvt=1079&rs=0&ht=0&tfs=735&tls=1718&mc=1&lte=0&bas=0&bac=0&met=ie&la=1&avms=nio&exg=1&md=2&btr=0&lm=2&rst=1589231904890&dlt&rpt=973&isd=0&msd=0&ext&xdi=0&ps=1585%2C6049&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-13-14-12-12-0-0-0&tvt=1708&is=970%2C250&iframe_loc=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&r=v&id=osdim&vs=4&uc=13&upc=0&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200508

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame D49E 42 B
110 B 39ms
38ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvpnBXSI4rnCas69ukNm22B-qDlJw5ncnnYK8T9NwZH7KSq26rH_fYDThHgwUQ4qQ8Z1Pq5Ydp4glsUK8-CnLmF5kob3Pk9Qt0UYs2V5oI&sig=Cg0ArKJSzMt_PH2tt6k6EAE&id=ampim&o=0,0&d=2,2&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=166&tls=1166&g=100&h=100&tt=1166&r=v&avms=ampa&adk=3385906655

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 8EFC 0
0 62ms
62ms Document
text/html 23.8.15.54
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.8.15.54 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-8-15-54.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rsid=1|C9y6JkdC6P3ZTGan0csCYSLnoLJML5uAvHM6TpX2M2B2qoGSNATnR8WMZ7rlho/RRR2s2jWpYWaqeROXMyiRSjT4sl0Fg1EK+hUVPpaRFBhKo2m2B6AxOMW+DfS3NzCR; ses15=; vis15=300372^1; ses2=; vis2=300372^1; khaos=KA2ZN55I-1Y-LWH8; audit=1|hLZGFuTafB0A5rxh8VivP/EELEMXO+DLJICHoKI1OKG86+IV5MpYWkD3pCcW8TpHcpj76PKZXj8oT2OqK/B16qwRNgFmLHdP; pux=1512%3D90814%262231%3D90814%262249%3D90814%262307%3D90814%262974%3D90814%26brx%3D90814%26idl%3D90814%26goog%3D90814%26
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 23 Apr 2020 20:31:59 GMT
Content-Encoding: gzip
Content-Length: 9124
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=54261
Expires: Tue, 12 May 2020 12:22:48 GMT
Date: Mon, 11 May 2020 21:18:27 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame C50A 0
0 85ms
81ms Document
text/html 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.185.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=6962d2b1-d1bc-4c90-996a-949dc9df58c4|1589231903
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=6962d2b1-d1bc-4c90-996a-949dc9df58c4|1589231903; Version=1; Expires=Tue, 11-May-2021 21:18:27 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1589231907|mOgikimWiygu; Version=1; Expires=Tue, 26-May-2020 21:18:27 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.185.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 11 May 2020 21:18:27 GMT
content-type: text/html
content-length: 372
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1

200
OK

2000891.html
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame 8B1B
Redirect Chain

https://sync.serverbid.com/ss/2000891.html
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

0
0

143ms
33ms

Document
text/html

205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

Date: Mon, 11 May 2020 21:18:28 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Cache-Control: max-age=77181
Content-Length: 4947
Content-Type: text/html
Last-Modified: Wed, 20 Nov 2019 20:29:05 GMT
ETag: "1b0ebac83fe30af80513039edbdf566f"
x-amz-request-id: tx00000000000001b5668a7-005eb99d21-3523c7a-nyc3a
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1589231908.dop008.sk1.t,1589231908.cds035.sk1.shn,1589231908.dop008.sk1.t,1589231908.cds036.sk1.c

Redirect headers

status: 302
content-length: 0
location: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
cache-control: no-cache

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 9F20 0
0 75ms
75ms Document
text/html 23.210.249.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.92 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-92.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=159196:2; KADUSERCOOKIE=758F9BE3-CC81-4580-812E-407EB4A49408
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

Last-Modified: Tue, 14 Apr 2020 10:27:52 GMT
ETag: "13006b6-a4bb-5a33da6f1a023"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 15243
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=133091
Expires: Wed, 13 May 2020 10:16:38 GMT
Date: Mon, 11 May 2020 21:18:27 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 9931 0
0 70ms
70ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

