www.komando.com Open in urlscan Pro
2606:4700::6812:a460 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Submission: On September 25 via api (September 25th 2020, 1:31:42 pm UTC) from US

Summary HTTP 330 Redirects Links 32 Behaviour Indicators

Summary

This website contacted 96 IPs in 9 countries across 67 domains to perform 330 HTTP transactions. The main IP is 2606:4700::6812:a460, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.komando.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 18th 2020. Valid for: 3 months.

This is the only time www.komando.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	2606:4700::68... 2606:4700::6812:a460	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6812:678	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:817::200a	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:64:... 2a02:26f0:64::214:84d8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	151.101.65.195 151.101.65.195	54113 (FASTLY) (FASTLY)
4	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
4	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
16	178.79.242.139 178.79.242.139	22822 (LLNW) (LLNW)
4	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
4	2606:4700:20:... 2606:4700:20::681a:8b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.86.7.22 99.86.7.22	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:81b::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE)
25	52.72.80.38 52.72.80.38	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
14	151.101.113.44 151.101.113.44	54113 (FASTLY) (FASTLY)
1	34.195.35.40 34.195.35.40	14618 (AMAZON-AES) (AMAZON-AES)
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	151.101.12.84 151.101.12.84	54113 (FASTLY) (FASTLY)
1	2a03:2880:f02... 2a03:2880:f02d:e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE)
2	151.101.13.181 151.101.13.181	54113 (FASTLY) (FASTLY)
1 4	23.37.53.17 23.37.53.17	16625 (AKAMAI-AS) (AKAMAI-AS)
2	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:932	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::200d	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
3	34.249.58.234 34.249.58.234	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:819::2006	15169 (GOOGLE) (GOOGLE)
1	34.225.120.49 34.225.120.49	14618 (AMAZON-AES) (AMAZON-AES)
8	172.217.23.162 172.217.23.162	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::681a:91b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	13.226.159.204 13.226.159.204	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
1	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
2 9	185.33.220.145 185.33.220.145	29990 (ASN-APPNEX) (ASN-APPNEX)
3	52.209.188.101 52.209.188.101	16509 (AMAZON-02) (AMAZON-02)
4	104.16.190.66 104.16.190.66	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.157.104.14 35.157.104.14	16509 (AMAZON-02) (AMAZON-02)
7	69.173.144.141 69.173.144.141	26667 (RUBICONPR...) (RUBICONPROJECT)
8	52.58.195.54 52.58.195.54	16509 (AMAZON-02) (AMAZON-02)
2	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
2	23.212.156.24 23.212.156.24	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	216.58.208.38 216.58.208.38	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::ac43:4513	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:218... 2600:9000:2182:7000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
2 2	3.120.143.70 3.120.143.70	16509 (AMAZON-02) (AMAZON-02)
2 10	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	40.113.136.100 40.113.136.100	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	185.29.135.42 185.29.135.42	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 2	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
1 2	64.202.112.191 64.202.112.191	23352 (SERVERCEN...) (SERVERCENTRAL)
1 1	92.123.150.214 92.123.150.214	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	52.16.238.200 52.16.238.200	16509 (AMAZON-02) (AMAZON-02)
1 2	72.251.249.9 72.251.249.9	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	54.190.100.128 54.190.100.128	16509 (AMAZON-02) (AMAZON-02)
1	185.86.139.89 185.86.139.89	201081 (SMARTADSE...) (SMARTADSERVER)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
1	141.226.224.32 141.226.224.32	200478 (TABOOLA-AS) (TABOOLA-AS)
3 3	18.194.69.213 18.194.69.213	16509 (AMAZON-02) (AMAZON-02)
1 1	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1 2	3.126.247.13 3.126.247.13	16509 (AMAZON-02) (AMAZON-02)
1	213.254.244.24 213.254.244.24	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:818::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:81a::2001	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
1 2	52.95.123.41 52.95.123.41	16509 (AMAZON-02) (AMAZON-02)
1	93.184.220.187 93.184.220.187	15133 (EDGECAST) (EDGECAST)
1	68.232.34.237 68.232.34.237	15133 (EDGECAST) (EDGECAST)
1	52.59.61.242 52.59.61.242	16509 (AMAZON-02) (AMAZON-02)
1	69.173.144.154 69.173.144.154	26667 (RUBICONPR...) (RUBICONPROJECT)
7	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE)
7	95.100.73.104 95.100.73.104	16625 (AKAMAI-AS) (AKAMAI-AS)
2	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.210.249.83 23.210.249.83	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	52.57.173.127 52.57.173.127	16509 (AMAZON-02) (AMAZON-02)
4	52.206.86.50 52.206.86.50	14618 (AMAZON-AES) (AMAZON-AES)
1	52.217.101.196 52.217.101.196	16509 (AMAZON-02) (AMAZON-02)
10	178.79.227.9 178.79.227.9	22822 (LLNW) (LLNW)
2	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (HIGHWINDS3) (HIGHWINDS3)
2	18.196.104.43 18.196.104.43	16509 (AMAZON-02) (AMAZON-02)
1	23.210.249.164 23.210.249.164	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.72.36.5 52.72.36.5	14618 (AMAZON-AES) (AMAZON-AES)
2	52.212.58.206 52.212.58.206	16509 (AMAZON-02) (AMAZON-02)
1	198.148.27.134 198.148.27.134	19189 (PULSEPOINT) (PULSEPOINT)
10	2a00:1450:400... 2a00:1450:4001:81e::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
330	96

10 2606:4700::6812:a460 (United States)

ASN13335 (CLOUDFLARENET, US)

www.komando.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:678 (United States)

ASN13335 (CLOUDFLARENET, US)

cookie-cdn.cookiepro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:817::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:64::214:84d8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

users.api.jeeng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.195 (United States)

ASN54113 (FASTLY, US)

sdk.jeeng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widget-modal-popup-v2-prod.firebaseapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 178.79.242.139 (Italy)

ASN22822 (LLNW, US)
PTR: https-178-79-242-139.fra.llnw.net

player.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
config.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::681a:8b (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.7.22 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-22.fra6.r.cloudfront.net

www.stack-sonar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 52.72.80.38 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-80-38.compute-1.amazonaws.com

pixel.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:824::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 151.101.113.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.195.35.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-195-35-40.compute-1.amazonaws.com

api.stack-sonar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.84 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

api.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.181 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

widget.perfectmarket.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.37.53.17 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-53-17.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.188.71.214 (United States)

ASN15169 (GOOGLE, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:932 (United States)

ASN13335 (CLOUDFLARENET, US)

freestar-io.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.249.58.234 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-58-234.eu-west-1.compute.amazonaws.com

vid.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:819::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.225.120.49 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-120-49.compute-1.amazonaws.com

lreprx-server.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.23.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f162.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:91b (United States)

ASN13335 (CLOUDFLARENET, US)

mrb.upapi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.226.159.204 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-204.dus51.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.33.220.145 (Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.209.188.101 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-188-101.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.190.66 (United States)

ASN13335 (CLOUDFLARENET, US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.157.104.14 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-104-14.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 69.173.144.141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.58.195.54 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-195-54.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:36a9:ecb:e518:b308 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.212.156.24 (United States)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-212-156-24.deploy.static.akamaitechnologies.com

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.208.38 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s12-in-f38.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4513 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:7000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.23.194 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

backend.upapi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.143.70 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 141.226.228.48 (Netherlands) 2 redirects

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 40.113.136.100 (Amsterdam, Netherlands) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.powerlinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.135.42 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.139 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.191 (United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.150.214 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-150-214.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.98 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f98.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.16.238.200 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-238-200.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.9 (Amsterdam, Netherlands) 1 redirects

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.190.100.128 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)

www.storygize.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.89 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

e1.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)

cds.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.194.69.213 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (Netherlands) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.247.13 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-247-13.eu-central-1.compute.amazonaws.com

t.myvisualiq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.254.244.24 (Ireland)

ASN3257 (GTT-BACKBONE GTT, DE)

tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:818::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.123.41 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.184.220.187 (London, United Kingdom)

ASN15133 (EDGECAST, US)

cti.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.232.34.237 (United States)

ASN15133 (EDGECAST, US)

ads.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.59.61.242 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-61-242.eu-central-1.compute.amazonaws.com

i.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.154 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

beacon-eu2.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.226.36.58 (United States)

ASN15169 (GOOGLE, US)

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 95.100.73.104 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-73-104.deploy.static.akamaitechnologies.com

c.evidon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.230.142 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.249.83 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-83.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.173.127 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-173-127.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.206.86.50 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

trafficmanager.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.101.196 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

anyclip-player.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 178.79.227.9 (Italy)

ASN22822 (LLNW, US)
PTR: https-178-79-227-9.vie.llnw.net

cdn5.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)

vpaid.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.104.43 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

hb.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.249.164 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-164.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.72.36.5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

l.betrad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.58.206 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

vid-io-dub.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.134 (New York, United States)

ASN19189 (PULSEPOINT, US)

bid.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:81e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	anyclip.com player.anyclip.com config.anyclip.com pixel.anyclip.com assets.anyclip.com lreprx-server.anyclip.com trafficmanager.anyclip.com cdn5.anyclip.com	413 KB
25	taboola.com 2 redirects cdn.taboola.com trc.taboola.com sync.taboola.com match.taboola.com am-sync.taboola.com cds.taboola.com sync-t1.taboola.com trc-events.taboola.com	173 KB
20	googlesyndication.com d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	134 KB
17	doubleclick.net 3 redirects stats.g.doubleclick.net securepubads.g.doubleclick.net ad.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net	154 KB
15	googleapis.com fonts.googleapis.com imasdk.googleapis.com	346 KB
13	gstatic.com fonts.gstatic.com ssl.gstatic.com	96 KB
13	pub.network a.pub.network d.pub.network c.pub.network	263 KB
12	google.com 2 redirects apis.google.com www.google.com accounts.google.com adservice.google.com	110 KB
11	rubiconproject.com fastlane.rubiconproject.com pixel.rubiconproject.com beacon-eu2.rubiconproject.com eus.rubiconproject.com	25 KB
10	ampproject.org cdn.ampproject.org	215 KB
10	adnxs.com 2 redirects ib.adnxs.com acdn.adnxs.com	10 KB
10	komando.com www.komando.com	382 KB
8	sharethrough.com btlr.sharethrough.com	904 B
7	evidon.com c.evidon.com	18 KB
7	amazon-adsystem.com 1 redirects c.amazon-adsystem.com aax-eu.amazon-adsystem.com	33 KB
7	springserve.com vid.springserve.com vpaid.springserve.com vid-io-dub.springserve.com	197 KB
5	twitter.com platform.twitter.com syndication.twitter.com	32 KB
5	cookiepro.com cookie-cdn.cookiepro.com	83 KB
4	3lift.com 1 redirects tlx.3lift.com eb2.3lift.com	7 KB
4	districtm.io dmx.districtm.io cdn.districtm.io	678 B
4	2mdn.net s0.2mdn.net	31 KB
4	scorecardresearch.com 1 redirects sb.scorecardresearch.com	3 KB
4	facebook.com www.facebook.com graph.facebook.com	1018 B
4	wp.com stats.wp.com pixel.wp.com	3 KB
4	facebook.net connect.facebook.net	230 KB
3	w55c.net cti.w55c.net ads.w55c.net i.w55c.net	74 KB
3	bidswitch.net 3 redirects x.bidswitch.net	1 KB
3	emxdgt.com e1.emxdgt.com hb.emxdgt.com	738 B
3	contextweb.com 1 redirects bh.contextweb.com bid.contextweb.com Failed	1 KB
3	yieldmo.com ads.yieldmo.com	672 B
3	upapi.net mrb.upapi.net backend.upapi.net	235 KB
3	googletagservices.com www.googletagservices.com	73 KB
3	jeeng.com users.api.jeeng.com sdk.jeeng.com	109 KB
2	myvisualiq.net 1 redirects t.myvisualiq.net	1 KB
2	lijit.com 1 redirects ce.lijit.com	1018 B
2	adsrvr.org 2 redirects match.adsrvr.org	914 B
2	zemanta.com 1 redirects b1sync.zemanta.com	870 B
2	powerlinks.com 2 redirects px.powerlinks.com	1 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	media.net hbx.media.net	9 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	8 KB
2	perfectmarket.com widget.perfectmarket.com	34 KB
2	youtube.com www.youtube.com
2	google.de www.google.de adservice.google.de	274 B
2	crazyegg.com script.crazyegg.com	34 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	stack-sonar.com www.stack-sonar.com api.stack-sonar.com	3 KB
1	betrad.com l.betrad.com	120 B
1	casalemedia.com as-sec.casalemedia.com	592 B
1	amazonaws.com anyclip-player.s3.amazonaws.com	1 KB
1	doubleverify.com tps.doubleverify.com	440 B
1	rfihub.com 1 redirects p.rfihub.com	744 B
1	bttrack.com bttrack.com	380 B
1	adkernel.com dsp.adkernel.com	233 B
1	smartadserver.com rtb-csync.smartadserver.com	697 B
1	storygize.net 1 redirects www.storygize.net	431 B
1	pubmatic.com simage2.pubmatic.com	879 B
1	bluekai.com 1 redirects stags.bluekai.com	1 KB
1	mathtag.com 1 redirects sync.mathtag.com	797 B
1	quantcount.com rules.quantcount.com	1 KB
1	ad-delivery.net ad-delivery.net	626 B
1	videoplayerhub.com freestar-io.videoplayerhub.com	30 KB
1	firebaseapp.com widget-modal-popup-v2-prod.firebaseapp.com
1	pinterest.com api.pinterest.com	360 B
1	googletagmanager.com www.googletagmanager.com	49 KB
0	spotxchange.com Failed search.spotxchange.com Failed
0	dotomi.com Failed web.hb.ad.cpe.dotomi.com Failed
330	67

	Domain	Requested by
25	pixel.anyclip.com	www.komando.com
13	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.komando.com cdn.ampproject.org
11	imasdk.googleapis.com	player.anyclip.com imasdk.googleapis.com vpaid.springserve.com
11	assets.anyclip.com	player.anyclip.com www.komando.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
10	cdn5.anyclip.com	www.komando.com player.anyclip.com
10	trc.taboola.com	cdn.taboola.com www.komando.com
10	www.komando.com	www.komando.com
9	ib.adnxs.com	2 redirects a.pub.network vpaid.springserve.com
8	btlr.sharethrough.com	a.pub.network
8	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.komando.com
8	fonts.gstatic.com	fonts.googleapis.com
7	c.evidon.com	cti.w55c.net c.evidon.com www.komando.com
7	c.pub.network	a.pub.network
7	fastlane.rubiconproject.com	a.pub.network
5	d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	am-sync.taboola.com	1 redirects www.komando.com
5	ssl.gstatic.com	www.komando.com
5	c.amazon-adsystem.com	a.pub.network c.amazon-adsystem.com
5	cookie-cdn.cookiepro.com	www.komando.com cookie-cdn.cookiepro.com
4	trafficmanager.anyclip.com	player.anyclip.com
4	s0.2mdn.net	player.anyclip.com imasdk.googleapis.com
4	sb.scorecardresearch.com	1 redirects cdn.taboola.com www.komando.com
4	www.google.com	2 redirects www.komando.com
4	a.pub.network	www.komando.com a.pub.network securepubads.g.doubleclick.net
4	player.anyclip.com	www.komando.com player.anyclip.com imasdk.googleapis.com
4	apis.google.com	www.komando.com apis.google.com
4	platform.twitter.com	www.komando.com platform.twitter.com
4	connect.facebook.net	www.komando.com connect.facebook.net
4	fonts.googleapis.com	www.komando.com securepubads.g.doubleclick.net
3	adservice.google.com	securepubads.g.doubleclick.net imasdk.googleapis.com
3	x.bidswitch.net	3 redirects
3	cm.g.doubleclick.net	2 redirects www.komando.com
3	ad.doubleclick.net	1 redirects www.komando.com
3	dmx.districtm.io	a.pub.network
3	ads.yieldmo.com	a.pub.network
3	vid.springserve.com	player.anyclip.com
3	www.googletagservices.com	a.pub.network securepubads.g.doubleclick.net
3	pixel.wp.com	www.komando.com
3	www.facebook.com	connect.facebook.net www.komando.com
3	cdn.taboola.com	www.komando.com cdn.taboola.com
2	googleads.g.doubleclick.net	www.komando.com
2	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
2	vid-io-dub.springserve.com	vpaid.springserve.com
2	hb.emxdgt.com	vpaid.springserve.com
2	vpaid.springserve.com	player.anyclip.com
2	eb2.3lift.com	1 redirects a.pub.network
2	trc-events.taboola.com	cdn.taboola.com
2	eus.rubiconproject.com	www.komando.com a.pub.network
2	aax-eu.amazon-adsystem.com	1 redirects c.amazon-adsystem.com
2	t.myvisualiq.net	1 redirects www.komando.com
2	ce.lijit.com	1 redirects www.komando.com
2	match.adsrvr.org	2 redirects
2	b1sync.zemanta.com	1 redirects www.komando.com
2	bh.contextweb.com	1 redirects www.komando.com
2	px.powerlinks.com	2 redirects
2	sync.taboola.com	1 redirects www.komando.com
2	rtb.mfadsrvr.com	2 redirects
2	hbx.media.net	a.pub.network hbx.media.net
2	tlx.3lift.com	a.pub.network
2	mrb.upapi.net	freestar-io.videoplayerhub.com mrb.upapi.net
2	d.pub.network	a.pub.network
2	widget.perfectmarket.com	cdn.taboola.com widget.perfectmarket.com
2	www.youtube.com	apis.google.com
2	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	users.api.jeeng.com	www.komando.com sdk.jeeng.com
1	l.betrad.com	www.komando.com
1	as-sec.casalemedia.com	vpaid.springserve.com
1	bid.contextweb.com	vpaid.springserve.com
1	anyclip-player.s3.amazonaws.com	www.komando.com
1	cdn.districtm.io	a.pub.network
1	acdn.adnxs.com	a.pub.network
1	beacon-eu2.rubiconproject.com	www.komando.com
1	i.w55c.net	www.komando.com
1	ads.w55c.net	www.komando.com
1	cti.w55c.net	www.komando.com
1	adservice.google.de	securepubads.g.doubleclick.net
1	pixel.quantserve.com	www.komando.com
1	tps.doubleverify.com	www.komando.com
1	sync-t1.taboola.com	www.komando.com
1	p.rfihub.com	1 redirects
1	cds.taboola.com	www.komando.com
1	bttrack.com	www.komando.com
1	e1.emxdgt.com	www.komando.com
1	dsp.adkernel.com	www.komando.com
1	rtb-csync.smartadserver.com	www.komando.com
1	www.storygize.net	1 redirects
1	simage2.pubmatic.com	www.komando.com
1	stags.bluekai.com	1 redirects
1	sync.mathtag.com	1 redirects
1	pixel.rubiconproject.com	www.komando.com
1	match.taboola.com	www.komando.com
1	backend.upapi.net	mrb.upapi.net
1	rules.quantcount.com	secure.quantserve.com
1	ad-delivery.net	www.komando.com
1	secure.quantserve.com	a.pub.network
1	syndication.twitter.com	www.komando.com
1	lreprx-server.anyclip.com	player.anyclip.com
1	accounts.google.com	apis.google.com
1	freestar-io.videoplayerhub.com	a.pub.network
1	widget-modal-popup-v2-prod.firebaseapp.com	sdk.jeeng.com
1	graph.facebook.com	www.komando.com
1	api.pinterest.com	www.komando.com
1	api.stack-sonar.com	www.komando.com
1	www.google.de	www.komando.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	config.anyclip.com	player.anyclip.com
1	www.stack-sonar.com	www.komando.com
1	www.googletagmanager.com	www.komando.com
1	stats.wp.com	www.komando.com
1	sdk.jeeng.com	www.komando.com
0	search.spotxchange.com Failed	vpaid.springserve.com
0	web.hb.ad.cpe.dotomi.com Failed	a.pub.network
330	114

This site contains links to these domains. Also see Links.