Connection: keep-alive
Content-Length: 506
Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 11 May 2020 21:18:27 GMT
Age: 24147392
X-Served-By: cache-jfk8138-JFK, cache-fra19156-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 391291, 1273542
X-Timer: S1589231908.621669,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
264 B 79ms
77ms Image
image/gif 52.18.161.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=1&gdpr_consent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.161.147 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-161-147.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:27 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status: 200
cache-control: private,no-cache, must-revalidate
content-type: image/gif
content-length: 70

GET
H2 204 current
aol-match.dotomi.com/match/bounce/ 0
104 B 147ms
65ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aol-match.dotomi.com/match/bounce/current?networkId=60&version=1&nuid=1Af2891de2-93cc-11ea-bac8-128b912572ea&gdpr=1&gdpr_consent=&rurl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55853%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3D
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Mon, 11 May 2020 21:18:27 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/56465/
Redirect Chain

https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=
https://ups.analytics.yahoo.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0
https://pr-bh.ybp.yahoo.com/sync/adtech/1Af2b675f8-93cc-11ea-a084-12783854d8e0?gdpr=1&gdpr_consent=
https://pixel.advertising.com/ups/56465/sync?uid=y-lLmNnNR1lxmGgxHitk1_L1_A8kjPHylm7v82&_origin=0&nsync=0
https://ups.analytics.yahoo.com/ups/56465/sync?uid=y-lLmNnNR1lxmGgxHitk1_L1_A8kjPHylm7v82&_origin=0&nsync=0&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0

0
1 KB

55ms
54ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/56465/sync?uid=y-lLmNnNR1lxmGgxHitk1_L1_A8kjPHylm7v82&_origin=0&nsync=0&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.106 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:27 GMT
Server: ATS/7.1.2.106
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Mon, 11 May 2020 21:18:27 GMT
location: https://ups.analytics.yahoo.com/ups/56465/sync?uid=y-lLmNnNR1lxmGgxHitk1_L1_A8kjPHylm7v82&_origin=0&nsync=0&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55965/
Redirect Chain

https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent=
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=MBZ7kmZCK5ooR3qfPRA0nTwWKckoF3-ZN0cqbUcB
https://ups.analytics.yahoo.com/ups/55965/sync?_origin=0&gdpr=1&uid=MBZ7kmZCK5ooR3qfPRA0nTwWKckoF3-ZN0cqbUcB&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0

0
1 KB

54ms
54ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55965/sync?_origin=0&gdpr=1&uid=MBZ7kmZCK5ooR3qfPRA0nTwWKckoF3-ZN0cqbUcB&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.106 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:27 GMT
Server: ATS/7.1.2.106
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Mon, 11 May 2020 21:18:27 GMT
location: https://ups.analytics.yahoo.com/ups/55965/sync?_origin=0&gdpr=1&uid=MBZ7kmZCK5ooR3qfPRA0nTwWKckoF3-ZN0cqbUcB&apid=1Af2b675f8-93cc-11ea-a084-12783854d8e0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B774 7 KB
6 KB 40ms
19ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200506&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

64d83e8288b8e4e3ccb09a7a0d4f3eea112e4c9210eebe9e4262779b4bcafae5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 May 2020 21:18:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 5514
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B774 14 KB
5 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1582746470043195"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5456
x-xss-protection: 0
expires: Mon, 11 May 2020 21:18:27 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 01A2 0
0 6ms
5ms Document
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-0d4dfcb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/209/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 5727
date: Mon, 11 May 2020 20:35:18 GMT
expires: Tue, 11 May 2021 20:35:18 GMT
last-modified: Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2589
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B774 0
60 B 40ms
39ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200506&jk=1000347430724622&bg=!U1ClUEhY1TNAKwvbrcYCAAAATVIAAAAPmQF8V91BE0gyHq5IOxnXhGcVO9ThUEaTJwlaskqtqNCv1ypRWNm-US0S9CcUI56vBCh0eDKmvldjHzSYPm8gticGB7edSrhbnB5TFJejDbUtDpvj4uANJ4IAaFsXV-0MOZBGy0c6mqu_xZ-hqF333I_0T--xKraRvF9vuXJlCylJZ-rfzREEChW1LpBcH7KNox6Yj7ldzzuarLy1d1oVmK2VzCEETaGfNmUTyGZbo0gAkS7OFuo5tado_QniWUAe5ybTNsD0uOEzHo62qiZnklwngkzzI_ltFkHxCEHN3_pe3qkIrOt5q98J42AoST-JJ0ba66h0vWZd9yaUjLWL5ODlMK1psw2W5iIiQC_r_-gQoh-7uWprsgXvbrWd3y5KVzVUlLtuXZ8e_MIomFRR-yKJxpuDsLfwq8NBe_RR35L8B5NEF4nQtwWLzE52cGHIs8O0lwgkAUKzE8-so9iaF1MiT_n-uhaPa8fzenWMBnkFXxuUXdkXGo5M07BcVsc