Domain
community.komando.com
www.dreamstime.com
en.wikipedia.org
anyclip.com
us-cert.cisa.gov
deals.komando.com
www.amazon.com
om.forgeofempires.com
lecolefrancaise.fr
www.devistresvite.fr
popup.taboola.com
www.conflictnations.com
ad.doubleclick.net
mackeeper.com
bs.serving-sys.com
taongafarm.com
ebsbatiment.fr
www.weststar.com
www.facebook.com
www.instagram.com
www.pinterest.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
www.komando.com Let's Encrypt Authority X3	`2020-08-18` - `2020-11-16`	3 months	crt.sh
cookiepro.com Cloudflare Inc ECC CA-3	`2020-07-06` - `2021-07-06`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
cert-00012-cdnedge-bluemix.akamaized.net Let's Encrypt Authority X3	`2020-09-18` - `2020-12-17`	3 months	crt.sh
www.filipg.se Let's Encrypt Authority X3	`2020-08-20` - `2020-11-18`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.anyclip.com Go Daddy Secure Certificate Authority - G2	`2020-07-13` - `2022-07-13`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-17` - `2021-07-17`	a year	crt.sh
www.stack-sonar.com Amazon	`2020-04-21` - `2021-05-21`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.taboola.com DigiCert SHA2 Secure Server CA	`2020-08-10` - `2021-12-31`	a year	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2020-07-16` - `2021-08-04`	a year	crt.sh
firebaseapp.com GTS CA 1O1	`2019-10-28` - `2020-10-26`	a year	crt.sh
p.ssl.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-09-03` - `2021-02-22`	a year	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2020-03-17` - `2021-05-16`	a year	crt.sh
accounts.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.springserve.com Amazon	`2020-09-03` - `2021-10-03`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-01-02` - `2020-12-24`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.yieldmo.com Amazon	`2020-06-23` - `2021-07-23`	a year	crt.sh
districtm.io Cloudflare Inc ECC CA-3	`2020-07-01` - `2021-07-01`	a year	crt.sh
*.3lift.com Amazon	`2020-07-04` - `2021-08-05`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.sharethrough.com Amazon	`2020-09-09` - `2021-10-11`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
backend.upapi.net GTS CA 1D2	`2020-09-09` - `2020-12-08`	3 months	crt.sh
*.zemanta.com DigiCert SHA2 Secure Server CA	`2020-08-23` - `2021-09-01`	a year	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
*.smartadserver.com DigiCert Global CA G2	`2020-02-03` - `2022-02-03`	2 years	crt.sh
*.adkernel.com COMODO RSA Domain Validation Secure Server CA	`2017-11-17` - `2021-01-05`	3 years	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2020-05-18` - `2021-07-17`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2019-03-19` - `2021-04-13`	2 years	crt.sh
*.myvisualiq.net Go Daddy Secure Certificate Authority - G2	`2019-12-12` - `2021-02-10`	a year	crt.sh
*.doubleverify.com Network Solutions OV Server CA 2	`2019-11-05` - `2021-12-13`	2 years	crt.sh
*.google.de GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2020-06-15` - `2021-06-15`	a year	crt.sh
s7.wac.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2019-04-30` - `2021-02-10`	2 years	crt.sh
s4.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2020-05-06` - `2022-06-08`	2 years	crt.sh
*.w55c.net Amazon	`2020-08-26` - `2021-09-26`	a year	crt.sh
*.evidon.com DigiCert Secure Site ECC CA-1	`2020-04-29` - `2021-07-29`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2019-11-09` - `2021-03-12`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
l.betrad.com Go Daddy Secure Certificate Authority - G2	`2019-04-25` - `2021-06-24`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh

This page contains 29 frames:

Primary Page: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Frame ID: C3C668BEEAEB25844BB25ABEAC1CE111
Requests: 224 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.komando.com
Frame ID: 09FC9558AD2695E612CEB8F0DECF9190
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v4.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df78e39ae7d5c3%26domain%3Dwww.komando.com%26origin%3Dhttps%253A%252F%252Fwww.komando.com%252Ff18180c21eac6a8%26relation%3Dparent.parent&container_width=394&href=https%3A%2F%2Fwww.facebook.com%2Fkimkomando&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&width=
Frame ID: 08FA330AFB630AFAA70D558D423865C3
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?usegapi=1&channel=kimkomandoshow&layout=default&theme=dark&count=hidden&origin=https%3A%2F%2Fwww.komando.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__
Frame ID: 2CC74D2FFECE200944D46B9ABD2476B4
Requests: 1 HTTP requests in this frame

Frame: https://widget-modal-popup-v2-prod.firebaseapp.com/update-user-data.html?domain_id=VAkN2egYB1&uid=b4099772-91e6-4854-b5c6-5b66a2a29175&language=en-US&profile=
Frame ID: F61017459B2133B2EAF6781B6E66E27A
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.komando.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__
Frame ID: FF9052FB81A1F2F83F36C387613C9D54
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
Frame ID: D91C0333522F4F33A60A290CF9B7E7B9
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCU9HtOaaO-lcitPVVdsq99w&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__
Frame ID: 5C41EFAF8965F7972CABE1F4BA63E676
Requests: 1 HTTP requests in this frame

Frame: https://hbx.media.net/checksync.php?&vsSync=1&cs=17&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C226%2C10000&usp_status=0&usp_consent=1&https=1&gdpr=1&gdprconsent=2
Frame ID: 1F43F2496BEC0C314CDB20A7137DE321
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=770e8b3e-80ca-4b24-92c8-148d7f5315ae&tbid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&query=taboola_hm%3D770e8b3e-80ca-4b24-92c8-148d7f5315ae&isDirect=0
Frame ID: 9E3CAD6944F9820CE2133793BA0F89A3
Requests: 20 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t
Frame ID: 6A6B1435720B6F8A889886F5E34AC118
Requests: 1 HTTP requests in this frame

Frame: https://d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 87ECF0FF34A667CC8AED9D28217D3D9D
Requests: 1 HTTP requests in this frame

Frame: https://d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: AEF781A2D411919136B72D519804BFA4
Requests: 1 HTTP requests in this frame

Frame: https://d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 4F5F4C1F69F31A85C2C2A3131ACCCBEF
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsstn9j04JuLzRXCXkwo6H7uS_dSgwJ_Vbr2OMQVbb-XqWIlofFVYluA6xtQf0VVrblWIDxxp-0zNwZNc0IgJPORIXqPh_FNLstS_u38LM5WbquNDQsz_IjZskrY6M6K9MdKkSVHK45bW_cSs5GU3p7orSRbvqAdBF_bfejk8YSRKHrzoE5v_Nzix6tldeLcP0uKstGVjNgUBxYX9tXhU2JbpI4bfwJVjhXFGFrcuXLcjxJEDrAXmPQHMkruBYKcfWf3fPwuGnPJUd81tp30AmAC&sig=Cg0ArKJSzAEgGAB9kPOtEAE&urlfix=1&adurl=
Frame ID: D6F3024156501C1CEC8753E420B98D17
Requests: 17 HTTP requests in this frame

Frame: https://d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: B2695B92C89EA49164E3B7314B62D19A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=0&geo=eu&co=fr
Frame ID: 84006B9A9AEB4CC8979B50F887F2B0B5
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 2EEE79C27F6E80A718662C27E8BC270F
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: D1AA203923FCB70A1D6D610EBF182302
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: CA927338442617D3AAF740A33BB31485
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=0&gdpr_consent=
Frame ID: 318314C8738DEFBFADEFB794E823313E
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html
Frame ID: 5C48DD980C491670EA7AAE951E553236
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/loader.js
Frame ID: 359388130E05C5F48233A7ACE3A66C39
Requests: 13 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html
Frame ID: 000981E67C1A350DA7E60270D7D323AB
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html
Frame ID: F6D2D7EB89840C340B57B7D3FB423951
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/loader.js
Frame ID: 92D77F2AFAA25E32B2AAA9CF43E5B753
Requests: 10 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html
Frame ID: 213DC39224116EAA393D4B2869F381C8
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js
Frame ID: DB4789B39D1EE00A0793BC4FCCB7CBAA
Requests: 21 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/022009010507000/amp4ads-v0.js
Frame ID: 9FBF1E2AF95FBC434F03B99D1E088F08
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /script\.crazyegg\.com\/pages\/scripts\/\d+\/\d+\.js/i

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /2mdn\.net/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

Page Statistics

330
Requests

97 %
HTTPS

37 %
IPv6

67
Domains

114
Subdomains

96
IPs

9
Countries

3648 kB
Transfer

14764 kB
Size

1
Cookies

32 Outgoing links

These are links going to different origins than the main page.

URL: https://community.komando.com/watch/
Title: Watch

Search URL Search Domain Scan URL

URL: https://community.komando.com/listen/
Title: Listen

Search URL Search Domain Scan URL

URL: https://community.komando.com/
Title: Login/join the community

Search URL Search Domain Scan URL

URL: https://www.dreamstime.com/bug-as-symbol-malware-trojan-virus-program-code-hacking-theft-personal-information-data-green-pixel-locks-red-image179472219
Title: Dreamstime.com

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Ryu_(Street_Fighter)
Title: Read More

Search URL Search Domain Scan URL

URL: https://anyclip.com/?source=logo&wid=0011r00002HG7NL_1462

Search URL Search Domain Scan URL

URL: https://us-cert.cisa.gov/ncas/alerts/aa20-266a
Title: The DHS is issuing a warning about Lokibot infections

Search URL Search Domain Scan URL

URL: https://deals.komando.com/sales/the-complete-american-sign-language-master-class-bundle?utm_source=komando.com&utm_medium=referral&utm_campaign=the-complete-american-sign-language-master-class-bundle&utm_term=scsf-433501&utm_content=a0x1P000004Y7oDQAS&scsonar=1
Title: Learn American Sign Language with this online master class

Search URL Search Domain Scan URL

URL: https://www.amazon.com/dp/B08DZ2GGJ7
Title: Get the eBook

Search URL Search Domain Scan URL

URL: https://om.forgeofempires.com/foe/fr/?ref=tab_fr_fr&&external_param=2848214147&pid=komando&bid=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fc47701d555fd706bf758fdfd01d2e9e5.jpeg&tblci=GiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDJqD8#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDJqD8
Title: Forge Of Empires - Jeu en ligne gratuit

Search URL Search Domain Scan URL

URL: https://lecolefrancaise.fr/fne-formation-comment-en-profiter/?utm_source=taboola&utm_medium=native&utm_campaign=Taboola_1_FNE&utm_content=komando&utm_term=2929572729&tblci=GiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDi0kU#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDi0kU
Title: Ecole Française (FNE-Formation)

Search URL Search Domain Scan URL

URL: https://om.forgeofempires.com/foe/?ref=tab_row_en_mktdet2&&external_param=185317875&pid=komando&bid=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F7e016667a06c3953bbd551436b1db2b6.jpeg&tblci=GiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDJqD8#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDJqD8
Title: Forge of Empires - Free Online Game

Search URL Search Domain Scan URL

URL: https://lecolefrancaise.fr/actualite-nouvelles-formations-en-ligne-ou-en-cours-du-soir/?utm_source=taboola&utm_medium=native&utm_campaign=Taboola_1_Formations_financees_par_etat&utm_content=komando&utm_term=2926797763&tblci=GiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDi0kU#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDi0kU
Title: L'École Française

Search URL Search Domain Scan URL

URL: https://www.devistresvite.fr/monte-escalier/?utm_content=6067-tp_vid-im_280-ad_combien_co_te_un_mon-bs_vid&utm_img=280-121-vdt-sta_gen-np-nt-nb-not&utm_source=taboola&utm_medium=cpc&utm_campaign=sta_gen-2002673-de-pr-prp_compare_prices&utm_ctype=vid&utm_term=1008999#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yCFnUI
Title: Devis Monte-Escaliers

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=komando&utm_medium=referral&utm_content=alternating-thumbnails-rr:Alternating%20Right%20Rail%20Thumbnails:
Title:

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=komando&utm_medium=referral&utm_content=thumbnails-b:Right%20Rail%20Thumbnails:
Title:

Search URL Search Domain Scan URL

URL: https://www.devistresvite.fr/monte-escalier/?utm_content=6073-tp_vid-im_280-ad_vos_escaliers_devien&utm_img=280-121-vdt-sta_gen-np-fr-bv1-not&utm_source=taboola&utm_medium=cpc&utm_campaign=sta_gen-2002673-de-pr-prp_compare_prices&utm_ctype=vid&utm_term=1008999#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yCFnUI
Title: Devis Monte-Escaliers

Search URL Search Domain Scan URL

URL: https://www.conflictnations.com/index.php?id=322&lp=108&lpv=1&c=10314&r=18772&placement=komando_1008999&tblci=GiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yCg3ko#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yCg3ko
Title: Conflict Of Nations : World War III

Search URL Search Domain Scan URL

URL: https://ad.doubleclick.net/ddm/trackclk/N65405.2805607TABOOLA-FR/B24131358.280324580;dc_trk_aid=474593571;dc_trk_cid=136676780;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?tblci=GiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yCbkU0#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yCbkU0
Title: SEAT

Search URL Search Domain Scan URL

URL: https://mackeeper.com/link/45c04a4c-dd44-11ea-9365-127369ec21d1?lang=fr&tid_ext=Des+fichiers+inutiles+sur+Mac+%3F+Voici+comment+les+supprimer;2920818295;1008999;GiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDA_0k&tblci=GiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDA_0k#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDA_0k
Title: MacKeeper

Search URL Search Domain Scan URL

URL: https://bs.serving-sys.com/Serving/adServer.bs?cn=trd&pli=1075415495&gdpr=$%7BGDPR%7D&gdpr_consent=$%7BGDPR_CONSENT_68%7D&adid=1080441191&ord=[timestamp]&tblci=GiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yCFwEw#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yCFwEw
Title: Volkswagen

Search URL Search Domain Scan URL

URL: https://taongafarm.com/fr/landings/gp/8?ref=W_100420_FR_Click_Image&mng=VK&utm_source=taboola&utm_term=1008999_komando&utm_content=2928248218#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDJpEc
Title: Taonga : la ferme tropicale

Search URL Search Domain Scan URL

URL: https://ad.doubleclick.net/ddm/trackclk/N1153793.1006845TABOOLA.COM/B24459510.280362490;dc_trk_aid=474378669;dc_trk_cid=136557439;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?utm_source=taboola&utm_medium=komando&utm_campaign=D01471333-TABOOLA_3RD+PARTY_NATIVE_1x1_DCPM_JSOS_CT_FY21Q3_FR+SB+DG_VOSTRO+DESKTOP&utm_content=2927226590&tblci=GiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yCPtk0#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yCPtk0
Title: DELL

Search URL Search Domain Scan URL

URL: https://ebsbatiment.fr/PAC/landing.html?utm_source=taboola&utm_medium=referral&utm_campaign=komando&utm_content=2927665256&tblci=GiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDDm0Q#tblciGiDwbvWziVrxeCjtmauL2LZR1wkIfqn61mw9u5h4Zo_c4yDDm0Q
Title: Pompe à Chaleur

Search URL Search Domain Scan URL

URL: https://www.weststar.com/
Title: About us

Search URL Search Domain Scan URL

URL: https://www.facebook.com/kimkomando
Title: facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/kimkomando/
Title: instagram

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/kimkomando/
Title: pinterest

Search URL Search Domain Scan URL

URL: https://twitter.com/kimkomando
Title: twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/kimkomando
Title: youtube youtube

Search URL Search Domain Scan URL

URL: https://anyclip.com/?source=powered&wid=0011r00002HG7NL_1462
Title: Powered by AnyClip

Search URL Search Domain Scan URL

URL: https://anyclip.com/privacy-policy/?source=policy&wid=0011r00002HG7NL_1462
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 89

https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1601040665693&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1601040665693&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=&cs_ak_ss=1

Request Chain 134

https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola HTTP 302
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=770e8b3e-80ca-4b24-92c8-148d7f5315ae HTTP 302
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=770e8b3e-80ca-4b24-92c8-148d7f5315ae&tbid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&query=taboola_hm%3D770e8b3e-80ca-4b24-92c8-148d7f5315ae&isDirect=0

Request Chain 136

https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Fam-sync.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D&orig=trc HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=113&redir=%2F%2Fpx.powerlinks.com%2Fuser%2Fsync%2Fdsps%3FuserId%3D%5BMM_UUID%5D%26sourceId%3Daa4e7548-789b-4df8-a72f-d951a5b206eb%26sync%3D0%26rurl%3Dhttps%25253A%25252F%25252Fam-sync.taboola.com%25252Fsg%25252Fpowerlinksdsp-network%25252F1%25252Frtb-h%25252F%25253Ftaboola_hm%25253DbzwbK8psXXu2Az3UQ7l-AbZBQwqrdoBKa_jomkmHLgc%2525253D HTTP 302
https://px.powerlinks.com/user/sync/dsps?userId=fb205f6d-f11a-4400-bf90-55f136e3b31f&sourceId=aa4e7548-789b-4df8-a72f-d951a5b206eb&sync=0&rurl=https%3A%2F%2Fam-sync.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3DbzwbK8psXXu2Az3UQ7l-AbZBQwqrdoBKa_jomkmHLgc%253D HTTP 302
https://am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=bzwbK8psXXu2Az3UQ7l-AbZBQwqrdoBKa_jomkmHLgc%3D

Request Chain 137

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fam-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc HTTP 302
https://am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=OBMkduWkbpW0&ev=1&orig=trc&pid=562107

Request Chain 138

https://b1sync.zemanta.com/usersync/taboola/?puid={user_id}&cb=https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=__ZUID__&orig=trc HTTP 302
https://stags.bluekai.com/site/23178?id=Rhv-pEQa7VtQIbClAVTp&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LBNZ2GC4TUMIWW4ZLUO5XXE2ZPGEXXE5DCFVUC6P3FPBRWQYLOM5ST25DBMJXW63DBEZ2GCYTPN5WGCX3INU6VE2DWFVYEKULBG5LHIUKJMJBWYQKWKRYA HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LBNZ2GC4TUMIWW4ZLUO5XXE2ZPGEXXE5DCFVUC6P3FPBRWQYLOM5ST25DBMJXW63DBEZ2GCYTPN5WGCX3INU6VE2DWFVYEKULBG5LHIUKJMJBWYQKWKRYA

Request Chain 139

https://ib.adnxs.com/getuidnb?https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc HTTP 302
https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=7720794943134489858&orig=trc

Request Chain 140

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm=&google_sc=&google_tc= HTTP 302
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEB7Whqi1f5Kr1w1tUE9r7Bc&google_cver=1

Request Chain 142

https://am-sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699

Request Chain 143

https://ib.adnxs.com/getuidnb?https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc HTTP 302
https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=7720794943134489858&orig=trc

Request Chain 144

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=58a5806a-0c2d-4b10-a2a7-9d6ff0ab92ea

Request Chain 145

https://ce.lijit.com/merge?pid=42&3pid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&us_privacy=&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=42&3pid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&us_privacy=&gdpr=0&gdpr_consent=&dnr=1

Request Chain 147

https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699 HTTP 302
https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301

Request Chain 153

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
https://p.rfihub.com/cm?in=1&pub=20513&ssp=taboola HTTP 302
https://x.bidswitch.net/sync?dsp_id=119&user_id=1875819620707266179&expires=30&ssp=taboola HTTP 302
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=da331b50-3ba1-4e8b-819a-5333885d3128

Request Chain 154

https://ad.doubleclick.net/ddm/trackimp/N1153793.1006845TABOOLA.COM/B24459510.280362490;dc_trk_aid=474378669;dc_trk_cid=136557439;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?;dc_ref=komando.com HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N1153793.1006845TABOOLA.COM/B24459510.280362490;dc_pre=CISGzaG1hOwCFSWDgwcdZvQNFw;dc_trk_aid=474378669;dc_trk_cid=136557439;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?;dc_ref=komando.com

Request Chain 155

https://t.myvisualiq.net/impression_pixel?r=[CACHEBUSTER]&et=i&ago=212&ao=994&aca=24459510&si=5791742&ci=136557439&pi=280362490&ad=474378669&advt=9697277&chnl=-7&vndr=115&sz=9665&u={AuctionID};&viq_did={device}&pt=I HTTP 302
https://t.myvisualiq.net/ul_cb/impression_pixel?r=[CACHEBUSTER]&et=i&ago=212&ao=994&aca=24459510&si=5791742&ci=136557439&pi=280362490&ad=474378669&advt=9697277&chnl=-7&vndr=115&sz=9665&u={AuctionID};&viq_did={device}&pt=I

Request Chain 165

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t

Request Chain 189

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 319

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 338

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

330 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/ 406 KB
90 KB 226ms
192ms Document
text/html 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

223dffd74c3dd2a212cdd68708f2b201fe0b9918780463bbc3bd89b075eb5c8c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.komando.com
:scheme: https
:path: /security-privacy/lokibot-keylogger-spreading/755764/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 13:31:04 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=df5ebe77f4ea6d478ce5900675554da9c1601040664; expires=Sun, 25-Oct-20 13:31:04 GMT; path=/; domain=.www.komando.com; HttpOnly; SameSite=Lax k3FormInserters=%7B%2215940519701%22%3A%222020-10-02%2013%3A21%3A44%22%2C%22generalExpiration%22%3A%222020-09-28%2013%3A21%3A44%22%7D; expires=Wed, 01-Jan-2031 00:00:00 GMT; Max-Age=323951896; path=/ k3ModalInserters=%7B%2215940546631%22%3A%222020-10-02%2013%3A21%3A44%22%2C%22generalExpiration%22%3A%222020-09-28%2013%3A21%3A44%22%7D; expires=Wed, 01-Jan-2031 00:00:00 GMT; Max-Age=323951896; path=/
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-frame-options: SAMEORIGIN
link: <https://www.komando.com/wp-json/>; rel="https://api.w.org/" <https://www.komando.com/wp-json/wp/v2/posts/755764>; rel="alternate"; type="application/json" <https://www.komando.com/?p=755764>; rel=shortlink
x-elasticpress-query: true
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 2
x-cache-group: normal
cf-cache-status: DYNAMIC
cf-request-id: 05670ede49000032441c2dc200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5d851a76df473244-FRA
content-encoding: gzip

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ 12 KB
4 KB 62ms
44ms Script
application/javascript 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

396197a350c5f917f454cb764fa31f624d64f8fbac73445c4d2862bad7ca22bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: reFiWB6U0BSmOZ1FSpYaOw==
age: 663
status: 200
cf-request-id: 05670edf25000005f5e6971200000001
x-ms-lease-status: unlocked
last-modified: Fri, 11 Sep 2020 01:42:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f5babbb1-701e-00b1-3ce8-872658000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 5d851a783e7a05f5-FRA

GET
H2 200 css
fonts.googleapis.com/ 17 KB
1 KB 16ms
15ms Stylesheet
text/css 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e4a66d01f6e756434873901b4c7c7fd74d0a2c08710e8e2bec2113f97dcff2d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 13:31:04 GMT
server: ESF
date: Fri, 25 Sep 2020 13:31:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Sep 2020 13:31:04 GMT

GET
H2 200 configs Show response
users.api.jeeng.com/users/domains/VAkN2egYB1/sdk/ 1 KB
927 B 43ms
7ms Script
text/javascript 2a02:26f0:64::214:84d8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://users.api.jeeng.com/users/domains/VAkN2egYB1/sdk/configs
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::214:84d8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Google Frontend / Express
Resource Hash: ac2354138204710f28686bcd02c64db26c77f3ad2a6d43b4518e09020c883050

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: gzip
etag: W/"502-P4wRJMNfonT2IRMmM0IxltxTIrU"
server: Google Frontend
status: 200
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: b23ecb065c96023c69098e7783f227bc
cache-control: max-age=1016
content-length: 700

GET
H2 200 v3.js Show response
sdk.jeeng.com/ 492 KB
108 KB 60ms
16ms Script
text/javascript 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.jeeng.com/v3.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

76acf8c85fbf30f66baaf8a77b45a8c55239360611284cbd426bafeaf12806ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Thu, 03 Sep 2020 16:24:28 GMT
x-timer: S1601040664.495296,VS0,VE0
etag: "86bc67d8013fe6abe723ac297daa52084dc88b1c37b0ad399cf0552e9ad9b41d-br"
x-served-by: cache-cdg20781-CDG
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=3600
date: Fri, 25 Sep 2020 13:31:04 GMT
accept-ranges: bytes
content-length: 110062
x-cache-hits: 13

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 24ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ab9e8a012fc196335a4749d4a81ad4e6b82dce60d55853a7ca2fe9b103393d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.komando.com
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: aC5ZOjPKHA3TNcHcsb4Tcw==
status: 200
cross-origin-resource-policy: cross-origin
expires: Fri, 25 Sep 2020 13:48:12 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1781
etag: "d2138d7fdf071412a0f1b937f6e7972f"
x-fb-debug: /m+AR3OJC3S2ftmOohANdocjGHg6dqJivloNGX3e6hx6Mk5g5HG046MGOnZRb9Oh3EHryBt5fK8B4+vmuMWJrQ==
x-fb-trip-id: 1460883810
x-fb-content-md5: 21205238a078b9b32daeaf7db4f03481
date: Fri, 25 Sep 2020 13:31:04 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 11ms
8ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40AD) /
Resource Hash: a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:04 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 20:40:54 GMT
Server: ECS (fcn/40AD)
Age: 914
Etag: "a58136137a93f33c1d165df7d4d973f8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28881

GET
H2 200 platform.js Show response
apis.google.com/js/ 49 KB
19 KB 30ms
30ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a59455402cb06fdade0b4c6ca2c44f2f627a085fb354b911531235c4c4f538a3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-SyL3t7yG0x5uyVQaZgV9xA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "34d16df61d59ba6d7f2edc09bf4e76e8"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-SyL3t7yG0x5uyVQaZgV9xA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Fri, 25 Sep 2020 13:31:04 GMT

GET
H/1.1 200
OK lre.js Show response
player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/ 921 KB
236 KB 180ms
57ms Script
application/javascript 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 777a900b48ed2b99b8a4ba93c8a314ee3caeba5ab77e866c8e5ef494f188c1f9

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:04 GMT
Content-Encoding: gzip
Age: 23375
Connection: keep-alive
Content-Length: 241556
x-amz-id-2: WQqr3oZFPjP7plL5ovnWhvIwKU81gqK6EaAXneq6Ph4kQd7QaX6Xryj3cwXs96hF7XQgDG4crXM=
Last-Modified: Thu, 17 Sep 2020 10:17:09 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: CR0TCX6V6WCM6Y6Y
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-version-id: jwkzrAv8q8XuzJxtu9nJBgBo_0BcZ0B1
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: df50ad55fc5a38ca83b8745e9d978e70
Expires: Fri, 25 Sep 2020 07:02:29 GMT

GET
H2 200 lazysizes.min.js Show response
www.komando.com/wp-content/plugins/autoptimize/classes/external/js/ 9 KB
4 KB 55ms
52ms Script
application/javascript 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-content/plugins/autoptimize/classes/external/js/lazysizes.min.js?ao_version=2.7.7
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b88ddfa92e4cb2646d5c7e19274939caa3495dcb33c307f1bbaec31b1d9691a

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sun, 30 Aug 2020 17:50:42 GMT
server: cloudflare
age: 2156131
etag: W/"5f4be6f2-22ea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5d851a78caf33244-FRA
cf-request-id: 05670edf7f000032441c2f0200000001

GET
H2 200 wp-polyfill.min.js Show response
www.komando.com/wp-includes/js/dist/vendor/ 97 KB
34 KB 32ms
31ms Script
application/javascript 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96ed609b415be6ee67eadb8d2de7ce64d13de9c928bce8e1373bec97e233e74c

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 19 Sep 2019 15:19:18 GMT
server: cloudflare
age: 2156131
etag: W/"5d839c76-1833d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5d851a7849da3244-FRA
cf-request-id: 05670edf2d000032441c2e7200000001

GET
H2 200 lodash.min.js Show response
www.komando.com/wp-includes/js/dist/vendor/ 72 KB
24 KB 49ms
48ms Script
application/javascript 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.15
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55e35a1415438685f71fe809dfb0e94ff9d3b994dd8d8ae8f7206bb878d59a84

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sun, 18 Aug 2019 12:31:00 GMT
server: cloudflare
age: 2156131
etag: W/"5d594504-11e2d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5d851a7849dc3244-FRA
cf-request-id: 05670edf2e000032441c2e8200000001

GET
H2 200 jquery.js Show response
www.komando.com/wp-includes/js/jquery/ 95 KB
33 KB 28ms
27ms Script
application/javascript 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: cloudflare
age: 1411998
etag: W/"5cde37d2-17a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5d851a7849dd3244-FRA
cf-request-id: 05670edf2e000032441c2e9200000001

GET
H2 200 formSubscribe.min.js Show response
www.komando.com/wp-content/plugins/k2-prefs-center/public/js/ 7 KB
3 KB 29ms
28ms Script
application/javascript 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-content/plugins/k2-prefs-center/public/js/formSubscribe.min.js?ver=2.2.4
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aeb08680a67ab108b80d0d5eca97457046c90c4d885d817aac059ed5b47b5fbc

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 09 Jul 2020 23:30:05 GMT
server: cloudflare
age: 2156131
etag: W/"5f07a87d-1cfa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5d851a7849de3244-FRA
cf-request-id: 05670edf2e000032441c2ea200000001

GET
H2 200 e-202039.js Show response
stats.wp.com/ 9 KB
3 KB 88ms
27ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202039.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
expires: Sun, 19 Sep 2021 22:23:43 GMT

GET
H2 200 autoptimize_31cd2dcd020668663b3824abe7f5215c.js Show response
www.komando.com/wp-content/cache/autoptimize/js/ 180 KB
60 KB 47ms
45ms Script
application/javascript 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-content/cache/autoptimize/js/autoptimize_31cd2dcd020668663b3824abe7f5215c.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 126b0db475dac8550795ad28030ebfacde3d381588872e38c9828dc9458e3292

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 02 Sep 2020 15:25:16 GMT
server: cloudflare
age: 1980189
etag: W/"5f4fb95c-2cfcc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5d851a78caf53244-FRA
cf-request-id: 05670edf7f000032441c2f1200000001

GET
H2 200 a79128fe-d59a-42d8-9e14-0260245c83af.json Show response
cookie-cdn.cookiepro.com/consent/a79128fe-d59a-42d8-9e14-0260245c83af/ 2 KB
2 KB 39ms
22ms XHR
application/x-javascript 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/a79128fe-d59a-42d8-9e14-0260245c83af/a79128fe-d59a-42d8-9e14-0260245c83af.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb744b621e8b353c5c4b5cc39f2a7b06855a02634992cbcc0ec6ac30cee45b77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: zRP92IrOASvAvifTF2uOiQ==
age: 1196
status: 200
cf-request-id: 05670edf730000c2e0923e2200000001
x-ms-lease-status: unlocked
last-modified: Wed, 23 Sep 2020 16:32:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 2234330e-201e-0077-4ae6-91edd9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 5d851a78b903c2e0-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 163 KB
49 KB 28ms
26ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PWK6RF

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9af6550ca2c42a37009bae2158dca11ca60287039f406a7cc4b6b1df1185ecfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49860
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 25 Sep 2020 13:31:04 GMT

GET
H2 200 pubfig.min.js Show response
a.pub.network/komando-com/ 305 KB
76 KB 460ms
437ms Script
application/javascript 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/komando-com/pubfig.min.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29468b66389df59555ae33050768a903311d689837e6aa6e8e33511869282b93

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: br
cf-cache-status: HIT
x-guploader-uploadid: ABg5-UznmbXhaL_812kjSCA32FNAlbGhJ7B-qXLOvx8Hw-Cp5CB3HQAUWRfyoHdDL1Adz2g7tBTJIweGgBVhglYu3uFpoRxG3g
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
cf-request-id: 05670edf940000d6b92d125200000001
last-modified: Mon, 21 Sep 2020 21:49:14 GMT
server: cloudflare
etag: W/"0c9f250c7d4ace14f64fa892a265565a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=l7/LmQ==, md5=DJ8lDH1KzhT2T6iSomVWWg==
x-goog-generation: 1600724954463575
cache-control: public, max-age=1800
x-goog-stored-content-length: 311838
cf-ray: 5d851a78ee1fd6b9-FRA
expires: Thu, 24 Sep 2020 21:46:38 GMT

GET
H2 200 ping.js Show response
www.stack-sonar.com/ 6 KB
3 KB 93ms
27ms Script
application/javascript 99.86.7.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stack-sonar.com/ping.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-22.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5216fcdc6d278ba8cce42f910754b33365608bcba89401423816cc2b7b28f161

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:10:39 GMT
content-encoding: gzip
last-modified: Fri, 06 Sep 2019 17:57:21 GMT
server: AmazonS3
age: 1226
etag: "4ccf47293af41539d748a114e8658c75"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: NhnehozNgxCVv98DobASheZIKVI_GeA69RJ3X7_edoaRxRRsTYm0sw==
via: 1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront)

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 7ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:19 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 361485
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:19 GMT

GET
DATA 200
OK truncated
/ 501 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 51885f3f46c7317c00dc6b36ae543d48f1b3d1c3768381c9f7c8fb47e38214f1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 985 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f3f58c2fd4529fffc91067658a9689ffc59257d6e329de3f156539fdc9d44c3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2fb500f34c1e92bea56bab8e0e5ccd68f794b9a514e5302a2f7e07723938d91b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 209c5a3d5663e93da5f73f50923b757791f11078e28ec10f6138d65d9b00b1a9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db03313b117d5687f500d3a57cf5a279c0e9c92cf8b2182b5ec74257257537c3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ad-background.png
www.komando.com/wp-content/themes/komando/assets/images/ 167 B
321 B 69ms
66ms Image
image/png 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.komando.com/wp-content/themes/komando/assets/images/ad-background.png
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b94c0c588c960ee9b1b4fdc774c776f770059745e5219ecc28c1cbe5f633ba84

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
cf-cache-status: HIT
last-modified: Wed, 03 Jun 2020 17:53:13 GMT
server: cloudflare
age: 2156206
etag: "5ed7e389-a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 5d851a790b7d3244-FRA
content-length: 167
cf-request-id: 05670edfa0000032441c2f2200000001

GET
H3-Q050 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 30ms
13ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 11:04:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 354409
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Tue, 21 Sep 2021 11:04:15 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 30ms
13ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 11:04:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 354418
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Tue, 21 Sep 2021 11:04:06 GMT

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Origin: https://www.komando.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/6.6.0/ 338 KB
61 KB 24ms
24ms Script
application/javascript 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.6.0/otBannerSdk.js

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fefa6bc00a2fca4d3ca705862d42dfdbb8f69124b2f0cc0896d3c7c2c05890a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: Xs4BplpA7QV+zkRYpo3+wA==
age: 6448
status: 200
cf-request-id: 05670edfc8000005f5e69aa200000001
x-ms-lease-status: unlocked
last-modified: Fri, 11 Sep 2020 01:42:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: aa6d9383-901e-0096-7e0c-88319c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 5d851a794a7005f5-FRA

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 201 KB
61 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=4c137689869064519d0f9adbe85c4b23&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a75ca1967edccf50657450f062c43c274b61a0644998070a5b80cbfc52882805

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.komando.com
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: WaiSLX5nI3biGQIDzFAHkg==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 62344
etag: "3e42baaea3cbfcae3f27d3b0a8bee118"
x-fb-debug: gWB6nv+MBnj/b08YIWvF8ZpA107L+UnNsUt0VluUt4Sh3HDOlN5uvzs5z0ih3WNmzfAdJdgzKdh1Yl2wHE1mcA==
x-fb-trip-id: 1460883810
x-fb-content-md5: 013c985f7c24f09e62d26130a776cb17
x-frame-options: DENY
date: Fri, 25 Sep 2020 13:31:04 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Sat, 25 Sep 2021 12:25:54 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWK6RF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 924
date: Fri, 25 Sep 2020 13:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Fri, 25 Sep 2020 15:15:40 GMT

GET
H2 200 5696.js Show response
script.crazyegg.com/pages/scripts/0092/ 4 KB
2 KB 49ms
33ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0092/5696.js?444734
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWK6RF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1301a4fd823a6b23ec99783585c7d947d18c86a10cd7257b21e1c13ed4a4642a

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: gzip
cf-cache-status: HIT
ce-version: 11.1.118
age: 4964
cf-polished: origSize=4550
status: 200
cf-request-id: 05670ee02600002b290da39200000001
last-modified: Fri, 25 Sep 2020 12:08:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
cf-ray: 5d851a79d9c22b29-FRA
cf-bgj: minify

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 135 KB
34 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34302
x-xss-protection: 0
pragma: public
x-fb-debug: AfiolirfMN/l8R3suJ+b1ByZ+ZS0IXd85l4rnVQSk0SczmN7FxhXmVS4N08qITgkAyFfWIhsKVIMH2bdjEKZPw==
x-fb-trip-id: 1460883810
x-frame-options: DENY
date: Fri, 25 Sep 2020 13:31:04 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/a79128fe-d59a-42d8-9e14-0260245c83af/544e2fd0-57e1-4ac1-a1c1-d69d2056980e/ 77 KB
13 KB 20ms
20ms Fetch
application/x-javascript 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/a79128fe-d59a-42d8-9e14-0260245c83af/544e2fd0-57e1-4ac1-a1c1-d69d2056980e/en.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.6.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75f09c10bc7e746f5dd81f4b7c6c0a41c61977e622d0c92c946362e4cc279d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: JZHDM4Kk1VOGNyvp9hAK1w==
age: 1196
status: 200
cf-request-id: 05670ee0200000c2e0923ec200000001
x-ms-lease-status: unlocked
last-modified: Wed, 23 Sep 2020 16:32:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 433b117a-b01e-0091-5de6-915dff000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 5d851a79cb08c2e0-FRA

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
396 B 39ms
13ms XHR
text/plain 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=1147930810&t=pageview&_s=1&dl=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&ul=en-us&de=UTF-8&dt=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=194802697&gjid=1336344320&cid=1548064432.1601040665&tid=UA-230639-2&_gid=1161332074.1601040665&_r=1&gtm=2wg9g1PWK6RF&z=732027087

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.komando.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK conf.js Show response
config.anyclip.com/anyclip-widget/config/komandocom/0011r00002HG7NL_1462/ 7 KB
7 KB 115ms
36ms Script
application/javascript 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://config.anyclip.com/anyclip-widget/config/komandocom/0011r00002HG7NL_1462/conf.js?cb=862989
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 633aeda2d57927567b195da28166cf7d5a619539c2a3dc4793a88d62ea9bbe25

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:04 GMT
Content-Encoding: UTF-8
Age: 62026
x-amz-meta-updatedby: yahalom@anyclip.com
Connection: keep-alive
Content-Length: 7047
x-amz-id-2: lQRf91csVvyt28IrbOBmzZ2ysfk7n3u69QK+QdTM2fpyeJOA2wBED0VCxAXriSb6bVlpZfrvXp4=
Last-Modified: Wed, 16 Sep 2020 11:29:10 GMT
Server: AmazonS3
x-amz-request-id: F24AA2331180AA94
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-version-id: VxplPuldHc.gUbsTH07dwjjGaA1XDphf
Accept-Ranges: bytes
Content-Type: application/javascript;charset=UTF-8
X-LLID: 98dca6378ed9614e4228e029804c9a26

GET
H/1.1 200
OK rules.js Show response
player.anyclip.com/anyclip-widget/lre-widget/sps-flow/ 474 B
959 B 46ms
45ms Script
application/javascript 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://player.anyclip.com/anyclip-widget/lre-widget/sps-flow/rules.js
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: bf8a3d71354828a837da5f234fdeab608b2e535b11b4851e89d75b1686686635

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:04 GMT
Content-Encoding: gzip
Age: 42137
x-amz-meta-sha256: bf8a3d71354828a837da5f234fdeab608b2e535b11b4851e89d75b1686686635
Connection: keep-alive
Content-Length: 216
x-amz-id-2: 7HkPI7+B5C7IcunixJO7C4idNtfQ8FLMqRRWbLD82w87FYgtWGA4i7/NoLd6iFqdZ0VFgy7r+uk=
Last-Modified: Thu, 30 Apr 2020 15:11:24 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 0AD2C118F7F81FB1
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-meta-s3b-last-modified: 20200430T151051Z
x-amz-version-id: Dnob.rNfaHkFPCA9eGou8IS.DrpBU9EH
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: 3a75497f54a2cc9f96d774fcf87ccc7c
Expires: Fri, 25 Sep 2020 01:49:47 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 302ms
102ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=1&val=vjs&wnx=0&abc=&ty=wlo&v=0&ext=0&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 291ms
92ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?dom=www.komando.com&cke=true&lan=en-US&plat=Linux+x86_64&net=-&ver=js3.0.32.1.821&dev=desktop&os=MacOS&bw=Chrome%2C83&ua=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&ty=data&rt=5&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
BLOB 200
OK ad9615e7-0712-4219-be0b-604ead554e0c
https://www.komando.com/ 429 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.komando.com/ad9615e7-0712-4219-be0b-604ead554e0c
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3d5535fc993e2a02b5523add7738f08a15fabac527da55db4834d64603e97e83

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 429

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 993dd9c705fd43f0ae68f0f6bd7dd6e40e1120a16327b21339f5da90bc238c28

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3-Q050 200 KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b6863771c330f7b6a857dbfee3959d8e8c61c0e34f1e9ba5f6f38268d05573d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 11:04:11 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:08 GMT
server: sffe
age: 354413
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11012
x-xss-protection: 0
expires: Tue, 21 Sep 2021 11:04:11 GMT

GET
BLOB 200
OK 560197d4-0594-4816-b976-0202a8e183a2
https://www.komando.com/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.komando.com/560197d4-0594-4816-b976-0202a8e183a2
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
87 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-230639-2&cid=1548064432.1601040665&jid=194802697&gjid=1336344320&_gid=1161332074.1601040665&_u=YEBAAEAAAAAAAC~&z=1320033301

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 25 Sep 2020 13:31:04 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.komando.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 2818864641552220 Show response
connect.facebook.net/signals/config/ 524 KB
132 KB 13ms
13ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2818864641552220?v=2.9.24&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f0b5290ffd7ebefe5bb9d7cde55f244efb5076db25b9b2a85b9d1b14f7972d25

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 134833
x-xss-protection: 0
pragma: public
x-fb-debug: pqg0F7R2mBO2+VXssfnQt3OEa3cnMe4EqAiiChio7r8SVOruSLdbC6ZykpgTuZLi0PqB10ZM2z1c83K6FE+mVg==
x-fb-trip-id: 1460883810
x-frame-options: DENY
date: Fri, 25 Sep 2020 13:31:04 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/6.6.0/assets/ 12 KB
3 KB 23ms
22ms Fetch
application/json 2606:4700::6812:678
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.6.0/assets/otFlat.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.6.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:678 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae407e415a45b6c720d8d61fef8c28756883d0f546a64e7a2969d6174c669951