Requested by

Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0677 0
379 B 60ms
59ms Image
text/html 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1589231904&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Viewable%20%2F%202%20%2F%2015&isApp=0&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb9c11ff0944&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1589231909827&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:29 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK w_640_006.ts Show response
video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/ Frame C38E 223 KB
223 KB 82ms
82ms XHR
video/mp2t 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/w_640_006.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 989d7755e6125044da00427b33b485a74ed3c6cd888e81f6d2df07c9f17f4e6f

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:28 GMT
Last-Modified: Mon, 04 May 2020 16:54:45 GMT
Server: Tengine
ETag: "5eb048d5-37c44"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Mon, 18 May 2020 21:18:28 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 228420
X-Proxy-Cache: HIT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0677 0
379 B 61ms
61ms Image
text/html 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1589231904&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Viewable%20%2F%202%20%2F%2015&isApp=0&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb9c11ff0944&contentFileId=0&mediaPlayListId=0&dur=1000&cbuster=1589231914536&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:34 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0677 0
379 B 62ms
61ms Image
text/html 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1589231904&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Viewable%20%2F%202%20%2F%2015&isApp=0&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb9c11ff0944&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1589231914827&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:34 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 7 KB
5 KB 16ms
16ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020050602&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4875f3b662f740bf6c5385ddd45e75d56b8b663e847f75803ca78b373dc666a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 May 2020 21:18:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 5510
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
5 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 11 May 2020 21:18:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1582746470043195"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5456
x-xss-protection: 0
expires: Mon, 11 May 2020 21:18:36 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame E415 0
0 7ms
6ms Document
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/209/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 5727
date: Mon, 11 May 2020 20:35:18 GMT
expires: Tue, 11 May 2021 20:35:18 GMT
last-modified: Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2598
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
58 B 39ms
39ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020050602&jk=738816376293837&bg=!1Nel189YRBPJPUsIIVYCAAAAUlIAAAAPmQF2dBTtbqSXdZO8qwISIrNdlAO3P9TJdM5xFO6Cq1GVH9MLect-CKxm-i1EVZ47gjpBzlrzsgjtHpwG9XJkOTkYCFCJdwf3D0XF5KHxwmpeXfFPLhwWS5nSe-vfP2gzXi2mOepS1nf3UgTiifOPO7ng7nJNmn2rBy3NRYgHMDiqNFQx1TfaTo1uO2QQcmyH_8bpEteDo0z7-Mt5v8hPy3Zsp2xSyt7F57z9e1tZquAbkR3FzFpM-DaGitZSoLmz5DukqkMrccnypXk2m1SP3mXAbGqfZqDYHJJ8dZjXxMUDJTN06v4urk2Jkj65NpyKYHpAgEtLvP4mxlz0ZV-w0tBSya1zr3XZqh55zD3urHJB7sFEb5f39U_C6s__jQTGydQ7ZexWqQNlzaI-OVukbRy9YQbvr39sfAiToB2siMF2x4VumZJTfs2bKY673sBflBBlKbBGTbswI1aYPyg3qvYah-888YmQyQeGSgL5-J4iOXQ2xbhjOf4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK w_640_007.ts Show response
video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/ Frame C38E 174 KB
175 KB 82ms
82ms XHR
video/mp2t 185.167.98.14
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn13/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5eb040639afb8598934116.mp4/w_640_007.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 84c8c760bc9693d5cb2ace6a623e768d8e3709878bd0d1bec91ed339d19132c5

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 11 May 2020 21:18:34 GMT
Last-Modified: Mon, 04 May 2020 16:54:46 GMT
Server: Tengine
ETag: "5eb048d6-2b9a8"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Mon, 18 May 2020 21:18:34 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 178600
X-Proxy-Cache: HIT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0677 0
379 B 61ms
60ms Image
text/html 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1589231904&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Viewable%20%2F%202%20%2F%2015&isApp=0&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb9c11ff0944&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1589231919827&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:39 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame C38E 185 B
385 B 64ms
63ms XHR
application/json 52.57.231.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.231.210 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-231-210.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: cc5a123813d2b8a3f3a9847540a10b00f78907aaf989bb4a21acf8c16b8d9c46