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: R7qOr1WClmhADOzbz5s+Bw==
age: 5911
status: 200
cf-request-id: 05670ee0c60000c2e0923f5200000001
x-ms-lease-status: unlocked
last-modified: Fri, 11 Sep 2020 01:41:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ab24967c-f01e-005b-070d-880176000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 5d851a7add3ec2e0-FRA

GET
H2 200 11.1.118.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 99 KB
32 KB 20ms
19ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.118.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0092/5696.js?444734
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9417079952dbe5d1b1bc0bf209d04bcf97459ce3c271837b4d9c45a48e3ecfa

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:04 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 156985
cf-polished: origSize=105320
status: 200
cf-request-id: 05670ee0c900002b290da3f200000001
last-modified: Mon, 14 Sep 2020 15:45:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
cf-ray: 5d851a7adcd32b29-FRA
cf-bgj: minify

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
106 B 29ms
28ms Image
image/gif 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-230639-2&cid=1548064432.1601040665&jid=194802697&_u=YEBAAEAAAAAAAC~&z=1728557515

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 31ms
31ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-230639-2&cid=1548064432.1601040665&jid=194802697&_u=YEBAAEAAAAAAAC~&z=1728557515

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 135 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1632e13bb4b75973ab4e1ae7b45ebbcf3aae9dc050a24048d6875d6e3a466088

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 personalized-content Show response
www.komando.com/wp-json/komando/v1/ 84 B
689 B 277ms
276ms XHR
application/json 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.komando.com/wp-json/komando/v1/personalized-content?_wpnonce=a00d41d97f&post_ids=null&current_post_id=755764

Requested by

Host: www.komando.com
URL: https://www.komando.com/wp-content/cache/autoptimize/js/autoptimize_31cd2dcd020668663b3824abe7f5215c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

e9e40f737e08ad5b6c7ec3d3ee2232ce91f00b1f4f753c79f5e8e4f74c1c4a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-powered-by: WP Engine
status: 200
cf-request-id: 05670ee14d000032441c307200000001
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
server: cloudflare
x-wp-nonce: a00d41d97f
x-wp-doingitwrong: wp_send_json (since 5.5.0; Return a WP_REST_Response or WP_Error object from your callback when using the REST API.)
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-NR-SAMPLE-PERCENT
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-robots-tag: noindex
cf-ray: 5d851a7ba9813244-FRA
link: <https://www.komando.com/wp-json/>; rel="https://api.w.org/"
x-pass-why: custom-cookie

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/komando/ 211 KB
29 KB 90ms
18ms Script
application/javascript 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/komando/loader.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/wp-content/cache/autoptimize/js/autoptimize_31cd2dcd020668663b3824abe7f5215c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cd65be12262a2774c87d77fbbeccf6a965c2455bca82031acbe6838db0c489b0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: WO2Dp7boCNaYR8gCSi3VC7dLV3oFvROF
content-encoding: gzip
etag: "e6e662c6f9151d2610c24a62e7195037"
age: 24
x-cache: HIT
status: 200
content-length: 28872
x-amz-id-2: oj86drweRcYQ4G75+QcosTcHzM+A7JwpWpvQG5eCpKoFhhDPYK1vrYEP20Eu0ioFL7EEgCENpqc=
x-served-by: cache-hhn4020-HHN
last-modified: Thu, 24 Sep 2020 13:47:04 GMT
server: AmazonS3
x-timer: S1601040665.980477,VS0,VE1
date: Fri, 25 Sep 2020 13:31:04 GMT
vary: Accept-Encoding
x-amz-request-id: 27B5856898392EC2
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 86
x-cache-hits: 1

GET
H/1.1 200
OK widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html
platform.twitter.com/widgets/ Frame 09FC 0
0 7ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.komando.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4187) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 833451
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 25 Sep 2020 13:31:04 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Tue, 01 Sep 2020 17:58:17 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4187)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 5825

GET
H2 204 event
api.stack-sonar.com/v1/ 0
100 B 319ms
107ms Image
text/plain 34.195.35.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.stack-sonar.com/v1/event?ts=1601040664442&_v=1.1.6&_c=stack-connect-wp&_a=d8d92097-4956-4278-a4fb-e4f90a0cbe03&_f=0&_u=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&_r=&_x=1&_l=https%3A%2F%2Fdeals.komando.com%2Fsales%2Fthe-complete-american-sign-language-master-class-bundle%3Futm_source%3Dkomando.com%26utm_medium%3Dreferral%26utm_campaign%3Dthe-complete-american-sign-language-master-class-bundle%26utm_term%3Dscsf-433501%26utm_content%3Da0x1P000004Y7oDQAS%26scsonar%3D1&_p=0&_z=1601040664927.1737563372&_y=1601040664927.666370970&_t=1601040665&_s=send&_e=session-start
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.195.35.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-195-35-40.compute-1.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Fri, 25 Sep 2020 13:31:05 GMT
cache-control: no-cache, no-store, must-revalidate
server: nginx/1.14.1
vary: Origin

GET
H2 200 like.php
www.facebook.com/v4.0/plugins/ Frame 08FA 0
0 89ms
64ms Document
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v4.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df78e39ae7d5c3%26domain%3Dwww.komando.com%26origin%3Dhttps%253A%252F%252Fwww.komando.com%252Ff18180c21eac6a8%26relation%3Dparent.parent&container_width=394&href=https%3A%2F%2Fwww.facebook.com%2Fkimkomando&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&width=

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=4c137689869064519d0f9adbe85c4b23&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /v4.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df78e39ae7d5c3%26domain%3Dwww.komando.com%26origin%3Dhttps%253A%252F%252Fwww.komando.com%252Ff18180c21eac6a8%26relation%3Dparent.parent&container_width=394&href=https%3A%2F%2Fwww.facebook.com%2Fkimkomando&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&width=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-xss-protection: 0
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
content-encoding: br
facebook-api-version: v4.0
x-content-type-options: nosniff
vary: Accept-Encoding
pragma: no-cache
content-type: text/html; charset="utf-8"
x-fb-debug: FR/qAWQcf2gKjb7Uq1D9/FwVdwSEF6WMgazaRRhKAZ07atWOti4QfWY44U+r0h7/AcNv35yCO806AG+3coHLiw==
date: Fri, 25 Sep 2020 13:31:05 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 200 count.json Show response
api.pinterest.com/v1/urls/ 133 B
360 B 219ms
138ms Script
application/javascript 151.101.12.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pinterest.com/v1/urls/count.json?callback=WPCOMSharing.update_pinterest_count&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&_=1601040664863

Requested by

Host: www.komando.com
URL: https://www.komando.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.84 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

167eefa83e1aa1374767855f64054dde21c967fc23cd0dfe4217aaa4cb02a7db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
x-content-type-options: nosniff
x-cdn: fastly
age: 0
status: 200
content-type: application/javascript
access-control-allow-origin: *
cache-control: private
x-envoy-upstream-service-time: 1
x-pinterest-rid: 1334538096260956
content-length: 133
expires: Fri, 25 Sep 2020 13:46:05 GMT

GET
H2 200 / Show response
graph.facebook.com/ 244 B
626 B 58ms
38ms Script
text/javascript 2a03:2880:f02d:e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&_=1601040664864

Requested by

Host: www.komando.com
URL: https://www.komando.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5f5959426fab9f8d0458c57ff0a4fe388c95554d2bde2f73c44a7ea2c9dfc71e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
status: 200
x-fb-rev: 1002724208
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 183
pragma: no-cache
x-fb-debug: PID1GAQdip6N0L7s/pMQInoRIdJL7GH1pdiFv5Fy9b1N4lZcam2klP8IEUzYCwuaeOxluVDo7KVc05apP7T79g==
x-fb-trace-id: A8gVtFuE/+4
date: Fri, 25 Sep 2020 13:31:05 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AJMkvhsf-tRaPYby0f3Ofnr
cache-control: no-store
facebook-api-version: v3.1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
115 B 37ms
31ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=pinterest&r=0.7058173410016233
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 13:31:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 37ms
32ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.638306768185869
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 13:31:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3-Q050 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/ 113 KB
41 KB 31ms
15ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e098e7520dbccfe6cdaa96ce30b3245894b060fdc2d31145e870c81432cff684

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 19:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Sep 2020 19:28:50 GMT
server: sffe
age: 150267
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41075
x-xss-protection: 0
expires: Thu, 23 Sep 2021 19:46:38 GMT

GET
H3-Q050 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/ 119 KB
40 KB 38ms
18ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89cb81b15741129a01edcb8665b1f6172e270197a1335e9f0db3558e6c338a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 19:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Sep 2020 19:28:50 GMT
server: sffe
age: 150267
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41260
x-xss-protection: 0
expires: Thu, 23 Sep 2021 19:46:38 GMT

GET
H2 200 subscribe_embed
www.youtube.com/ Frame 2CC7 0
0 66ms
65ms Document
text/html 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/subscribe_embed?usegapi=1&channel=kimkomandoshow&layout=default&theme=dark&count=hidden&origin=https%3A%2F%2Fwww.komando.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /subscribe_embed?usegapi=1&channel=kimkomandoshow&layout=default&theme=dark&count=hidden&origin=https%3A%2F%2Fwww.komando.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-type: text/html; charset=utf-8
cache-control: no-cache
strict-transport-security: max-age=31536000
content-length: 1609
expires: Tue, 27 Apr 1971 19:44:06 GMT
x-content-type-options: nosniff
date: Fri, 25 Sep 2020 13:31:05 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: VISITOR_INFO1_LIVE=HsDAxCAOwNk; path=/; domain=.youtube.com; secure; expires=Wed, 24-Mar-2021 13:31:05 GMT; httponly; samesite=None YSC=92xi1eSYFXI; path=/; domain=.youtube.com; secure; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Fri, 25-Sep-2020 14:01:05 GMT
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 30ms
29ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A8.8.2&blog=166923932&post=755764&tz=-7&srv=www.komando.com&host=www.komando.com&ref=&fcp=419&rand=0.03390337501614127
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 13:31:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H/1.1 200
OK button.e24f3bcdec527b80b9c80e88b62047c3.js Show response
platform.twitter.com/js/ 7 KB
3 KB 11ms
9ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.e24f3bcdec527b80b9c80e88b62047c3.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40AD) /
Resource Hash: da3e524928bcca821af2551eb6f9e9ae2449ceb48642cce4f2dae23383098537

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:05 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Sep 2020 17:58:08 GMT
Server: ECS (fcn/40AD)
Age: 833451
Etag: "2288bbd5e30b6dba457d3d615de9e136+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2295

GET
H2 200 update-user-data.html
widget-modal-popup-v2-prod.firebaseapp.com/ Frame F610 0
0 353ms
265ms Document
text/html 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://widget-modal-popup-v2-prod.firebaseapp.com/update-user-data.html?domain_id=VAkN2egYB1&uid=b4099772-91e6-4854-b5c6-5b66a2a29175&language=en-US&profile=

Requested by

Host: sdk.jeeng.com
URL: https://sdk.jeeng.com/v3.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: widget-modal-popup-v2-prod.firebaseapp.com
:scheme: https
:path: /update-user-data.html?domain_id=VAkN2egYB1&uid=b4099772-91e6-4854-b5c6-5b66a2a29175&language=en-US&profile=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
cache-control: max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
etag: "37c821f4e5a356fc27353b7ba6da1863cce689e0753f44bac5e094d0a7d80d4b"
last-modified: Mon, 10 Jun 2019 11:44:02 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Fri, 25 Sep 2020 13:31:05 GMT
x-served-by: cache-cdg20780-CDG
x-cache: MISS
x-cache-hits: 0
x-timer: S1601040665.230831,VS0,VE252
vary: x-fh-requested-host, accept-encoding
content-length: 372

GET
H2 200 lokibot-malware.jpg
www.komando.com/wp-content/uploads/2020/09/ 132 KB
132 KB 30ms
23ms Image
image/jpeg 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.komando.com/wp-content/uploads/2020/09/lokibot-malware.jpg
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5416bb3c019c4a5687c50ecb53535f402e8baaa3d24812d662e8d9cbd2a9d69b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
cf-cache-status: HIT
age: 48554
status: 200
content-length: 135250
cf-request-id: 05670ee236000032441c316200000001
last-modified: Thu, 24 Sep 2020 21:37:14 GMT
server: cloudflare
etag: "5f6d118a-21052"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 5d851a7d2cd13244-FRA
cf-bgj: h2pri

GET
H2 200 /
www.facebook.com/tr/ 44 B
309 B 83ms
22ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2818864641552220&ev=PageView&dl=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&rl=&if=false&ts=1601040665159&sw=1600&sh=1200&v=2.9.24&r=stable&ec=0&o=30&fbp=fb.1.1601040665154.1037066166&it=1601040664727&coo=false&rqm=GET

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 25 Sep 2020 13:31:05 GMT

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 load.js Show response
widget.perfectmarket.com/komando/ 3 KB
1 KB 280ms
206ms Script
application/javascript 151.101.13.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/komando/load.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/komando/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.181 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61fbc34f91d8af09b7d8434e27d4f7f12fdfae8311d2d26d0eea187ad16c4dd6

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: zbbQXN6FX1TkmBGibAJpQk24j4NgmgPf
content-encoding: gzip
etag: "831b8a927926b7ec203a2adfe80150fc"
age: 0
x-cache: HIT, MISS
status: 200
content-length: 1097
x-amz-id-2: k5Bw/EZQDixyzClHrhq92gbvSUn9Zd4qplTcbPCwIcPIKw1qYtK+ZyIvWL9HXQ5JO76yuuvxDiU=
x-served-by: cache-lax8639-LAX, cache-fra19173-FRA
last-modified: Mon, 30 Mar 2020 06:23:42 GMT
server: AmazonS3
x-timer: S1601040665.483823,VS0,VE175
date: Fri, 25 Sep 2020 13:31:05 GMT
vary: Accept-Encoding,,
x-amz-request-id: 73DECFCF7FB5658B
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=300
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 1, 0

GET
H2 200 impl.20200924-16-RELEASE.js Show response
cdn.taboola.com/libtrc/ 443 KB
126 KB 29ms
28ms Script
application/javascript 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/komando/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b3c7fc0cf7be713a4e97298f59db197355a9bdbd1d55944e6d8a4006f1a01cf6

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: a9hIErR8tUfR5NJzCLK.m8.JA9ROZFL7
content-encoding: gzip
etag: "88a18abc6991654efbee3cb01d168553"
age: 42
x-cache: HIT
status: 200
x-amz-replication-status: COMPLETED
content-length: 128167
x-amz-id-2: bRwAi7c4TJ+u6PjUioSgbctjpLckduQBy29V6Dy3MTt9avvieYI6Q45+F7tMUyvSOttjFvqfqmU=
x-served-by: cache-hhn4020-HHN
last-modified: Thu, 24 Sep 2020 13:17:47 GMT
server: AmazonS3
x-timer: S1601040665.410607,VS0,VE0
date: Fri, 25 Sep 2020 13:31:05 GMT
vary: Accept-Encoding
x-amz-request-id: 717334C291FF5E8B
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 76
x-cache-hits: 474

GET
H2 200 vv.20200924-16-RELEASE.js Show response
cdn.taboola.com/libtrc/ 11 KB
4 KB 51ms
50ms Script
application/javascript 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/vv.20200924-16-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/komando/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 64bd7529494fcb29ae2245d4d977261083632b107e5e468df0f997e858ebdf84

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: YPJau10pAwyoxZ9fjFZluZSqE7m9iHXn
content-encoding: gzip
etag: "b89fb6f06c6120970015e9f8699f43d5"
age: 37
x-cache: HIT
status: 200
x-amz-replication-status: COMPLETED
content-length: 3858
x-amz-id-2: pec1ksDeH7JXcrtgrOoxwwULbih3GEUB/u/DAUgMruZEhaUO9fio1JPQjvf+q1+YGFifZVj4SQM=
x-served-by: cache-hhn4020-HHN
last-modified: Thu, 24 Sep 2020 13:18:53 GMT
server: AmazonS3
x-timer: S1601040665.413845,VS0,VE0
date: Fri, 25 Sep 2020 13:31:05 GMT
vary: Accept-Encoding
x-amz-request-id: C0D1692441651A3A
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 76
x-cache-hits: 2

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 87ms
28ms Script
application/x-javascript 23.37.53.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/komando/loader.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.53.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-53-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:05 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Sat, 26 Sep 2020 13:31:05 GMT

GET
H/1.1 200
OK cookie Show response
d.pub.network/ 36 B
463 B 489ms
124ms XHR
text/plain 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/cookie
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 73640611b9fd11fb3a266b8bcb6659f731a95dae3266ae4e94e040c34c92f586

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 13:31:05 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 53 KB
17 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b02dea6e9b189abd6496125975e134539609a2bcb0496ebd91f23420bfce88b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "643 / 361 of 1000 / last-modified: 1601032413"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 17713
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:05 GMT

GET
H2 200 gallery.js Show response
freestar-io.videoplayerhub.com/ 125 KB
30 KB 40ms
19ms Script
application/javascript 2606:4700:20::681a:932
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-io.videoplayerhub.com/gallery.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:932 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13553abbe7402dd8026d333399456a89b427c236c31d3aa84d455215e74257dc

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
via: 1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 833
x-cache: Hit from cloudfront
status: 200
content-encoding: br
content-type: application/javascript
cf-request-id: 05670ee3a600000609b8264200000001
last-modified: Thu, 24 Sep 2020 17:17:29 GMT
server: cloudflare
etag: W/"e4a0a03c1876ced2f6773347be344fd5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: .wD8rxbvyZ8ncs64C4i3GddM6vT9Abwl
cache-control: max-age=86400
x-amz-cf-pop: FRA2-C1
cf-ray: 5d851a7f7cca0609-FRA
x-amz-cf-id: EKg3knmrXNkALBDqSWYR7CgQifzaNBilxuNh0dAmmghwJU_TvTHHQg==

GET
H2 200 prebid-analytics-3.26.12.js Show response
a.pub.network/core/ 413 KB
123 KB 96ms
96ms Script
text/html 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46fe925aebeb82c977cf241c08c4708f57641674f6f4065796cc4b454649b6ae

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
content-encoding: br
cf-cache-status: HIT
x-guploader-uploadid: ABg5-UxIz802srrdJd57Xy2JUbsAuSlY64M5WS7AscX_riPVF8hBgloQLNje57WED7pddv4UDH1izF8bZM-DQ4vx5QHMihQRFg
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
content-type: text/html
cf-request-id: 05670ee3a90000d6b92d165200000001
last-modified: Wed, 26 Aug 2020 18:54:36 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=o4JEAg==, md5=xNvwCSi8qTO4CMgYt+2Y2A==
x-goog-generation: 1598468076316093
cache-control: private, max-age=86400
x-goog-stored-content-length: 423274
cf-ray: 5d851a7f7b7ad6b9-FRA
expires: Fri, 24 Sep 2021 21:42:13 GMT

GET
H/1.1 200
OK location Show response
d.pub.network/ 65 B
503 B 513ms
131ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/location
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 3c5689e055872de0de49a59540ec97b96237cf2ec28ebaefff0cc08821f4f08b

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 13:31:05 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 postmessageRelay
accounts.google.com/o/oauth2/ Frame FF90 0
0 59ms
57ms Document
text/html 2a00:1450:4001:800::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.komando.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WyEW12NqJ3kRK1DdLTqJRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.komando.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=204=yMyR6xfL3ptWPMecMtciuVC5j5mmrfB8f_MhEuSeusEVXzJw1q8MnJEMeHa5BMHntxmUZvbhgWmhLtBNKyyjJMVpqZbCn0Sc-F6GTCzLT4TJ73GhAwfODuYo8dLQbHbNCs0YwHZ15J69G3hVgIvoaS19P6gQy8xr5XTDPb5RWDA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 25 Sep 2020 13:31:05 GMT
content-security-policy: script-src 'report-sample' 'nonce-WyEW12NqJ3kRK1DdLTqJRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK follow_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
platform.twitter.com/widgets/ Frame D91C 0
0 21ms
20ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40AD) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 833444
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 25 Sep 2020 13:31:05 GMT
Etag: "ddc15fa67e38644c860f8d9dba000a69+gzip"
Last-Modified: Tue, 01 Sep 2020 17:58:09 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40AD)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 13677

HEAD
H/1.1 200
OK advertising.js
assets.anyclip.com/anyclip-widget/lre-widget/assets/js/ 0
0 147ms
44ms Fetch
application/javascript 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/js/advertising.js
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:05 GMT
Age: 10602
Connection: keep-alive
Content-Length: 32
x-amz-id-2: YadQxn/IX4mKp6+CVLQN1h4Fe+7fCy8TgCPXsWUammcOOXz53EIgp2pUx+kxQwW/aeO1AvkFqO0=
Last-Modified: Mon, 10 Dec 2018 11:26:45 GMT
Server: AmazonS3
x-amz-request-id: F96FC91BE26F603F
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 14:34:23 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: yQR7I__mdWlTGiugUbenyyFFuDDzo_a4
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: a271ae89515ef47cec7fefaf2092663b
x-amz-meta-s3b-last-modified: 20181210T110233Z

HEAD
H2 200 ima3.js
imasdk.googleapis.com/js/sdkloader/ 0
0 97ms
19ms Fetch
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:05 GMT

GET
H/1.1 200
OK 362290
vid.springserve.com/vast/ 22 B
0 164ms
39ms Fetch
application/xml 34.249.58.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/362290
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.58.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-58-234.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:05 GMT
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 22

HEAD
H2 200 loader.js
imasdk.googleapis.com/js/sdkloader/ 0
0 75ms
0ms Fetch
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/loader.js

Requested by

Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:29:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 23 Sep 2020 23:32:11 GMT
server: sffe
age: 99
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18664
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:44:26 GMT

HEAD
H2 200 client.js
s0.2mdn.net/instream/video/ 0
0 115ms
31ms Fetch
text/javascript 2a00:1450:4001:819::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:05 GMT

HEAD
H2 200 bridge3.377.0_en.html
imasdk.googleapis.com/js/core/ 0
0 62ms
0ms Fetch
text/html 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://imasdk.googleapis.com/js/core/bridge3.377.0_en.html
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

HEAD
H2 400 /
lreprx-server.anyclip.com/ 0
0 295ms
94ms Fetch
text/html 34.225.120.49
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lreprx-server.anyclip.com/?
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.225.120.49 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-120-49.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
x-powered-by: Express
etag: W/"12-aYDwc8aOzxQtGy9nc7j5YT71TdA"
status: 400
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 18

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 117ms
113ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=924&val=0&wnx=0&abc=&ty=blo&v=0&ext=0&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

POST
H2 200 /
www.facebook.com/tr/ 0
83 B 14ms
5ms Other
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx1qwt7VB0WSGK36u

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 25 Sep 2020 13:31:05 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1601040665693&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F...
https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1601040665693&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2...

0
399 B

28ms
27ms

Image
text/plain

23.37.53.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1601040665693&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=&cs_ak_ss=1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.53.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-53-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:05 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=7&c2=13739933&c3=20121515121&ns__t=1601040665693&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=&cs_ak_ss=1
Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:05 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2020092201.js Show response
securepubads.g.doubleclick.net/gpt/ 264 KB
93 KB 101ms
32ms Script
text/javascript 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

sffe /

Resource Hash

5e1390f7c515a04fbd18d7c3e864de65e7fc473f8a2e5134f74a79e122911dd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Sep 2020 08:40:46 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94816
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:05 GMT

GET
H2 200 org Show response
mrb.upapi.net/ 21 KB
10 KB 131ms
96ms Script
application/javascript 2606:4700:20::681a:91b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrb.upapi.net/org?o=5714937848528896&upapi=true
Requested by: Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:91b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 394ee880685b17bc2c3e8a5a628c4ddce428531b165836c0b5717c71d76faeb7

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:05 GMT
via: 1.1 google
cf-cache-status: HIT
age: 1452
status: 200
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 05670ee4a300002b12778d8200000001
server: cloudflare
etag: W/"c1be2d710a898d640eb2197efebe33ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800, must-revalidate
cf-ray: 5d851a810efb2b12-FRA

GET
H2 200 json Show response
trc.taboola.com/komando/trc/3/ 28 KB
10 KB 425ms
423ms Script
application/javascript 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/trc/3/json?tim=15%3A31%3A05.948&lti=deflated&data=%7B%22id%22%3A769%2C%22ii%22%3A%22%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1600955214397%2C%22vi%22%3A1601040665932%2C%22cv%22%3A%2220200924-16-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A4476%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A10%2C%22uim%22%3A%22alternating-thumbnails-rr%3Aabp%3D0%22%2C%22uip%22%3A%22Alternating%20Right%20Rail%20Thumbnails%22%2C%22orig_uip%22%3A%22Alternating%20Right%20Rail%20Thumbnails%22%2C%22cd%22%3A1841.90625%2C%22mw%22%3A320%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A8%2C%22uim%22%3A%22thumbnails-b%3Aabp%3D0%22%2C%22uip%22%3A%22Right%20Rail%20Thumbnails%22%2C%22orig_uip%22%3A%22Right%20Rail%20Thumbnails%22%2C%22cd%22%3A1841.90625%2C%22mw%22%3A320%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 166489f1e5c39e83c5606c671097ec5ef4d45cbbc04d46dbd31cd9f9b92b6bc5

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 394
date: Fri, 25 Sep 2020 13:31:06 GMT
content-encoding: gzip
access-control-allow-origin: *
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 200
x-served-by: cache-hhn4020-HHN
server: nginx
x-timer: S1601040666.964123,VS0,VE394
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 entities Show response
users.api.jeeng.com/ 236 B
444 B 4793ms
4781ms XHR
application/json 2a02:26f0:64::214:84d8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://users.api.jeeng.com/entities?url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&domain_id=VAkN2egYB1&read_only=false
Requested by: Host: sdk.jeeng.com
URL: https://sdk.jeeng.com/v3.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:64::214:84d8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Google Frontend / Express
Resource Hash: a05b6b902fc0110a35204d05a8360b0fcff6bf23859f7fca952444bf6184b248

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:10 GMT
etag: W/"ec-Sgdujy0zDXxAtyqjVjI7pGazUMg"
server: Google Frontend
x-powered-by: Express
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: d08147ce74e8cbd0a23f427661c66f03
cache-control: max-age=3600
content-length: 236

GET
H3-Q050 200 cb=gapi.loaded_2 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=gapi_iframes_style_bubble/exm=auth,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/ 27 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=gapi_iframes_style_bubble/exm=auth,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/cb=gapi.loaded_2

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca5398fb76a3d11f43a00312ca1f4a0b11cc37d1925d82bcc80c906ffc956ff2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 19:46:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Sep 2020 19:28:50 GMT
server: sffe
age: 150263
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9254
x-xss-protection: 0
expires: Thu, 23 Sep 2021 19:46:42 GMT

GET
H2 200 pmk-202003261.3.js Show response
widget.perfectmarket.com/komando/ 123 KB
33 KB 32ms
31ms Script
application/javascript 151.101.13.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/komando/pmk-202003261.3.js
Requested by: Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/komando/load.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.181 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdc6f35981582b0bb0423b70243eac10776c99215aaa26dede1b002555215e99

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: YhuGJjURZcrX1KZYhHO4_Ttv7PP3uqxa
content-encoding: gzip
etag: "b260aa8e83f78718a8ac4ccd94927248"
age: 1385641
x-cache: HIT, HIT
status: 200
content-length: 33475
x-amz-id-2: cNrRLa72/v6UnvurlXOsJ5bZiJqzmwaTi1RVqvmBuSdfobA5CBXoN9uSQRuW63SteLOzlj4gAAY=
x-served-by: cache-lax8639-LAX, cache-fra19173-FRA
last-modified: Mon, 30 Mar 2020 06:23:41 GMT
server: AmazonS3
x-timer: S1601040666.054714,VS0,VE1
date: Fri, 25 Sep 2020 13:31:06 GMT
vary: Accept-Encoding,,
x-amz-request-id: 816A0DEC5656CAD1
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 1, 1

GET
H2 200 code Show response
mrb.upapi.net/ 710 KB
225 KB 86ms
86ms Script
application/javascript 2606:4700:20::681a:91b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrb.upapi.net/code?w=5715376530784256&upapi=true
Requested by: Host: mrb.upapi.net
URL: https://mrb.upapi.net/org?o=5714937848528896&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:91b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52d1fa8a9ebff6670209bdaf47bafa374eb128a7c83a73d372f5538fbaa2e6e1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:06 GMT
via: 1.1 google
cf-cache-status: HIT
age: 1045
status: 200
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 05670ee5c000002b12778e7200000001
server: cloudflare
etag: W/"1e4b92d725f13691728721882c009b60"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800, must-revalidate
cf-ray: 5d851a82cb8f2b12-FRA

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 108 KB
28 KB 96ms
39ms Script
application/javascript 13.226.159.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-204.dus51.r.cloudfront.net
Software: Server /
Resource Hash: 02a2079808b1d062ff16a7d19627e9ee4a94f989aa879d9f81333364fa5a8ea0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:10:26 GMT
content-encoding: gzip
server: Server
age: 1239
etag: 7332ce399a8e629a25d60312745ef936
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: UjrcHzIOMHDSo5jRHX64Wz5bD--uUfSRC1WRDATUEPnjAo5VZ3_Png==
via: 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)

GET
H3-Q050 200 subscribe_embed
www.youtube.com/ Frame 5C41 0
0 62ms
61ms Document
text/html 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCU9HtOaaO-lcitPVVdsq99w&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/cb=gapi.loaded_0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /subscribe_embed?action_card=1&channelid=UCU9HtOaaO-lcitPVVdsq99w&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: VISITOR_INFO1_LIVE=HsDAxCAOwNk; YSC=92xi1eSYFXI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
content-encoding: br
cache-control: no-cache
content-length: 326
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
expires: Tue, 27 Apr 1971 19:44:06 GMT
content-type: text/html; charset=utf-8
date: Fri, 25 Sep 2020 13:31:06 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: GPS=1; path=/; domain=.youtube.com; expires=Fri, 25-Sep-2020 14:01:06 GMT
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 border_3.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 43 B
65 B 36ms
14ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/border_3.gif

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 361481
content-type: image/gif
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:25 GMT

GET
H3-Q050 200 spacer.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 43 B
397 B 34ms
12ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/spacer.gif

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 361481
content-type: image/gif
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:25 GMT

GET
H3-Q050 200 bubbleSprite_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 318 B
344 B 32ms
14ms Image
image/png 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 361481
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 318
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:25 GMT

GET
H3-Q050 200 bubbleDropR_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 116 B
149 B 31ms
13ms Image
image/png 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 361481
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:25 GMT

GET
H3-Q050 200 bubbleDropB_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 117 B
142 B 31ms
14ms Image
image/png 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:25 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 361481
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:25 GMT

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
384 B 149ms
149ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22kimkomando%22%2C%22widget_creator_screen_name%22%3A%22kimkomando%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22l%3Awithcount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1601040666097%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22219d021%3A1598982042171%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22follow%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 120
pragma: no-cache
last-modified: Fri, 25 Sep 2020 13:31:06 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 967b92f0cb82fda8c4ae3bcc5b94f6d1
x-transaction: 0060783000d8359e
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 608 B
1 KB 111ms
56ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

436e80e0cd3fb887309561487734b026f02258d3f092b9a038b5ab1ec6aaa1e2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 25 Sep 2020 13:31:06 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 82.102.18.235; 82.102.18.235; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.103:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d5dcf276-78be-4a7e-874f-4b79ecdfcfdf
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 prebid Show response
ads.yieldmo.com/exchange/ 0
224 B 121ms
46ms XHR
text/plain 52.209.188.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/exchange/prebid?p=%5B%7B%22placement_id%22%3A%22Komando_Adhesion%22%2C%22callback_id%22%3A%22893a3da42006e5%22%2C%22sizes%22%3A%5B%5B1%2C1%5D%2C%5B728%2C90%5D%2C%5B970%2C90%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%2C%7B%22placement_id%22%3A%22Komando_Leaderboard_1%22%2C%22callback_id%22%3A%229414a1ba110499%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%2C%7B%22placement_id%22%3A%22Komando_Right_Rail_1%22%2C%22callback_id%22%3A%2210298fd9f6cce2e%22%2C%22sizes%22%3A%5B%5B300%2C600%5D%2C%5B160%2C600%5D%2C%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%2C%7B%22placement_id%22%3A%22Komando_Right_Rail_3%22%2C%22callback_id%22%3A%2211de28576ddb42a%22%2C%22sizes%22%3A%5B%5B300%2C600%5D%2C%5B160%2C600%5D%2C%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%2C%7B%22placement_id%22%3A%22Komando_Right_Rail_4%22%2C%22callback_id%22%3A%2212c3ca3068db8a2%22%2C%22sizes%22%3A%5B%5B300%2C600%5D%2C%5B160%2C600%5D%2C%5B300%2C250%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%5D&page_url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&bust=1601040666175&pr=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&scrd=1&dnt=false&e=0&description=If%20your%20device%20is%20infected%20with%20Lokibot%20malware%2C%20kiss%20your%20credit%20cards%20goodbye.%20This%20keylogger%20can%20capture%20everything%20you%20type.&title=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3Afalse%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=8c27c76c-13c4-44cc-94ce-925d6106a7e5&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.188.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-188-101.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:06 GMT
status: 204
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
x-robots-tag: none,NOINDEX,NOFOLLOW
access-control-request-headers: Cache-Control, Pragma

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
425 B 67ms
24ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:31:06 GMT
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
cf-ray: 5d851a83f85308ab-CDG
access-control-allow-headers: Content-Type, Origin
cf-request-id: 05670ee67c000008ab44a54200000001

POST
H2 200 auction Show response
tlx.3lift.com/header/ 21 KB
6 KB 384ms
318ms XHR
application/json 35.157.104.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=3.26.0&referrer=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tmax=1200&gdpr=false

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.104.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-104-14.eu-central-1.compute.amazonaws.com

Software

Resource Hash

d5391db155b16023a08f123e0cfd5c833d65a8f1d50f87bf195bc3f25cca3451

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:06 GMT
content-encoding: gzip
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.komando.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 5893
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST 25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 0
0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 613 B
1 KB 127ms
65ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

1c8e23b28540c9a6c6cdfc331f245b35d11f84e5de0619c933258eb8ed974587

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 25 Sep 2020 13:31:06 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 82.102.18.235; 82.102.18.235; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.81:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d89c13f0-a661-4731-9bb4-2ba8095486a7
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 4 KB
4 KB 225ms
123ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=2&alt_size_ids=55%2C221&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=8f3f5c92-50b1-4422-86f0-2aa5c7fe3f2e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.19631262553980466
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: a3424bb0fb20a47d1806c2ba2c741502e84fde1358df4450adba707df6d0ccd8

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:06 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 2242
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 239 B
2 KB 256ms
152ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=2&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=9f0a930c-debc-42f5-8041-89a8f42dd0d9&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.38048751051401153
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: f403985da17a23ec32f8e36227c17e9f17e631eed5f760340a2d04385cb47c96

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:06 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 239
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 5 KB
4 KB 251ms
146ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=15&alt_size_ids=9%2C10&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=847dfcdc-fa07-4e0f-a602-f59feb8ba9f0&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9648199853699189
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 84b2c3f57b4c2c7872c3fc061463fdb9c9df7fcf61a2fca19b9e98c22bda53af

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:06 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 2349
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 5 KB
4 KB 231ms
124ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=15&alt_size_ids=9%2C10&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=0fd5e1ca-e3c3-4c07-a994-29b78faeff18&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.1881271189495437
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: ff592f2f7d9a58ad2295ab0af7c19c580480f9515e0ec2b3a0831992318499ae

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:06 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 2346
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 5 KB
4 KB 252ms
140ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=15&alt_size_ids=9%2C10&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=53637285-6fc8-4fcb-b577-144ee825f141&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7337532625539012
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: cd91e6cc01731d085fcedda480d1f01e1bdb36e51332878bc76dc52ec648f4e6

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:06 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 2346
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 143ms
78ms XHR
text/plain 52.58.195.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=9MEQZN2deHJrCcpvbkL54Zkc&bidId=52814dd49acedbc&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.195.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-195-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 13:31:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 206ms
141ms XHR
text/plain 52.58.195.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=NsczxcWw93Nv4keUqcRTu8gR&bidId=535870cecf9e319&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.195.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-195-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 13:31:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 115ms
50ms XHR
text/plain 52.58.195.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=KYVqfjZMQtN1DsZXVKCAPhr2&bidId=5470d0ad53dbb71&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.195.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-195-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 13:31:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 120ms
55ms XHR
text/plain 52.58.195.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=NsczxcWw93Nv4keUqcRTu8gR&bidId=55bd20d52b0145f&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.195.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-195-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 13:31:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 172ms
108ms XHR
text/plain 52.58.195.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=KYVqfjZMQtN1DsZXVKCAPhr2&bidId=56818f5698fe906&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.195.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-195-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 13:31:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 115ms
51ms XHR
text/plain 52.58.195.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=NsczxcWw93Nv4keUqcRTu8gR&bidId=575b416ccfdde21&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.195.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-195-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 13:31:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 113ms
49ms XHR
text/plain 52.58.195.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=KYVqfjZMQtN1DsZXVKCAPhr2&bidId=58c03e8a35e1ba2&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.195.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-195-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 13:31:06 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
8 KB 59ms
19ms Script
application/javascript 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 403bfa21e733c139da9d7d87c48fa0ebbed91514fbbadf34cbc455294a004389

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:06 GMT
content-encoding: gzip
etag: "M/QWkfLVS4vR+GrkCudkBg=="
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Fri, 02 Oct 2020 13:31:06 GMT

GET
H2 200 bxl.js Show response
hbx.media.net/ 23 KB
9 KB 77ms
30ms Script
text/javascript 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=www.komando.com&version=&https=1

Requested by

Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

40bbe37ef3f30820bc6fe1c7fedf01d41f7e2716e1e2b5d01ebfa117eb43aabe

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Fri, 25 Sep 2020 13:31:06 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=86400
content-length: 8897
x-mnet-hl2: E
expires: Sat, 26 Sep 2020 13:31:06 GMT

GET
H/1.1 204
No Content b
sb.scorecardresearch.com/ 0
399 B 49ms
40ms Image
text/plain 23.37.53.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601040666247&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.53.17 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-53-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:06 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
491 B 96ms
24ms Image
image/x-icon 216.58.208.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.208.38 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s12-in-f38.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 05:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30338
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 26 Sep 2020 05:05:28 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
626 B 63ms
13ms Image
image/gif 2606:4700:20::ac43:4513
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.5495760605806306
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:06 GMT
via: 1.1 a7dcca466407f1871feceef50bc84272.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 1927
x-cache: Hit from cloudfront
status: 200
content-type: image/gif
content-length: 43
cf-request-id: 05670ee6d200001f41c5b07200000001
last-modified: Thu, 27 Jul 2017 18:59:05 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=86400
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 5d851a8488851f41-FRA
x-amz-cf-id: zx5or2QQz0UItFDMtwaIOBc4eiC9w6ElSPb05w8jTHIHaP1qWucf7A==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 132 B
513 B 338ms
329ms XHR
text/javascript 13.226.159.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&pid=ugoQacFMpuhUL&cb=0&ws=1600x1200&v=7.54.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%221x1%22%2C%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Adhesion%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Leaderboard_1%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Right_Rail_1%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Right_Rail_3%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Right_Rail_4%22%7D%5D&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-204.dus51.r.cloudfront.net
Software: Server /
Resource Hash: baccc36f4643b5739459f6075bbe88ef37d443e9c6a87e7b9f5c617774732094

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:06 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: DUS51-C1
status: 200
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 137
via: 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
x-amz-cf-id: EFFeNNe86VFN-qJdCcBJEKEY-tDic1HZNQ9Uz8-TVZErgA9efikX_A==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 103ms
35ms XHR
application/javascript 13.226.159.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-204.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 24 Sep 2020 17:38:37 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 71550
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Wed, 09 Sep 2020 11:16:19 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: XP-6v3rQMwypDbRcg1uStQnRUxCxMGHsBPpvVh0FmPuEhoLmEoOCxw==

GET
H2 200 rules-p-UeXruRVtZz7w6.js Show response
rules.quantcount.com/ 2 KB
1 KB 68ms
9ms Script
application/x-javascript 2600:9000:2182:7000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:7000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 12:54:36 GMT
content-encoding: gzip
last-modified: Thu, 07 Dec 2017 17:06:25 GMT
server: AmazonS3
age: 2191
etag: "cbc97d16c77ea1fcbbf42d246001e982"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: TZbnkwbklBfEyDY8ZLd7T3nki8BUvHd3jwtNi0fGamNLGhmjFxsOQg==
via: 1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)

GET
H2 200 checksync.php
hbx.media.net/ Frame 1F43 0
0 35ms
34ms Document
text/html 23.212.156.24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/checksync.php?&vsSync=1&cs=17&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C226%2C10000&usp_status=0&usp_consent=1&https=1&gdpr=1&gdprconsent=2

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=www.komando.com&version=&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.156.24 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-212-156-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: hbx.media.net
:scheme: https
:path: /checksync.php?&vsSync=1&cs=17&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C226%2C10000&usp_status=0&usp_consent=1&https=1&gdpr=1&gdprconsent=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Mon, 29 Mar 2021 13:31:06 GMT; domain=.media.net; Path=/; sameSite=none; secure=true visitor-id=2440422662122712000V10; Expires=Sat, 25 Sep 2021 13:31:06 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=25472
expires: Fri, 25 Sep 2020 20:35:38 GMT
date: Fri, 25 Sep 2020 13:31:06 GMT
content-length: 6817

GET
H2 200 pv Show response
backend.upapi.net/ 0
108 B 220ms
166ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://backend.upapi.net/pv?pid=Xw3gcJgyn&br=chrome&sid=6zbIZ5vS2&w=5715376530784256&cv=14b17a51-v2&r=false&upapi=true
Requested by: Host: mrb.upapi.net
URL: https://mrb.upapi.net/code?w=5715376530784256&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 13:31:06 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: https://www.komando.com
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

rtb-h
match.taboola.com/sg/mediaforcebidder-network/1/ Frame 9E3C
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=taboola
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=770e8b3e-80ca-4b24-92c8-148d7f5315ae
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=770e8b3e-80ca-4b24-92c8-148d7f5315ae&tbid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&query=taboola_hm%3D770e8b3e-80ca-...