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:40 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 172
expires: 0

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ Frame C38E 25 B
1017 B 146ms
146ms XHR
application/json 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=435870&v=8.1&r=%7B%22id%22%3A%222852436ab66829c%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22297b14ee579ac3e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.8%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&nf=1&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9f736c61056a0f489de4a661d7dc010b64f7a12ede4cf69f3fd3643da2ecacf4

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:40 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 45
Content-Type: application/json
Akamai-Age-Ms: 1589231920202
Expires: Mon, 11 May 2020 21:18:40 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame C38E 0
59 B 58ms
58ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 11 May 2020 21:18:40 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame C38E 0
215 B 68ms
67ms XHR
application/json 3.120.54.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.54.253 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-54-253.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Server: adaptv/1.0
Connection: keep-alive
Content-Length: 0
Content-Type: application/json

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C38E 19 B
712 B 164ms
61ms XHR
application/json 37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.36 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:42 GMT
X-Proxy-Origin: 165.231.142.36; 165.231.142.36; 692.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.254:80
AN-X-Request-Uuid: 850873a9-cdd8-4ddd-b564-b519bd4cfd8e
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame C38E 92 B
295 B 107ms
107ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fmillions-thunderbolt-devices-thunderspy-attack%2F155620%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=c73392ac-3e8b-4b88-a301-c1efcdadb01f&nocache=1589231920100&gdpr_consent=&gdpr=1&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&skip=1&auid=540882779&vwd=320&vht=180&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.185.0 /
Resource Hash: 004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:40 GMT
via: 1.1 google
server: OXGW/16.185.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 92
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0677 43 B
463 B 60ms
60ms Image
image/gif 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=6&serverTime=1589231904&s=58057&sta=12381400&x=320&y=180&msta=12348808&vid_vastType=3&vid_viewabilityState=1&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Viewable%20%2F%202%20%2F%2015&playbackMethod=auto&isApp=0&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb9c11ff0944&rvn=${VP_RVN_MACRO}&attemptMultiplier=10&contentFileId=0&mediaPlayListId=0&playerVer=3.0.0&cbuster=1589231920092&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:39 GMT
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Content-Disposition: inline; filename="pixel.gif"
Content-Type: image/gif
Expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H/1.1 204
No Content 171621 Show response
search.spotxchange.com/openrtb/2.3/dados/ Frame C38E 0
1 KB 78ms
78ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/171621
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 , Netherlands, ASN35220 (SPOTX-AMS, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 11 May 2020 21:18:40 GMT
X-SpotX-Timing-Transform: 0.000285
X-SpotX-Timing-SpotMarket: 0.014770
X-SpotX-Timing-Page-Mux: 0.000331
X-SpotX-Timing-Page-Require: 0.000371
X-fe: 049
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000032
X-SpotX-Timing-Page: 0.021358
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.003321
Last-Modified: Mon, 11 May 2020 21:18:40 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.011557
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
X-SpotX-Timing-Page-Misc: 0.002232
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.003213
X-SpotX-Timing-Page-URI: 0.000015
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame C38E 184 B
386 B 57ms
57ms XHR
application/json 52.57.231.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.231.210 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-231-210.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e8d368de0ad9e47fe319c14d9eff50362f386118905c047081b23d2c1f3d0caa

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:40 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 173
expires: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame C38E 0
1 KB 98ms
98ms XHR
application/json 185.86.138.79
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.79 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 May 2020 21:18:39 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 0
expires: -1

GET
H2

200

pd
u.openx.net/w/1.0/ Frame 20C0
Redirect Chain

https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
https://u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=

0
0

61ms
61ms

Document
text/html

34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.185.0 /
Resource Hash

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=38dbf4eb-eb6d-4aa2-a991-5ab8ac0d2b66|1589231921
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=38dbf4eb-eb6d-4aa2-a991-5ab8ac0d2b66|1589231921; Version=1; Expires=Tue, 11-May-2021 21:18:41 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1589231921|mOgikimWiygu; Version=1; Expires=Tue, 26-May-2020 21:18:41 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.185.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 11 May 2020 21:18:41 GMT
content-type: text/html
content-length: 375
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