0
53 B

57ms
39ms

Image
text/plain

151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=770e8b3e-80ca-4b24-92c8-148d7f5315ae&tbid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&query=taboola_hm%3D770e8b3e-80ca-4b24-92c8-148d7f5315ae&isDirect=0
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:07 GMT
via: 1.1 varnish
server: nginx
x-timer: S1601040668.939777,VS0,VE9
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn4020-HHN

Redirect headers

status: 302
tbl-x-upstream: 10.41.24.10:10213
date: Fri, 25 Sep 2020 13:31:07 GMT
server: nginx
x-fastly-to-nlb-rtt: 9331
location: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=770e8b3e-80ca-4b24-92c8-148d7f5315ae&tbid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&query=taboola_hm%3D770e8b3e-80ca-4b24-92c8-148d7f5315ae&isDirect=0

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 9E3C 0
239 B 136ms
31ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=16698
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

GET
H2

200

/
am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/ Frame 9E3C
Redirect Chain

https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Fam-sync.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D...
https://sync.mathtag.com/sync/img?mt_exid=113&redir=%2F%2Fpx.powerlinks.com%2Fuser%2Fsync%2Fdsps%3FuserId%3D%5BMM_UUID%5D%26sourceId%3Daa4e7548-789b-4df8-a72f-d951a5b206eb%26sync%3D0%26rurl%3Dhttps...
https://px.powerlinks.com/user/sync/dsps?userId=fb205f6d-f11a-4400-bf90-55f136e3b31f&sourceId=aa4e7548-789b-4df8-a72f-d951a5b206eb&sync=0&rurl=https%3A%2F%2Fam-sync.taboola.com%2Fsg%2Fpowerlinksdsp...
https://am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=bzwbK8psXXu2Az3UQ7l-AbZBQwqrdoBKa_jomkmHLgc%3D

45 B
271 B

34ms
22ms

Image
image/gif

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=bzwbK8psXXu2Az3UQ7l-AbZBQwqrdoBKa_jomkmHLgc%3D
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
tbl-x-upstream: 10.40.20.11:10213
date: Fri, 25 Sep 2020 13:31:10 GMT
server: nginx
x-fastly-to-nlb-rtt: 9791

Redirect headers

Location: https://am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=bzwbK8psXXu2Az3UQ7l-AbZBQwqrdoBKa_jomkmHLgc%3D
Date: Fri, 25 Sep 2020 13:31:10 GMT
Server: nginx
Connection: close
Etag: "SV0AGIH78fd219uNDrvHCGvKfgJZ8z1tGkPih8zROeU="
Content-Length: 0

GET
H2

204

/
am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/ Frame 9E3C
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fam-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc
https://am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=OBMkduWkbpW0&ev=1&orig=trc&pid=562107

0
217 B

765ms
36ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=OBMkduWkbpW0&ev=1&orig=trc&pid=562107
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
tbl-x-upstream: 10.41.32.36:10213
date: Fri, 25 Sep 2020 13:31:07 GMT
server: nginx
x-fastly-to-nlb-rtt: 9170

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
status: 302
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
location: https://am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=OBMkduWkbpW0&ev=1&orig=trc&pid=562107
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-577cbfbc5c-mmn9z
expires: -1

GET
H/1.1

200
OK

/
b1sync.zemanta.com/usersync/bluekai/callback/ Frame 9E3C
Redirect Chain

https://b1sync.zemanta.com/usersync/taboola/?puid={user_id}&cb=https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=__ZUID__&orig=trc
https://stags.bluekai.com/site/23178?id=Rhv-pEQa7VtQIbClAVTp&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LB...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LBNZ2GC4TUMIWW4ZLUO5XXE2ZPGEXXE5DCFVUC6P3FPBRWQYLOM5ST25DBMJXW63DBEZ2GCYTPN5WGCX3INU6VE...

26 B
127 B

364ms
91ms

Image
image/gif

64.202.112.191
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LBNZ2GC4TUMIWW4ZLUO5XXE2ZPGEXXE5DCFVUC6P3FPBRWQYLOM5ST25DBMJXW63DBEZ2GCYTPN5WGCX3INU6VE2DWFVYEKULBG5LHIUKJMJBWYQKWKRYA
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.191 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:11 GMT
Content-Length: 26
Content-Type: image/gif

Redirect headers

Location: https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LBNZ2GC4TUMIWW4ZLUO5XXE2ZPGEXXE5DCFVUC6P3FPBRWQYLOM5ST25DBMJXW63DBEZ2GCYTPN5WGCX3INU6VE2DWFVYEKULBG5LHIUKJMJBWYQKWKRYA
Date: Fri, 25 Sep 2020 13:31:11 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 44dc
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2

200

/
am-sync.taboola.com/sg/appnexus-network/1/rtb-h/ Frame 9E3C
Redirect Chain

https://ib.adnxs.com/getuidnb?https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc
https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=7720794943134489858&orig=trc

0
226 B

1036ms
26ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=7720794943134489858&orig=trc
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
tbl-x-upstream: 10.40.0.117:10213
date: Fri, 25 Sep 2020 13:31:07 GMT
server: nginx
x-fastly-to-nlb-rtt: 9170

Redirect headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:06 GMT
X-Proxy-Origin: 82.102.18.235; 82.102.18.235; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.147:80
AN-X-Request-Uuid: e1115201-3012-402e-8e1c-6066beabad91
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=7720794943134489858&orig=trc
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame 9E3C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm=&google_sc=&google_tc=
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEB7Whqi1f5Kr1w1tUE9r7Bc&google_cver=1

0
181 B

36ms
36ms

Image
text/plain

151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEB7Whqi1f5Kr1w1tUE9r7Bc&google_cver=1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 8
date: Fri, 25 Sep 2020 13:31:06 GMT
via: 1.1 varnish
server: nginx
x-timer: S1601040667.659196,VS0,VE8
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn4020-HHN

Redirect headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:06 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEB7Whqi1f5Kr1w1tUE9r7Bc&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 304
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK Pug
simage2.pubmatic.com/AdServer/ Frame 9E3C 42 B
879 B 1169ms
35ms Image
image/gif 185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMxNjAmdGw9MTI5NjAw&piggybackCookie=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:07 GMT
X-lat: Pug22019:0:567
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9E3C
Redirect Chain

https://am-sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699

170 B
242 B

76ms
17ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:07 GMT
server: HTTP server (unknown)
content-type: image/png
status: 200
cache-control: no-cache, must-revalidate
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

status: 302
tbl-x-upstream: 10.41.30.10:10213
date: Fri, 25 Sep 2020 13:31:07 GMT
server: nginx
x-fastly-to-nlb-rtt: 9170
location: https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699

GET
H2

204

/
am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/ Frame 9E3C
Redirect Chain

https://ib.adnxs.com/getuidnb?https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc
https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=7720794943134489858&orig=trc

0
218 B

1033ms
24ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=7720794943134489858&orig=trc
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
tbl-x-upstream: 10.41.24.10:10213
date: Fri, 25 Sep 2020 13:31:07 GMT
server: nginx
x-fastly-to-nlb-rtt: 9170

Redirect headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:06 GMT
X-Proxy-Origin: 82.102.18.235; 82.102.18.235; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.54:80
AN-X-Request-Uuid: d22ff660-db41-40e3-a908-bd5d93d41960
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=7720794943134489858&orig=trc
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame 9E3C
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=58a5806a-0c2d-4b10-a2a7-9d6ff0ab92ea

0
55 B

39ms
39ms

Image
text/plain

151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=58a5806a-0c2d-4b10-a2a7-9d6ff0ab92ea
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 8
date: Fri, 25 Sep 2020 13:31:06 GMT
via: 1.1 varnish
server: nginx
x-timer: S1601040667.788447,VS0,VE8
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn4020-HHN

Redirect headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:06 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=58a5806a-0c2d-4b10-a2a7-9d6ff0ab92ea
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 239

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame 9E3C
Redirect Chain

https://ce.lijit.com/merge?pid=42&3pid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&us_privacy=&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=42&3pid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&us_privacy=&gdpr=0&gdpr_consent=&dnr=1

0
433 B

48ms
44ms

Image
text/plain

72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=42&3pid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:06 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:06 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=42&3pid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap3ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 200 rtset
bh.contextweb.com/bh/ Frame 9E3C 49 B
406 B 109ms
108ms Image
image/gif 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=553204&ev=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
status: 200
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-577cbfbc5c-vmdcx
expires: -1

GET
H2

200

rtb-h
sync.taboola.com/sg/storygize-network/1/ Frame 9E3C
Redirect Chain

https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699
https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301

0
226 B

93ms
60ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
tbl-x-upstream: 10.41.30.18:10213
date: Fri, 25 Sep 2020 13:31:07 GMT
server: nginx
x-fastly-to-nlb-rtt: 9331

Redirect headers

Location: https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301
Pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: CP ALL ADM DEV PSAi COM OUR OTRo STP IND ONL
Content-Length: 0
expires: 0

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 9E3C 43 B
697 B 515ms
45ms Image
image/gif 185.86.139.89
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=107&partneruserid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&gdpr=0&gdpr_consent=
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:06 GMT
Cache-Control: no-cache,no-store
Content-Type: image/gif
Transfer-Encoding: chunked
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame 9E3C 42 B
233 B 286ms
98ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=281&r=%2F%2Ftrc.taboola.com%2Fsg%2Fadkernelrtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%7BUID%7D
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 Garden City, United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:07 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2 200 put
e1.emxdgt.com/ Frame 9E3C 43 B
124 B 7579ms
35ms Image
image/gif 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d41&uid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 13:31:14 GMT
content-length: 43
x-nosync: emp
content-type: image/gif

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame 9E3C 35 B
380 B 663ms
97ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-ServerName: Track002-dc3
Pragma: no-cache
Date: Fri, 25 Sep 2020 13:30:47 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H/1.1 204
No Content /
cds.taboola.com/ Frame 9E3C 0
157 B 1360ms
99ms Image
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cds.taboola.com/?uid=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&_r=9101937
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:08 GMT
cache-control: no-store
x-envoy-upstream-service-time: 1
Server: nginx
Connection: close

GET
H2

200

rtb-h
sync-t1.taboola.com/sg/bidswitch-network/1/ Frame 9E3C
Redirect Chain

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent=
https://p.rfihub.com/cm?in=1&pub=20513&ssp=taboola
https://x.bidswitch.net/sync?dsp_id=119&user_id=1875819620707266179&expires=30&ssp=taboola
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=da331b50-3ba1-4e8b-819a-5333885d3128

0
227 B

30ms
23ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=da331b50-3ba1-4e8b-819a-5333885d3128
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
tbl-x-upstream: 10.41.32.36:10213
date: Fri, 25 Sep 2020 13:31:10 GMT
server: nginx
x-fastly-to-nlb-rtt: 14742

Redirect headers

status: 302
date: Fri, 25 Sep 2020 13:31:10 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=da331b50-3ba1-4e8b-819a-5333885d3128
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3-Q050

200

B24459510.280362490;dc_pre=CISGzaG1hOwCFSWDgwcdZvQNFw;dc_trk_aid=474378669;dc_trk_cid=136557439;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consen...
ad.doubleclick.net/ddm/trackimp/N1153793.1006845TABOOLA.COM/
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N1153793.1006845TABOOLA.COM/B24459510.280362490;dc_trk_aid=474378669;dc_trk_cid=136557439;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;...
https://ad.doubleclick.net/ddm/trackimp/N1153793.1006845TABOOLA.COM/B24459510.280362490;dc_pre=CISGzaG1hOwCFSWDgwcdZvQNFw;dc_trk_aid=474378669;dc_trk_cid=136557439;ord=[timestamp];dc_lat=;dc_rdid=;...

42 B
168 B

47ms
47ms

Image
image/gif

216.58.208.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N1153793.1006845TABOOLA.COM/B24459510.280362490;dc_pre=CISGzaG1hOwCFSWDgwcdZvQNFw;dc_trk_aid=474378669;dc_trk_cid=136557439;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?;dc_ref=komando.com

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.208.38 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s12-in-f38.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:06 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N1153793.1006845TABOOLA.COM/B24459510.280362490;dc_pre=CISGzaG1hOwCFSWDgwcdZvQNFw;dc_trk_aid=474378669;dc_trk_cid=136557439;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?;dc_ref=komando.com
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

impression_pixel
t.myvisualiq.net/ul_cb/
Redirect Chain

https://t.myvisualiq.net/impression_pixel?r=[CACHEBUSTER]&et=i&ago=212&ao=994&aca=24459510&si=5791742&ci=136557439&pi=280362490&ad=474378669&advt=9697277&chnl=-7&vndr=115&sz=9665&u={AuctionID};&viq...
https://t.myvisualiq.net/ul_cb/impression_pixel?r=[CACHEBUSTER]&et=i&ago=212&ao=994&aca=24459510&si=5791742&ci=136557439&pi=280362490&ad=474378669&advt=9697277&chnl=-7&vndr=115&sz=9665&u={AuctionID...

43 B
577 B

33ms
24ms

Image
image/gif

3.126.247.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.myvisualiq.net/ul_cb/impression_pixel?r=[CACHEBUSTER]&et=i&ago=212&ao=994&aca=24459510&si=5791742&ci=136557439&pi=280362490&ad=474378669&advt=9697277&chnl=-7&vndr=115&sz=9665&u={AuctionID};&viq_did={device}&pt=I
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.247.13 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-247-13.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://t.myvisualiq.net/ul_cb/impression_pixel?r=[CACHEBUSTER]&et=i&ago=212&ao=994&aca=24459510&si=5791742&ci=136557439&pi=280362490&ad=474378669&advt=9697277&chnl=-7&vndr=115&sz=9665&u={AuctionID};&viq_did={device}&pt=I
Date: Fri, 25 Sep 2020 13:31:07 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1 200
OK visit.jpg
tps.doubleverify.com/ 305 B
440 B 1216ms
38ms Image
image/jpeg 213.254.244.24
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps.doubleverify.com/visit.jpg?ctx=3758893&cmp=24459510&sid=5791742&plc=280362490&adsrv=1&btreg=&btadsrv=&crt=&tagtype=&dvtagver=6.1.img&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.24 , Ireland, ASN3257 (GTT-BACKBONE GTT, DE),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: a78f3c394abdb5185b2a1235457e0e9a50b97625ef7c01a276a0aef6c5dd87fb

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:07 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: image/jpeg
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 9/24/2020 1:31:08 PM

GET
H2 204 social
trc.taboola.com/komando/log/3/ 0
59 B 51ms
38ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/social?route=AM:AM:V&lti=deflated&ri=d59ad0b255b1d4ca75f23cfd6537b2a3&sd=v2_ef9970f7a26e1c2b3121cb8f58af6915_f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699_1601040665_1601040665_CNawjgYQ58o9GMya16vMLiABKAEwSjjE1whA7IsQSMKY2gNQ7aEPWABgAGjipqqRsq2X4nA&ui=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601040665932&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%22%2C%22rref%22%3A%22%22%2C%22sref%22%3A%22_sessionPending_%22%2C%22hdl%22%3A%22Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet%22%2C%22sec%22%3A%22security-privacy%22%2C%22aut%22%3A%5B%22James%20Gelinas%22%2C%22Komando.com%22%5D%2C%22img%22%3A%22https%3A%2F%2Fwww.komando.com%2Fwp-content%2Fuploads%2F2020%2F09%2Flokibot-malware.jpg%22%2C%22v%22%3A15%2C%22pw%22%3Afalse%7D%5D%7D&tim=15%3A31%3A06.520&id=1645&llvl=1&cv=20200924-16-RELEASE&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 13:31:07 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4020-HHN
pragma: no-cache
server: nginx
x-timer: S1601040668.933663,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 pubfig.messaging.2.1.2.js Show response
a.pub.network/core/ 196 KB
51 KB 36ms
33ms Script
text/javascript 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6883ce59605b04b6c6782ba17cb02dae671c9228e429ced6c1ab1171a38e12a1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:06 GMT
content-encoding: br
cf-cache-status: HIT
x-guploader-uploadid: ABg5-UzlCZQbHEcuhmKxmG6SCdiALbP0Gf7LFvp1VD5Cq7Xa2dKRhh1rZE7LldyNNB6PESWRgntNy8eiwSF0OfO26tLQV-DwDg
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-type: text/javascript
cf-request-id: 05670ee7bc0000d6b92d1bf200000001
last-modified: Thu, 21 May 2020 18:48:40 GMT
server: cloudflare
etag: W/"a191b1edb3810d2c6bbd73bfed144567"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=ZRmSfw==, md5=oZGx7bOBDSxrvXO/7RRFZw==
x-goog-generation: 1590086920350282
cache-control: private, max-age=1800
x-goog-stored-content-length: 200438
cf-ray: 5d851a85f9ced6b9-FRA
expires: Fri, 24 Sep 2021 21:42:12 GMT

GET
H2 200 pixel;r=664565501;labels=title.Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet;rf=0;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylo...
pixel.quantserve.com/ 35 B
371 B 33ms
18ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=664565501;labels=title.Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet;rf=0;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F;fpan=1;fpa=P0-1048615638-1601040666561;ns=0;ce=1;qjs=1;qv=4f9b77f5-20200917130726;cm=;gdpr=0;ref=;d=komando.com;je=0;sr=1600x1200x24;enc=n;dst=1;et=1601040666561;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet%2Cdescription.If%20your%20device%20is%20infected%20with%20Lokibot%20malware%252C%20kiss%20your%20credit%20cards%20goodbye%252E%2Curl.https%3A%2F%2Fwww%252Ekomando%252Ecom%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F%2Csite_name.Komando%252Ecom%2Cimage.https%3A%2F%2Fwww%252Ekomando%252Ecom%2Fwp-content%2Fuploads%2F2020%2F09%2Flokibot-malware%252Ejpg%2Cimage%3Awidth.1200%2Cimage%3Aheight.675

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:07 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
status: 200
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
168 B 16ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.komando.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:31:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
168 B 15ms
14ms Script
application/javascript 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.komando.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:31:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 104 KB
34 KB 649ms
617ms XHR
text/plain 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1786646821579299&correlator=1723921295001399&output=ldjh&impl=fifs&eid=21067517%2C21067414&vrg=2020092201&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200925&iu_parts=15184186%2CKomando_Adhesion%2CKomando_Leaderboard_1%2CKomando_Right_Rail_1%2CKomando_Right_Rail_3%2CKomando_Right_Rail_4&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=1x1%7C728x90%7C970x90%2C728x90%2C300x600%7C160x600%7C300x250%2C300x600%7C160x600%7C300x250%2C300x600%7C160x600%7C300x250&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fspbg%3Dfreestar%26freestar_path%3D%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26freestar_domain%3Dkomando.com%26custom_bidder_size%3Drubicon_728x90%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.08%26hb_adid%3D59b22b092eb15c4%26hb_bidder%3Drubicon%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fspbg%3Dfreestar%26freestar_path%3D%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26freestar_domain%3Dkomando.com%26custom_bidder_size%3Drubicon_160x600%26hb_format%3Dbanner%26hb_size%3D160x600%26hb_pb%3D1.03%26hb_adid%3D611f83c028ad0b9%26hb_bidder%3Drubicon%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fspbg%3Dfreestar%26freestar_path%3D%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26freestar_domain%3Dkomando.com%26custom_bidder_size%3Drubicon_300x600%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D8.05%26hb_adid%3D60b9fe490b1db52%26hb_bidder%3Drubicon%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fspbg%3Dfreestar%26freestar_path%3D%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26freestar_domain%3Dkomando.com%26custom_bidder_size%3Drubicon_160x600%26hb_format%3Dbanner%26hb_size%3D160x600%26hb_pb%3D1.03%26hb_adid%3D62530e3beae7c3e%26hb_bidder%3Drubicon&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1601040666&dt=1601040666689&dlt=1601040664332&idt=1722&frm=20&biw=1600&bih=1200&oid=3&adxs=800%2C180%2C1080%2C1079%2C1079&adys=1199%2C944%2C1106%2C2439%2C7822&adks=1494144272%2C2773792623%2C2252915286%2C2269316213%2C2252560996&ucis=1%7C2%7C3%7C4%7C5&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&dssz=75&icsg=2315321292&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x-1%7C1263x112%7C322x626%7C320x600%7C320x600&msz=1600x-1%7C1241x90%7C320x620%7C320x600%7C320x600&ga_vid=1548064432.1601040665&ga_sid=1601040667&ga_hid=1147930810&fws=516%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