status: 302
set-cookie: i=38dbf4eb-eb6d-4aa2-a991-5ab8ac0d2b66|1589231921; Version=1; Expires=Tue, 11-May-2021 21:18:41 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.185.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u.openx.net/w/1.0/pd?cc=1&gdpr=1&gdpr_consent=
date: Mon, 11 May 2020 21:18:41 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0677 0
379 B 61ms
60ms Image
text/html 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1589231904&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Viewable%20%2F%202%20%2F%2015&isApp=0&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb9c11ff0944&contentFileId=0&mediaPlayListId=0&dur=1000&cbuster=1589231924535&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:44 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0677 0
379 B 60ms
60ms Image
text/html 194.146.38.23
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1589231904&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Viewable%20%2F%202%20%2F%2015&isApp=0&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb9c11ff0944&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1589231924827&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.146.38.23 -, , ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.17
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 May 2020 21:18:44 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.17
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET liveView.php
live.sekindo.com/live/ Frame 0677 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.adap.tv
URL: https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XrnBIQAAAGJGpyTo

Domain: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1589231904&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Viewable%20%2F%202%20%2F%2015&isApp=0&userIpAddr=165.231.142.36&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb9c11ff0944&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1589231929827&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=

Verdicts & Comments Add Verdict or Comment

263 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

26 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 315) Message: gBrowserWidth =1600
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 340) Message: OpenX Slot defined for /21707124336/ThreatPost-970x250-ATF div-gpt-ad-6794670-2
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 340) Message: OpenX Slot defined for /21707124336/ThreatPost-300x250-ATF div-gpt-ad-6794670-3
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 340) Message: OpenX Slot defined for /21707124336/ThreatPost-300x600-ATF div-gpt-ad-6794670-5
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 340) Message: OpenX Slot defined for /21707124336/ThreatPost-2x2-Skin div-gpt-ad-6794670-1
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 3) Message: CMP: Locale=en-us gdpr= false
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 3) Message: GDPR is not applicable, skipping initialization of CMP
console-api	log	(Line 3) Message: Not calling apstag.init() typeof(kAmazonPublisherID)=undefined
console-api	log	(Line 3) Message: ENGINE: gSChainNodes found, prebid configured with 1 supply chain object(s)
console-api	log	(Line 3) Message: Initial Ad Load
console-api	log	(Line 3) Message: sendBidRequests() gPBJSTimeoutTimer=null pbjs.adserverRequestSent=undefined
console-api	log	(Line 3) Message: pbjs bids returned
console-api	log	(Line 3) Message: gPBJSTimeoutTimer cleared
console-api	log	(Line 3) Message: sendAdserverRequest(): pbjsBidsBack
console-api	log	(Line 3) Message: sendAdserverRequest()
console-api	log	(Line 3) Message: Not calling apstag.setDisplayBids() gAmazonBidsBack=false
console-api	log	(Line 3) Message: pbjs.getAdserverTargeting: >> Prebid
console-api	log	(Line 3) Message: [object Object]
console-api	log	(Line 3) Message: pbjs.getBidResponses:
console-api	log	(Line 3) Message: [object Object]
console-api	log	(Line 3) Message: gThisRefreshSlots=
console-api	log	(Line 3) Message: [object Object],[object Object],[object Object],[object Object]
console-api	log	(Line 3) Message: sendAdserverRequest(): ---> Calling googletag.pubads().refresh()
console-api	log	(Line 3) Message: console.groupEnd
console-api	info	URL: https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js(Line 418) Message: Powered by AMP ⚡ HTML – Version 2005012256000 https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
console-api	info	URL: https://cdn.ampproject.org/rtv/012005012256000/amp4ads-v0.js(Line 418) Message: Powered by AMP ⚡ HTML – Version 2005012256000 https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acdn.adnxs.com
ads.adaptv.advertising.com
ads.pubmatic.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
analytics.twitter.com
aol-match.dotomi.com
ap.lijit.com
as-sec.casalemedia.com
assets.threatpost.com
c.amazon-adsystem.com
cdn.ampproject.org
cm.g.doubleclick.net
csync.loopme.me
e.serverbid.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
graph.facebook.com
hbopenbid.pubmatic.com
ib.adnxs.com
kasperskycontenthub.com
live.sekindo.com
match.adsrvr.org
media.threatpost.com
pagead2.googlesyndication.com
pixel.advertising.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
prg.smartadserver.com
qd.admetricspro.com
rules.quantcount.com
search.spotxchange.com
secure.quantserve.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
static.ads-twitter.com
stats.g.doubleclick.net
sync.adap.tv
sync.serverbid.com
t.co
tagan.adlightning.com
teachingaids-d.openx.net
threatpost.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
video.sekindo.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.reddit.com
www.youtube.com
x.bidswitch.net
live.sekindo.com
sync.adap.tv
104.244.42.3
104.244.42.5
13.225.87.36
134.209.129.254
134.209.131.220
138.201.34.178
143.204.90.242
151.101.12.157
151.101.13.108
172.217.18.98
18.156.0.31
185.167.98.14
185.64.189.112
185.86.138.79
185.94.180.124
194.146.38.23
199.232.53.140
205.185.216.42
216.58.210.2
23.210.249.164
23.210.249.92
23.8.15.54
2600:9000:2016:3600:0:5c46:4f40:93a1
2600:9000:20eb:1200:6:44e3:f8c0:93a1
2600:9000:2156:b800:2:9275:3d40:93a1
2606:2800:233:97b6:26be:138a:cba8:bb01
2606:4700:3035::6812:2130
2620:1ec:21::14
2a00:1288:110:c305::8000
2a00:1450:4001:800::2008
2a00:1450:4001:801::2003
2a00:1450:4001:808::2002
2a00:1450:4001:808::2003
2a00:1450:4001:817::200e
2a00:1450:4001:81a::2001
2a00:1450:4001:81b::2001
2a00:1450:4001:81e::2004
2a00:1450:4001:81f::2002
2a00:1450:4001:820::2003
2a00:1450:4001:821::200a
2a00:1450:4001:825::200e
2a00:1450:400c:c04::9c
2a02:fa8:8806:12::1370
2a03:2880:f01c:800e:face:b00c:0:2
3.120.54.253
34.95.120.147
35.157.89.106
35.173.160.135
37.252.172.36
52.18.161.147
52.28.46.116
52.57.231.210
69.173.144.141
72.251.249.13
91.228.74.149
91.228.74.170
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
00e3d76bc28c0bba7a096ce2072223eac6fb0e704c7d95262e0a2eb1fe4aa7d2
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
0875862efc0b3318a2104d27726d71f6f61d95a6e04ef6becb2793e66b2bc27a
0a3f4272de6a38b1e429da24ebf7c1c86d2d9f3f257f02ed27046a27b8fd9df1
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0f9ff4042daa13aa0766bc4854140f7a2942e4deae37d352a617b95000fa54ba
10de7d69af358751d5f0146c012cf400cb2940c6dbdb7d624061e60914c48666
172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d
1d36800d5a9c72e02424db4f2ee2d3e3391388e8b7e863533f73c788df14ab5e
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1fe46ed988ea7d920f4af5493b3835cbd9799f7ae29c020f3cb25092922671d3
2264d1adc9a2943dff769c67f74bb3451f92c0e22de0bfd265d43cad7960ba3f
22bce61f4ab1cabf0df284f75cf064654e2c82fd992de9b8bd951f3bb43a87ca
23ca30e6c91441158bbc3be4b843be9478d7363861ef7616c37f9b588bdd1663
25cbfbe95753b2b7cc509e199271f8ab339b45f4c4b28a098e3cc7b40ae644cb
27477adf0a390602dfc6d000081ae3f8f21a42ec7e0a78c27261abb5ace9fb28
285a591bac78eebf726461ad27ada02790d8a225f602ec0e63d4f8bbad79453b
290fd8df275c92837ac4997b74f766adcb8dd66ba3a5e9e4dcc269b6b24d6997
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c167f4042d1338b33e2822f3b3dca3646bffcac14747d934c50794192dc3c2b
2da64b71aa7e176bff1a474dea899079cca9416a274a440e8c052de8b83ae63f
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
2f434a5ff30176f3810c20f487df766e3f37a71b9560d0f48994e486e5d0e4ae
2f60e0cd10c7b5f5d5cf4c4699dcfe56e658905bc60c1ede0d961f0610ca2dff
3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
32ab9cbc82797d05b18d1a15697b8dc8e70cba544d3134a07e50c641166da1a6
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3bc8c6062c104270a0fdd4a021264fd8cc70a25dc9513f2367082e15b3ded839
3c3c5d6587cb1508ff66752c507b8d936fe479a204e15f9eb43aa84a7f065a54
3dbd06bf1d690a4c0fcbfcd77c26a032558b9f9698bb7261191bfb19656bf8ca
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4875f3b662f740bf6c5385ddd45e75d56b8b663e847f75803ca78b373dc666a0
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4bd92ed529a4ba1ef909f0ae3782a7b7336b35ea58828863f24e115e369d9ffa
4ca5010543b93cf19f7eb1471af4408b6a3431e33c4ed36da0b059c45a57431d
4cf01d0c55cde099a24da34175e2a9c503f516d7d95f8c159b7b22dc61d36782
4fbfe635c94808ec9e9c2c9607e19856c82be96741b120f7a714217fdd500541
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
50815ead29c255cd91ada7e4aec28b88f0c1f5003b024836ae93c378badffe3b
5248af289bfbe46dfc55fd940df51c6696cabd7ea1aad68cb4e9e5478cbfc47d
533cc0698433c867c4a58583ce5e346f39650c7e955777c7feea04866aebc9c0
534363d27d1f09a683387b81782402b5f2a048f213b3990fd1e28e11fd04c0bd
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55136fb81d5ca837da42d07249cb19c6e9b378c96348594952c88ee88aba3a36
5986133b7d568177549179916549f17761b51b4edf62b2dd4815128a74cb2661
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5b1b3e1dbec0a6b898bf6b8f17caa692c112ba2d215a1300b1c014c75f9f5ad8
5ba8ef0da1dcc34d139660c846ec54fb0d775940b11966251d235c1578ff6f87
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5e00db38c7c200422a1b2604eccaee91db1aa7dd5aead5383f62b85cead19068
6283556eed980913d54973a8d8e11a6e78107144420a6efc0bded40fb66d9269
64d83e8288b8e4e3ccb09a7a0d4f3eea112e4c9210eebe9e4262779b4bcafae5
65d1a510c6605e7dddc82196e262206cc308e40532b77ff3bfdcd987322d3d88
667a53e3145f4c8b641a886082ce900423662980c5fe3d784383c3d481de2320
67365fc440e113f396e7e952dd4fe0e6c9620a40636ce9ce678c67c8d175badf
6783832b21d035d22bf361bdb1bfebf608213bd883366bdc0611e056d8405473
683e1b018e8f26073c9d28cc27d021f3bb04a624bb12322d1c9015ae0be5561c
6911cdf8bbf72eff1b6ae5fa039c42f4ca431e578f4f657dd29c55a65f85fd22
69365f595ef2e70fb3bf2392265517af53bbf21331a71c51e876da25d941525e
6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2
72261237e99cd1d300a4e00ca5a297c82e75ec56d17f064a31c2fdde0131d509
76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e
76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099
7d0492c66125b1c2bdc419641e41542857e7d90e323d355ee0b8bb268da121fb
7d9944f6f4e2d0330ca2a9d758a404fdca5937f4a0ddf939247ca3505f9f0bbc
816b8f287a0c9b660cb60e0b1a6b7ca6cef72ff82db34c1997578b296721c885
84c8c760bc9693d5cb2ace6a623e768d8e3709878bd0d1bec91ed339d19132c5
85055b2bd2813119f5d846f6084e183be9800ea624cf0ed4540ec7655f870eb3
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
85a64faec356c3a72f249a98a037317adc730ec6d38e47653cd53be5485d80a1
872bc43fe948476ecdab79164f38503ecba5fe4fc5ae4f12a0216e1e3c23ad25
877f858d0fe0a3575a7a62d55796489562d9531ddaeb78be7037a97a299ea899
89069f9cbb486f890db3b5e111373febf132297939f5f927e02b338e564ed720
89d66cabfb961cd87a89dedc66f047e0f24c1d9ebd761abfed3bdc70357b8b88
8b1b505422d0fc9f5e953cf6d7f72a881d0a16f00e209fdeb5a688b25f331135
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