088c63ac9aaf5857af695cd4553585fd5955c6c483b21fb3174ad58a9c81cd90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34021
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,5334946462,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,138307166301,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.komando.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 container.html
d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 14ms
8ms Other
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 26ms
21ms Other
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H/1.1

200
OK

Cookie set iu3
aax-eu.amazon-adsystem.com/s/ Frame 6A6B
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t

0
0

193ms
191ms

Document
text/html

52.95.123.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.41 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A79gXqLFrEghhsZOBrKYlKE|t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Server: Server
Date: Fri, 25 Sep 2020 13:31:08 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 203
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie: ad-id=A79gXqLFrEghhsZOBrKYlKE; Domain=.amazon-adsystem.com; Expires=Thu, 01-Apr-2021 13:31:08 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Wed, 01-Oct-2025 13:31:08 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

Redirect headers

Server: Server
Date: Fri, 25 Sep 2020 13:31:08 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t
Set-Cookie: ad-id=A79gXqLFrEghhsZOBrKYlKE|t; Domain=.amazon-adsystem.com; Expires=Thu, 01-Apr-2021 13:31:08 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: User-Agent

GET
H2 200 container.html
d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 87EC 0
0 78ms
44ms Document
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 2973
date: Fri, 25 Sep 2020 13:31:07 GMT
expires: Sat, 25 Sep 2021 13:31:07 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html
d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame AEF7 0
0 69ms
42ms Document
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 2973
date: Fri, 25 Sep 2020 13:31:07 GMT
expires: Sat, 25 Sep 2021 13:31:07 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3b142f2fc1b181088ebc5bd873a725bba5e4ea24b20874e7880b163f778765e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600860702447659"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27610
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:07 GMT

GET
H2 200 container.html
d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 4F5F 0
0 45ms
44ms Document
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 2973
date: Fri, 25 Sep 2020 13:31:07 GMT
expires: Sat, 25 Sep 2021 13:31:07 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame D6F3 0
0 68ms
67ms Fetch
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsstn9j04JuLzRXCXkwo6H7uS_dSgwJ_Vbr2OMQVbb-XqWIlofFVYluA6xtQf0VVrblWIDxxp-0zNwZNc0IgJPORIXqPh_FNLstS_u38LM5WbquNDQsz_IjZskrY6M6K9MdKkSVHK45bW_cSs5GU3p7orSRbvqAdBF_bfejk8YSRKHrzoE5v_Nzix6tldeLcP0uKstGVjNgUBxYX9tXhU2JbpI4bfwJVjhXFGFrcuXLcjxJEDrAXmPQHMkruBYKcfWf3fPwuGnPJUd81tp30AmAC&sig=Cg0ArKJSzAEgGAB9kPOtEAE&urlfix=1&adurl=

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:31:07 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:07 GMT

GET
H2 200 prebid-universal-creative.js Show response
a.pub.network/core/ Frame D6F3 26 KB
9 KB 39ms
38ms Script
text/javascript 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-universal-creative.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ab080656fab6802aab402d3e385c6c3aa1715d4d962edd506907862dfdad8dc

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:07 GMT
content-encoding: br
cf-cache-status: HIT
x-guploader-uploadid: ABg5-UzjqSlwwU0CxWAN7iT5QXfvE__3rPqZh89oyRc261DkiSvC6l1hGQU7kwunS3j6JSXanBlKxq2IpgbQCBtJC68
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: text/javascript
cf-request-id: 05670eeb510000d6b92d1fb200000001
last-modified: Wed, 01 Apr 2020 21:06:56 GMT
server: cloudflare
etag: W/"3b5e5f4e87346c15537cc5cc5427de6a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=uEu8xg==, md5=O15fToc0bBVTfMXMVCfeag==
x-goog-generation: 1585775216018312
cache-control: public, max-age=86400
x-goog-stored-content-length: 26243
cf-ray: 5d851a8bbf24d6b9-FRA
expires: Thu, 24 Sep 2020 22:42:12 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame D6F3 75 KB
28 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b317742277d72c28cb24020d61cc7daecd4e51e48a68a16440d26bf1a008a129

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600860702447659"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28928
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:07 GMT

GET
H3-Q050 200 container.html
d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame B269 0
0 38ms
14ms Document
text/html 2a00:1450:4001:81a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 2973
date: Fri, 25 Sep 2020 13:31:07 GMT
expires: Sat, 25 Sep 2021 13:31:07 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 204 bulk Show response
trc.taboola.com/komando/log/3/ 0
254 B 56ms
52ms XHR
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/log/3/bulk?route=AM%3AAM%3AV&lti=deflated&bulkSize=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 24
date: Fri, 25 Sep 2020 13:31:07 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4020-HHN
pragma: no-cache
server: nginx
x-timer: S1601040668.575083,VS0,VE24
content-type: image/gif
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 creative_add_on.js Show response
cti.w55c.net/ct/ Frame D6F3 5 KB
2 KB 129ms
4ms Script
text/javascript 93.184.220.187
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cti.w55c.net/ct/creative_add_on.js?w=300&h=600&pos=&zindex=0&ci=XmPOD6NyhY&ei=RUBICON&ob=1&ai=0DjLlLDMO7&dvt=&epid=UkIxNjkyNA&esid=UkIxNTEzMTI&fiu=WG1VNHpSSTZPYg&s=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&abn=&ciu=XR7j09UNBu&btid=NWFkZTVjYTNmZjgwYmI3NmRkOGFiMWM0MzAwNDk5MWQyNWU0ZWFhYl8xMHxSRmpWdkxrWFY5fDE2MDEwNDA2NjYzNTN8MXxYbVU0elJJNk9ifFhSN2owOVVOQnV8MTcxOTU4MzczN19FWHw5NzY2MjcyfHx8fDE3LjBQfFVTRA&c=FR&dl=&dt=2dt0005&ean=&sd=komando.com&cip=
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.187 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F88) /
Resource Hash: e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:07 GMT
content-encoding: gzip
age: 240218
x-cache: HIT
p3p: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
status: 200
content-length: 2200
pragma: no-cache
last-modified: Tue, 16 Jun 2020 18:42:03 GMT
server: ECS (pab/6F88)
etag: "1987528901"
vary: Accept-Encoding
content-type: text/javascript
cache-control: no-cache, must-revalidate
accept-ranges: bytes
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 XassetdehLvq2l.jpg
ads.w55c.net/t/d/ Frame D6F3 71 KB
71 KB 15408ms
34ms Image
image/jpeg 68.232.34.237
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.w55c.net/t/d/XassetdehLvq2l.jpg?at=0&rtbhost=rtb01-c.eu.dataxu.net&btid=NWFkZTVjYTNmZjgwYmI3NmRkOGFiMWM0MzAwNDk5MWQyNWU0ZWFhYl8xMHxSRmpWdkxrWFY5fDE2MDEwNDA2NjYzNTN8MXxYbVU0elJJNk9ifFhSN2owOVVOQnV8MTcxOTU4MzczN19FWHw5NzY2MjcyfHx8fDE3LjBQfFVTRA&ei=RUBICON&ac=&js=0&ob=1&ccw=SUFCMTkjMC4xMzA5NDQxNnxJQUI2LTQjMC4xMzA5NDQxNnxJQUIxOS02IzAuMDkxOTI4OTR8SUFCMSMwLjA1OTkwODYzfElBQjIyLTIjMC4wNTMzMTk3OTd8SUFCMjItMSMwLjA1MzMxOTc5N3xJQUIyMi00IzAuMDUzMzE5Nzk3fElBQjIyLTMjMC4wNTMzMTk3OTd8SUFCMTQjMC4wNDU3NDYxOTJ8SUFCMTQtOCMwLjAzNzk3OTY5NnxJQUIyMiMwLjB8SUFCNiMwLjA&ci=XmPOD6NyhY&psid=&s=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&ts=1601040666358&c=FR&r=IDF&m=0&pc=93220&epid=UkIxNjkyNA&esid=UkIxNTEzMTI&mi=d2Vi&wp_exchange=NWP
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.34.237 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (pab/6EFA) /
Resource Hash: eeb3af8f1b68acd03bbf7577a8aeb0f2c1163e35de160f3fefe67dcda3b8e2e3

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:23 GMT
last-modified: Thu, 30 Jul 2020 16:21:49 GMT
server: ECAcc (pab/6EFA)
age: 593153
etag: "789de4de922d12c8e5f28157c94cf310"
x-amz-meta-width: 300
x-cache: HIT
content-type: image/jpeg
status: 200
x-amz-request-id: 6Y4Y7REVAG0M4REJ
x-amz-meta-filesize: 72226
x-amz-meta-height: 600
accept-ranges: bytes
content-length: 72226
x-amz-id-2: WN9rHO9zQYx0zEkwJ/inOaNrPZVd5MzeQXVjDEXTD0+Q4gSY4AVu6SxLOnLzX0bJqCTOpnv14mg=

GET
H/1.1 200 a.gif
i.w55c.net/ Frame D6F3 42 B
639 B 1401ms
25ms Image
image/gif 52.59.61.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.w55c.net/a.gif?t=0&rtbhost=rtb01-c.eu.dataxu.net&rts=1&btid=NWFkZTVjYTNmZjgwYmI3NmRkOGFiMWM0MzAwNDk5MWQyNWU0ZWFhYl8xMHxSRmpWdkxrWFY5fDE2MDEwNDA2NjYzNTN8MXxYbVU0elJJNk9ifFhSN2owOVVOQnV8MTcxOTU4MzczN19FWHw5NzY2MjcyfHx8fDE3LjBQfFVTRA&ei=RUBICON&wp_exchange=C27B3E042530F318&js=0&ob=1&ccw=SUFCMTkjMC4xMzA5NDQxNnxJQUI2LTQjMC4xMzA5NDQxNnxJQUIxOS02IzAuMDkxOTI4OTR8SUFCMSMwLjA1OTkwODYzfElBQjIyLTIjMC4wNTMzMTk3OTd8SUFCMjItMSMwLjA1MzMxOTc5N3xJQUIyMi00IzAuMDUzMzE5Nzk3fElBQjIyLTMjMC4wNTMzMTk3OTd8SUFCMTQjMC4wNDU3NDYxOTJ8SUFCMTQtOCMwLjAzNzk3OTY5NnxJQUIyMiMwLjB8SUFCNiMwLjA&ci=XmPOD6NyhY&fiu=WG1VNHpSSTZPYg&sd=komando.com&s=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&ts=1601040666358&ai=0DjLlLDMO7&c=FR&r=IDF&m=0&pc=93220&rnd=1364724481356013&epid=UkIxNjkyNA&esid=UkIxNTEzMTI&ct=b126c92c760c4964ba6058483a07fa14&os=WG9v&dc=NzI4NWEyMmNjZmE2NGM1Y2JmMzBmYzExNmQzNGFhNGU&dv=MUxWSXJn&dm=MU1mVG1SM2lGVA&l=ZW58ZW58&ri=2r0000&alg=TGcwMDA4&v=0&euid=MmZlMzBjOGQ2ZDhkNTMyYmIxODBkMGFjMjRhOWUzMDYzYjk4MTE3Mg&mt=2cmt0001&mi=d2Vi&dt=2dt0005&tz=RXVyb3BlL1Bhcmlz&sg=-SCsucFIICfkYfezyl5v9w
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.61.242 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-59-61-242.eu-central-1.compute.amazonaws.com
Software: PixelTracking/v2.0.30-576-g415c35e#rel-ec2-master i-0e2cfaf8c82314a26@eu-central-1b@dxedge-app-eu-central-1-prod-asg /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:08 GMT
Server: PixelTracking/v2.0.30-576-g415c35e#rel-ec2-master i-0e2cfaf8c82314a26@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 9db51ecd-0bab-491e-89e9-476babc2fe9c
beacon-eu2.rubiconproject.com/beacon/d/ Frame D6F3 43 B
268 B 910ms
33ms Image
image/avif 69.173.144.154
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon-eu2.rubiconproject.com/beacon/d/9db51ecd-0bab-491e-89e9-476babc2fe9c?oo=0&accountId=16924&siteId=151312&zoneId=730248&sizeId=10&e=6A1E40E384DA563B2E454F0F6053CB40C4744292C56CE2A9C76FA188B0D960041F263A028D86D63023F2EBA38C67A891E4A9AFA6E089EF849FF074BD44FD9EE59C67E07DE98476CB49E9BBA2284AD59340AFA6A08AE8758140EECC38AA30310C8989986CDD6E2311D0C25A7C8041FD4D6DE450AA01130EFC28A528A48935562162E26AA9D9805A3B6135086E7DDD7C3D5130ECC306FCF886F6BBDD0A67068D14FF8860F6BF823BD4B7841124066BA2996DFD7F4D219251EA5AB0BF2526570B97
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.154 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:07 GMT
Cache-Control: private, max-age=0, no-cache
Server: Rubicon Project
Content-Type: image/avif
Content-Length: 43
Expires: 01 Jan 1970 10:00:00 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
463 B 4631ms
249ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0fd27194f95dc70ab3db90fc41bf954eb609711bfb78253373bc838974f2866f

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 13:31:12 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

POST
H2 204 fullPageRevenue Show response
trc.taboola.com/komando/log/3/ 0
57 B 61ms
32ms XHR
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/log/3/fullPageRevenue
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 8
date: Fri, 25 Sep 2020 13:31:07 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4020-HHN
pragma: no-cache
server: nginx
x-timer: S1601040668.721334,VS0,VE8
content-type: image/gif
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 durly.js Show response
c.evidon.com/ Frame D6F3 4 KB
2 KB 5463ms
29ms Script
application/x-javascript 95.100.73.104
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/durly.js?;coid=292;nid=2532;ad_w=300;ad_h=600;ad_z=0
Requested by: Host: cti.w55c.net
URL: https://cti.w55c.net/ct/creative_add_on.js?w=300&h=600&pos=&zindex=0&ci=XmPOD6NyhY&ei=RUBICON&ob=1&ai=0DjLlLDMO7&dvt=&epid=UkIxNjkyNA&esid=UkIxNTEzMTI&fiu=WG1VNHpSSTZPYg&s=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&abn=&ciu=XR7j09UNBu&btid=NWFkZTVjYTNmZjgwYmI3NmRkOGFiMWM0MzAwNDk5MWQyNWU0ZWFhYl8xMHxSRmpWdkxrWFY5fDE2MDEwNDA2NjYzNTN8MXxYbVU0elJJNk9ifFhSN2owOVVOQnV8MTcxOTU4MzczN19FWHw5NzY2MjcyfHx8fDE3LjBQfFVTRA&c=FR&dl=&dt=2dt0005&ean=&sd=komando.com&cip=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.73.104 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-73-104.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 06f777ff38a8dd1b7583e8323755ef6ed1c5ab41107894ed98792553e82097ba

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:13 GMT
content-encoding: gzip
last-modified: Wed, 14 Nov 2018 17:30:33 GMT
server: AkamaiNetStorage
status: 200
etag: "2dfa8070bee860ca86deb1779cf87d3e:1542216642"
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 1605

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 8400 0
0 1808ms
32ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&gdpr=0&geo=eu&co=fr
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 24 Sep 2020 16:43:28 GMT
Content-Encoding: gzip
Content-Length: 9446
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=33882
Expires: Fri, 25 Sep 2020 22:55:51 GMT
Date: Fri, 25 Sep 2020 13:31:09 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame D6F3 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e683e849f4a29ef934b5be036422d994940d7448b0239236bf17093d0e4bd83e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 perf Show response
trc-events.taboola.com/komando/log/3/ 0
423 B 28ms
27ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/komando/log/3/perf?route=AM%3AAM%3AV&lti=deflated
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:09 GMT
server: nginx
x-fastly-to-nlb-rtt: 9340
status: 204
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
tbl-x-upstream: 10.41.32.34:10213

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
463 B 2266ms
125ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: f7d5b42f53668e5080beccc9ae7c2cb936ce23cf96c23f0b0f0a0f659c001750

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 13:31:12 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
463 B 1873ms
120ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 214ba7bea769b92906cbdc8b07a4c971a7c2040683cf150aac896e67253877ad

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 13:31:12 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 2EEE 0
0 130ms
37ms Document
text/html 23.210.249.83
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.83 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-83.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: "5e7a2cb3-cefd"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17037
Cache-Control: max-age=86402
Expires: Sat, 26 Sep 2020 13:31:14 GMT
Date: Fri, 25 Sep 2020 13:31:12 GMT
Connection: keep-alive

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame D1AA 0
0 24ms
22ms Document
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 204
date: Fri, 25 Sep 2020 13:31:12 GMT
set-cookie: __cfduid=dfd4fec011855620fc22850dba94417631601040672; expires=Sun, 25-Oct-20 13:31:12 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin
access-control-allow-methods: GET, HEAD, POST, OPTIONS
cf-request-id: 05670eff74000008ab44824200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 5d851aabe8bd08ab-CDG

GET
H2

200

sync
eb2.3lift.com/ Frame CA92
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

38ms
22ms

Document
text/html

52.57.173.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.173.127 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-173-127.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=10658422716851948256
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
date: Fri, 25 Sep 2020 13:31:12 GMT
content-type: text/html; charset=utf-8
content-length: 468
set-cookie: sync=CgoIgQIQxM_Xq8wuCgoIoQEQxM_Xq8wuCgoI4gEQxM_Xq8wuCgoI5gEQxM_Xq8wuCgoI1gEQxM_Xq8wuCgoIhwIQxM_Xq8wuCgkIOhDEz9erzC4KCQgLEMTP16vMLgoJCF8QxM_Xq8wuCgkIHxDEz9erzC4=; Max-Age=7776000; Expires=Thu, 24 Dec 2020 13:31:12 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=10658422716851948256; Max-Age=7776000; Expires=Thu, 24 Dec 2020 13:31:12 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Fri, 25 Sep 2020 13:31:12 GMT
content-length: 0
set-cookie: tluid=10658422716851948256; Max-Age=7776000; Expires=Thu, 24 Dec 2020 13:31:12 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 3183 0
0 34ms
33ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=0&gdpr_consent=
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 24 Sep 2020 16:43:28 GMT
Content-Encoding: gzip
Content-Length: 9446
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=33879
Expires: Fri, 25 Sep 2020 22:55:51 GMT
Date: Fri, 25 Sep 2020 13:31:12 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 ba.js Show response
c.evidon.com/geo/ Frame D6F3 41 KB
12 KB 29ms
28ms Script
application/x-javascript 95.100.73.104
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/ba.js?r181114
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/durly.js?;coid=292;nid=2532;ad_w=300;ad_h=600;ad_z=0
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.73.104 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-73-104.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c569a275e7295dd7aaf172184dc86efc15f04168ee2f898d018594c98d0412d1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:13 GMT
content-encoding: gzip
last-modified: Wed, 14 Nov 2018 17:29:12 GMT
server: AkamaiNetStorage
status: 200
etag: "1eb6aa78a27ca086a4ef394be0872b12:1542216555"
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 12440

GET
H2 200 4.gif
c.evidon.com/a/ Frame D6F3 43 B
327 B 31ms
31ms Image
image/gif 95.100.73.104
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/a/4.gif
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.73.104 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-73-104.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:13 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2010 17:07:29 GMT
server: AkamaiNetStorage
status: 200
etag: "65786c291a4603aa5150a1884452838d:1271351254"
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS,POST
content-type: image/gif
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 53

GET
H2 200 2532.js Show response
c.evidon.com/a/n/292/ Frame D6F3 2 KB
1018 B 29ms
29ms Script
application/x-javascript 95.100.73.104
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/n/292/2532.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r181114
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.73.104 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-73-104.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c427820d10fd65f85b3f4165edd9586dedb7050815e868589fa5053427141ad0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:13 GMT
content-encoding: gzip
last-modified: Wed, 29 Apr 2020 21:14:41 GMT
server: AkamaiNetStorage
status: 200
etag: "c7fc1b40bd9577a21bcb7652721eca53:1588194881.633596"
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=600
accept-ranges: bytes
access-control-allow-headers: *
content-length: 730

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 296 KB
102 KB 61ms
41ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7db90d988f2d569ee665c1666e383f3ccb226e4532320946bb42d09702c6ed8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104172
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:13 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 94ms
92ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9113&val=ima&wnx=0&abc=&ty=ami&v=0&ext=0&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:13 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

OPTIONS
H2 200 playlist
trafficmanager.anyclip.com/trafficmanager/api/v2/player/ Frame 0
0 329ms
97ms Other
text/plain 52.206.86.50
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trafficmanager.anyclip.com/trafficmanager/api/v2/player/playlist?
Protocol: H2
Server: 52.206.86.50 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.komando.com
Sec-Fetch-Mode: cors

Response headers

status: 200
date: Fri, 25 Sep 2020 13:31:14 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
allow: HEAD,POST,GET,OPTIONS