925f3a8ea4e0a2b1a3335e25eb33be7124cf58a465fcd796f7b2c2d2cfc54759
93fd30f6863ebddd9220238163700a7f4049fd2b6a2f43896f4f9eefae4103c4
940e0c3385928422aae38e1a74f1d84b462d8ce1a056c686fde505a0bf3162bb
973d78aac43659e01a8787cab841d7ad06244f14412ee920d772674698ed4188
975ee123b2e5a299c8a857798c11049fdf09f88fe363254a90ab99263b874cda
989d7755e6125044da00427b33b485a74ed3c6cd888e81f6d2df07c9f17f4e6f
993ebc45d9927d420801f05819222e8cc1aa523187e4c0b290df02b23ce18093
9bb5347fd356ae8863aeb2695b9f2125a42b90449cd729e3527456dd1f20897b
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9f40f7297122393e1425eec62e78a75c3211f7ad3f6b09a356aa317fcedc2cf3
9f736c61056a0f489de4a661d7dc010b64f7a12ede4cf69f3fd3643da2ecacf4
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2c5d4e6a74355f147e25b3ced1d4a66288eab711d0bd3d449ef056fa777c184
a2e2059610101cb4718d6d9cf8d6e44243838304968710f35ed7f44188a9c279
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
a48040c2daceb0e950a3ad6d02d0e79363440776915878e3f517030d69e2da8a
a9ccdefe0a821df80b8292afc4991c8f61a16a5d1b6507bc0409a50d7cd805d1
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7
aaf45a172ec90c76bcecd61c68d998c2256fe9b1700371e80011d1161c5ab629
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ace61d80f3fe90bbb02ab328d9705b57a9c8a95d3a0bf6b4cd510d4dacd033df
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
ae428ed5bed53a71f99ddf51c89bc8333d0ba44c51deefb7c6cae54f67d209f7
b5ee9a5b1b80ef8d03d1d67542671dd9fb9cbdd2c4f955dc14eb3417a9dcdd70
b68b4d1e6d63eabb8a4f663f7755454028aa22d9a0edc88d5b77c58e932d7fa0
bcf391dd0b006a87698ac0894d71039d610480913d24fcdaa1f2fdeeeda943e3
c093719869fa0fa0375b76f64d9d01908527177983a0740ec475e2bf8dae79c9
c3be3fd706a009d066170f2c15b042666996ac5002c98c244874e19ac14bf088
c4b5c1f949f059e3abb05ddcb7cc9944f8c16811e0eb1db9003bc5f8a4eb0634
c80409cf8eeb6812965f184315ff020686fe890716cf809b6bad6f8e707d3eda
c9fff884f49d2eb540f6d6d4dadd4817909c8c90d28dade868c5344baf68a2ba
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc5a123813d2b8a3f3a9847540a10b00f78907aaf989bb4a21acf8c16b8d9c46
d03b8681e381be20d81ccb091e9c0f6717818cca7ece73c47a7e6591cf5ce90c
d2783190e1faae20befe2df7de68b6348350a2c463c42fc3e4bc15076afb744c
d2b891e379840927eaf16ac1147b0e270c409d7a9e2655dd866a175b996dea9c
d50297c2a63dd7cdb65fc438f2aa1211b75c9c90dae17fdb373d754f17f9dffe
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
dd0c4ff5bc4e85bcd1ff717afc9d15b8274efe8e644542489bc31fae0346541b
def79cde0ac4d7ee1bd4e8ce443b36005949f3f727561279b24b73ae253b2443
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e06616d095afb6debcaa29e8708a95d1aad89145aabbcf104f205f8331ed7728
e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796
e3a59eba123b8a0e2cf8a54eb06a12491f840d7d4d822a5fbe02927551beb888
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e8c57aec62d13d4f21e80d1adae68c2d7b87236ced9abd0cf3b9319004f0a38b
e8d368de0ad9e47fe319c14d9eff50362f386118905c047081b23d2c1f3d0caa
e8e0fa6594e536d393b228ed2dd0fdb1565b890f2560fe30ccd8ff553f8fbe44
e9db32c507d6f307ecdf792f4e077c82206ece704ad465b6ff97968d946ce6ab
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0517f76184f899b738515a124efe8f335f585847387b8889dfa7c0fb132f75a
f19e7ee6cdf20bd478c037707c447b7cd469051de4dadeac32a795efb463c2e2
f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea
f528bffb8d1361e705631754ad4a8d46c1092064790c8e3dede2554218482b1e
f6018f267f5654f6f4ed28ddc8957a25a214a1920a387e35da4d85adcdb62463
f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

227 Requests

99 %HTTPS

39 %IPv6

42 Domains

63 Subdomains

52 IPs

10 Countries

5959 kBTransfer

10105 kBSize

0 Cookies

16 Outgoing links

Redirected requests

227 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

227
Requests

99 %
HTTPS

39 %
IPv6

42
Domains

63
Subdomains

52
IPs

10
Countries

5959 kB
Transfer

10105 kB
Size

0
Cookies

227 HTTP transactions
5 data transactions