POST
H2 200 playlist Show response
trafficmanager.anyclip.com/trafficmanager/api/v2/player/ 15 KB
3 KB 108ms
107ms Fetch
application/json 52.206.86.50
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trafficmanager.anyclip.com/trafficmanager/api/v2/player/playlist?
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.206.86.50 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 9c49fdcc3ebafd488bf5c0f7e8d5d883f03ba7bef90e5d85bfa9877b134c8dd0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/no-referrer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 25 Sep 2020 13:31:14 GMT
content-encoding: gzip
status: 200
vary: accept-encoding
access-control-allow-methods: GET,POST
content-type: application/json
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 100ms
96ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9127&val=0&wnx=0&abc=&ty=prq&v=0&ext=0&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:13 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H3-Q050 200 bridge3.411.1_en.html
imasdk.googleapis.com/js/core/ Frame 5C48 0
0 42ms
17ms Document
text/html 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.411.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 193074
date: Tue, 22 Sep 2020 18:42:18 GMT
expires: Wed, 22 Sep 2021 18:42:18 GMT
last-modified: Tue, 22 Sep 2020 18:32:46 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 240535
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 26 KB
10 KB 118ms
93ms Script
text/javascript 2a00:1450:4001:819::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10523
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:13 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 104ms
103ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9572&val=%7B%22userAgent%22%3A%7B%22allow%22%3Atrue%2C%22software%22%3A%7B%22nameCode%22%3A%22chrome%22%2C%22ver%22%3A%2283%22%7D%2C%22os%22%3A%7B%22nameCode%22%3A%22macos%22%2C%22ver%22%3A%22Mojave%22%7D%2C%22hw%22%3A%7B%22type%22%3A%22computer%22%2C%22subType%22%3Anull%7D%7D%7D&wnx=0&abc=&ty=prs&v=0&ext=0&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK play-big.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 650 B
1 KB 115ms
36ms Image
image/svg+xml 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/play-big.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 3cc9389c9cfdbc0fb7c282c3026c3cd9c11894913f4cf60cf9d1140a1415ad0a

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Content-Encoding: gzip
Age: 12308
Connection: keep-alive
Content-Length: 400
x-amz-id-2: 2ZRGmD+kh257W9+vyOdL6QpvAOGlYqi9dgt1aL0FP89CyWLDvZNesGZlGXxYDzF/4PQZCl44NDY=
Last-Modified: Tue, 06 Aug 2019 13:18:15 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 842E25E42F23E437
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 14:06:06 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: P54LBC7dA7.CKZKZL0usNEXn5r08cUmk
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: f5b7782cb2e69f7fac52cc3e4a467efa
x-amz-meta-s3b-last-modified: 20190806T131201Z

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 109ms
93ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9687&val=&wnx=0&abc=&ty=cuc&v=0&ext=0&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 109ms
91ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9688&val=0&wnx=0&abc=&ty=wre&v=0&ext=0&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK anyclip-logo.png
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 1 KB
2 KB 70ms
37ms Image
image/png 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/anyclip-logo.png
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: a9face165b5af8cc8cd1aef61858dc946c4296ee34ef63790747394d4f25c38b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Age: 7682
Connection: keep-alive
Content-Length: 1316
x-amz-id-2: N/VDY41NRXTx/nPQAv9dDCcMACdcAIt2Fm18wi1xCY9RUyh4EgW+SPCtCrkLkstP59oOzMRV7GM=
Last-Modified: Thu, 20 Dec 2018 13:30:18 GMT
Server: AmazonS3
x-amz-request-id: BB40BB343D4078AE
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 15:23:12 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: OklAUkiF01qvm0z5Jbxqbgl4N5mndRTg
Accept-Ranges: bytes
Content-Type: image/png
X-LLID: 6101c465d501148067c3dd206fdc3536
x-amz-meta-s3b-last-modified: 20180812T120014Z

GET
H/1.1 200
OK venturebeat-close-btn.svg
anyclip-player.s3.amazonaws.com/anyclip-widget/lre-widget/assets/lre_theme/ 802 B
1 KB 1442ms
122ms Image
image/svg+xml 52.217.101.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anyclip-player.s3.amazonaws.com/anyclip-widget/lre-widget/assets/lre_theme/venturebeat-close-btn.svg
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.101.196 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0fbdde14de3aa39d2b3ef4a34deef57b0a4905a2464f7b257b600bd696e6b6c4

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-meta-cb-modifiedtime: Wed, 01 Apr 2020 19:12:29 GMT
Date: Fri, 25 Sep 2020 13:31:16 GMT
Last-Modified: Wed, 01 Apr 2020 19:17:30 GMT
Server: AmazonS3
x-amz-request-id: 10C3E247893B7870
ETag: "3908f3e1f2497918401dab39cfb9727b"
x-amz-version-id: 6LuYe03Jb9Jy8U.xUPb4addAqbVIp5tw
Accept-Ranges: bytes
Content-Type: image/svg+xml
Content-Length: 802
x-amz-id-2: lghHJJ7rMP3CxMnw5KwvfLW8VQ/KdBg4b7q58T5waT54v0avkRTvLUi0cRqwa37GC7C0U/7HwyA=

GET
H/1.1 200
OK 1600689719929_480x270_thumbnail.jpg
cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/ 14 KB
15 KB 226ms
48ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/1600689719929_480x270_thumbnail.jpg?wid=0011r00002HG7NL_1462
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: bcdf7b6ec5fe23c3049d66b4a6f1881cb1a6dfbbbd52088c60b4f0b6c538f36d

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Last-Modified: Mon, 21 Sep 2020 12:02:00 GMT
Server: AmazonS3
Age: 24986
x-amz-id-2: Y7A0zFA2ota/379OEKfR4pC5ix2G/AosSdDDzsQoJGATXb/cbcF8Io87clM7gCTA6oH+tRYYZy8=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 14817
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: DDA5D21089D6FCA3
X-LLID: 579da4cd968ba4f2c0fd544f0e11da60

GET
H/1.1 200
OK scroll-right.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 645 B
1 KB 37ms
36ms Image
image/svg+xml 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/scroll-right.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 6c73cf3d94d29e498f66facb6891a9be80ef4f5caee6c9b09e6128b167b3c966

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Content-Encoding: gzip
Age: 9031
Connection: keep-alive
Content-Length: 403
x-amz-id-2: nLnfk/r/mIXzGPk6s/OAXbdiUorGp0Dst2sOdUesks19NoBk9ZzcrAStbBxZFu6HfLuA3cKNJuI=
Last-Modified: Thu, 09 Aug 2018 13:37:36 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 234AAB5878CD704F
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 15:00:43 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: LWFiUmbBDbZYtKTcsVUC4L21DxkdHU5h
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 0afe0214afa56cabb3c772d156ed29d7
x-amz-meta-s3b-last-modified: 20180710T071342Z

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 107ms
101ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9722&val=0&wnx=0&abc=&ty=pll&v=0&ext=0&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK 1600689719880_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/ 8 KB
8 KB 190ms
43ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/1600689719880_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 39cb24159c965e9896b3b1d3ecf5e29e88bdd771bc50a0d3c417d8ce2875236b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Last-Modified: Mon, 21 Sep 2020 12:02:00 GMT
Server: AmazonS3
Age: 49456
x-amz-id-2: 4mnG1QZgKT75BOtD/W5L67KbE4/ybPFKRKe67pTxedQdiA0+fqmmkRdWL61VXby+8g+v8vWC000=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 7769
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 83FB68FB573AD895
X-LLID: 31fbd25911f62abc24ea1eaf2ee5bebd

GET
H/1.1 200
OK 1600655131888_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSuesPjHXgLKT6SHgGH/ 12 KB
12 KB 257ms
45ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSuesPjHXgLKT6SHgGH/1600655131888_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 8bdab1eac9d2b05029f47b7436dfacc93b2cc5f89f4b8dff900c98c9a0774ebd

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Last-Modified: Mon, 21 Sep 2020 02:25:32 GMT
Server: AmazonS3
Age: 54039
x-amz-id-2: nmaCs2pd+i1+7NBrkr3+VZB7Ju5CpojTNBf6xYLrcWYaP2C9rBF3II43A5gRiLw82ZUbI3mZHcI=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 12300
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: F554B11C857A616F
X-LLID: eaafe55e3ac2807ab459b7ae77ac692b

GET
H/1.1 200
OK 1600711422645_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSx1Ykg_m-VE7xV7Na_/ 18 KB
18 KB 308ms
33ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSx1Ykg_m-VE7xV7Na_/1600711422645_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 776bc870aebdc54c7bfac7b59b26cd7fd79f7119ba5c14094ef8da5545ce237b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Last-Modified: Mon, 21 Sep 2020 18:03:43 GMT
Server: AmazonS3
Age: 5638
x-amz-id-2: DijXmex14r4Njo42c7yCZCubuOh0eWi0o476ozWWKgbzV26831oa64No1RqhL8BTf7jbdCaDaH0=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 18088
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 3825662F6EB31021
X-LLID: 51e6e4acfe34fa2d57ee830b8ce96159

GET
H/1.1 200
OK 1600430448089_248x140_thumbnail.jpg
cdn5.anyclip.com/AXShFhuR8FeKAZ26JZ_N/ 7 KB
7 KB 351ms
34ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXShFhuR8FeKAZ26JZ_N/1600430448089_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: f00dd1db7de0e8916241284a33f65ff7a044c45ed2a7c1ee969f084cf6b0d63b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Last-Modified: Fri, 18 Sep 2020 12:00:49 GMT
Server: AmazonS3
Age: 90879
x-amz-id-2: DjCoKN4XU5/sbWD9DXOgqLccexMp7a6U+tGlyRMFSxM5SKHxIXr2Iwtbzqeibmz2h9W7nHSb1gY=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 6938
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: BF420773E445FEE5
X-LLID: aa06cb03731a63661270de5070b4bcf9

GET
H/1.1 200
OK 1600859101229_248x140_thumbnail.jpg
cdn5.anyclip.com/AXS6oxpBWFtAUqhf4Fii/ 25 KB
26 KB 389ms
36ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXS6oxpBWFtAUqhf4Fii/1600859101229_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 2cecc971cba1f2e7b8891f65ae30fa0fb7dd9972a8342ff3bed23e4ba38cb978

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Last-Modified: Wed, 23 Sep 2020 11:05:02 GMT
Server: AmazonS3
Age: 19132
x-amz-id-2: Qq8ee7aQ3Tb3xVs4QypE0ZpMPVW0LxMj/2iHE8J8g5se0JR2y0y39UOU831XJi7xGJukcLRfYkA=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 25901
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: BE506F031D0B1FCA
X-LLID: 5b5e7417da6c019cc0196c22c1ef4e6a

GET
H/1.1 200
OK 1600046742822_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSKN2lyd5xZlIas6-Ym/ 25 KB
25 KB 224ms
35ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSKN2lyd5xZlIas6-Ym/1600046742822_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 772f30f80abc4903d2b32118044a9c210abb95bdf422f8e22c9923fe18a1611f

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Last-Modified: Mon, 14 Sep 2020 01:25:43 GMT
Server: AmazonS3
Age: 141097
x-amz-id-2: nCaEc5mduUykzcfrl+XQBnFeGAUbuPiCoyhPTaJFybUHaHyKpjl7HghnNsdyxTDZCcpIIk9t/Xc=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 25538
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 1VFMFP0VBW3X3X7G
X-LLID: 1e524c7ee50ac328042c0ad3d35d5626

GET
H/1.1 200
OK 1600103753256_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSNnSJn0rh-7rkqqyvZ/ 12 KB
12 KB 243ms
52ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSNnSJn0rh-7rkqqyvZ/1600103753256_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 6f613a44dbe81266c39e923fbf649e2a37670c6329d52d12f6a3b1c0addf4232

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Last-Modified: Mon, 14 Sep 2020 17:15:54 GMT
Server: AmazonS3
Age: 73649
x-amz-id-2: A2pwpovk7PG/HjzhB4BPkbdmy/rkpJcTkqOanl1GE2zCwV6oudffePkqa6/gDogHVHlegVhrUi4=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 11971
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 95D47102AE2D9B2B
X-LLID: adbd8972ea71a30ecf3c3a360ffcb9c3

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 103ms
99ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9815&val=375&wnx=0&abc=&ty=psw&v=0&ext=0&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 104ms
93ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9815&val=211&wnx=0&abc=&ty=psh&v=0&ext=0&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK 1600689646679_subtitles.vtt Show response
cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/ 2 KB
2 KB 148ms
48ms XHR
application/octet-stream 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/1600689646679_subtitles.vtt
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 90dd355c112d81a2acb4e3647df6d4a7cf473b52e46cc8ddb81e950b81330075

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Last-Modified: Mon, 21 Sep 2020 12:00:47 GMT
Server: AmazonS3
Age: 24986
x-amz-id-2: BDmWV7ZNjU/jPw4sYDnYILTJVgSycEjC7CxoXZs5LPua8wPx2/z8iguTiitl86Aw5kaWI179Joc=
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 1896
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: DKDWDN2R7S7P5M2J
X-LLID: c3559d90d214b3d868fe2b2e5600fbf9

GET
H/1.1 200
OK watch.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 364 B
982 B 249ms
35ms Image
image/svg+xml 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/watch.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 67386f7f6c11079518c59fdca44b5a6c5b17f4b8cda8ead4e993f3b2dfda0e5d

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Content-Encoding: gzip
Age: 11737
x-amz-meta-sha256: 67386f7f6c11079518c59fdca44b5a6c5b17f4b8cda8ead4e993f3b2dfda0e5d
Connection: keep-alive
Content-Length: 245
x-amz-id-2: 2nGMXII0jg7YAkO3jU84XMesq35GbzJUyaLc24gp3i1+Or8LOhiV8RiCVaoYVCN0E/cyPX8iy3Y=
Last-Modified: Tue, 04 Aug 2020 10:39:53 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: F5D829359B29FCE1
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=14400
x-amz-meta-s3b-last-modified: 20200804T103752Z
x-amz-version-id: jJ7plitpaP9q57Aey2ETnqu6JQKZQWu3
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 4cf8b349ca7c349b19c9e331009b4b55
Expires: Fri, 25 Sep 2020 14:15:37 GMT

GET
H/1.1 200
OK like.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 401 B
1 KB 268ms
39ms Image
image/svg+xml 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/like.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 453e9cc6fc295196d8914da9858a388ce58a1dcb9b033aab9037aa2badbbc0d9

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Content-Encoding: gzip
Age: 11737
x-amz-meta-sha256: 453e9cc6fc295196d8914da9858a388ce58a1dcb9b033aab9037aa2badbbc0d9
Connection: keep-alive
Content-Length: 287
x-amz-id-2: YJwcVjjXEYHrgbfUQ0ZprM+hynZGigUcRCrQAb35V3o7TeudfG+54d8Yf0o2jYAbR1wWkA0is7Y=
Last-Modified: Tue, 04 Aug 2020 10:39:58 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 9ZAG8KANCKER4H5Y
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=14400
x-amz-meta-s3b-last-modified: 20200804T103803Z
x-amz-version-id: AgMuGLHw2p4hvvpUt5__8K6ZhGhprdTJ
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: bd93db8778824ba442648b06ef36ac53
Expires: Fri, 25 Sep 2020 14:15:37 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 96ms
93ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=9916&val=&wnx=1&abc=&ty=pli&v=0&ext=0&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 206
Partial Content 1600689865945_480x270_video.mp4
cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/ 3 MB
0 253ms
39ms Media
video/mp4 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/1600689865945_480x270_video.mp4?wid=0011r00002HG7NL_1462
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

Date: Fri, 25 Sep 2020 13:31:15 GMT
Last-Modified: Mon, 21 Sep 2020 12:04:26 GMT
Server: AmazonS3
Age: 24987
x-amz-id-2: BgpIqs+JoUCJHc7WNrS+rqEvN+PaqQtCZYecFst+AWifQ8iAAR8/Z8lM9u67MJL69zQL7PeDGTs=
Content-Type: video/mp4
Content-Range: bytes 0-5171122/5171123
Cache-Control: public,max-age=86400
x-amz-request-id: 297E3DE9BD5BF6D2
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 5171123
X-LLID: cf3c9966cf5184127ec2d2001b30873c

OPTIONS
H2 200 action
trafficmanager.anyclip.com/trafficmanager/api/videos/video/ Frame 0
0 111ms
99ms Other
text/plain 52.206.86.50
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trafficmanager.anyclip.com/trafficmanager/api/videos/video/action
Protocol: H2
Server: 52.206.86.50 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.komando.com
Sec-Fetch-Mode: cors

Response headers

status: 200
date: Fri, 25 Sep 2020 13:31:14 GMT
content-type: text/plain
content-length: 13
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
allow: POST,OPTIONS

POST
H2 200 action
trafficmanager.anyclip.com/trafficmanager/api/videos/video/ 0
0 98ms
98ms Fetch 52.206.86.50
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trafficmanager.anyclip.com/trafficmanager/api/videos/video/action
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.206.86.50 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/no-referrer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

status: 200
date: Fri, 25 Sep 2020 13:31:14 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
access-control-allow-headers: Content-Type
content-length: 0
access-control-allow-methods: GET,POST

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 117ms
95ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=10049&val=&wnx=1&abc=&ty=cla&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 113ms
94ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=10055&val=&wnx=1&abc=&ty=cmp&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK pause.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 758 B
1 KB 228ms
38ms Image
image/svg+xml 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/pause.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: d544eae637d61ee786c0a45bb0a7f250f9280bcd2ea1576655a761f1d397b8df

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Content-Encoding: gzip
Age: 7799
Connection: keep-alive
Content-Length: 426
x-amz-id-2: pwQ4BccTl3xu4hcG4EEqMuGkgBdLgswri452ajCrVFunhV7elfgdUd4Tx9luZcp+/EZHGwBJCMU=
Last-Modified: Thu, 09 Aug 2018 13:37:34 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: C6D5400B3114C6E3
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 15:21:15 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: COllNS2vUDfTYhxXvQJ57jWZVnnMficH
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 54ef2eb7eb3916624ec38f46b17e76d3
x-amz-meta-s3b-last-modified: 20180704T113405Z

GET
H/1.1 200
OK volume-off.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 901 B
1 KB 256ms
57ms Image
image/svg+xml 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/volume-off.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 2bf4b5202559dbe01d8188a3adb26d68755a69064f233ef63f284b08efaed6ad

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Content-Encoding: gzip
Age: 6814
Connection: keep-alive
Content-Length: 521
x-amz-id-2: Cqh+mlrONOH/wc7a/m3Q9U7Kz08wV1Yr0heatOAdYVK7gs5aXKj8UCFPjSbDcXUEfkPA9e/wI6M=
Last-Modified: Sun, 12 Aug 2018 11:52:27 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: C0D1F04334E80FDB
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 15:37:40 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: LD1v9d__0LhgJzdvbwPuMTNvxNdup1gK
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: ef2d78817944c33cb44d9cfd455ad0ce
x-amz-meta-s3b-last-modified: 20180812T115113Z

GET
H/1.1 200
OK cc-hidden.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 909 B
1 KB 99ms
36ms Image
image/svg+xml 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/cc-hidden.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 2391cc30306861b59fcdb16b83a8f427ee342e5f5d6e8299a91d586687e8bef2

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Content-Encoding: gzip
Age: 21
Connection: keep-alive
Content-Length: 458
x-amz-id-2: uxa9DFI/0a6EJQhaDHRQ/OBzyTQx2REonEpKJDsLeMKts+Px+jfRA7JRRtH9kkt9rBcF/csUnNQ=
Last-Modified: Wed, 13 Nov 2019 11:51:46 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 767E599404B79C11
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 17:30:53 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: y.QX4vCTrlpSO9kX_WB6RqB1CKq9apE_
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: db00d98da397b1e838f0e82a0b971521
x-amz-meta-s3b-last-modified: 20191113T095137Z

GET
H/1.1 200
OK fullscreen.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 1 KB
1 KB 123ms
41ms Image
image/svg+xml 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/fullscreen.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 0b7b74a139779fba8e1d17d597aa7cbffa27bd33d2b5c43d8039264c2a627412

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Content-Encoding: gzip
Age: 7752
Connection: keep-alive
Content-Length: 524
x-amz-id-2: BRh90W2EfVzECaSH5h6jfUSFDTvgYjWMypRYQrJp7lo8LXFtr2iKyo+wwxm5PYvFOhZO6qVjHDA=
Last-Modified: Thu, 09 Aug 2018 13:37:33 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: D79B0CDA8EB8F2DB
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 15:22:02 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: U03j5muVk7AbvhQemSaiRqevJSRY_Dma
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: f7dcaded14edf19973bb463a4cb5a629
x-amz-meta-s3b-last-modified: 20180704T113429Z

GET
H/1.1 200
OK next.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 729 B
1 KB 136ms
36ms Image
image/svg+xml 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/next.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 55775baf70d2f1d40bac3a60de82e8e42b7e34687802f73671f25f2f60fdc6d4

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:14 GMT
Content-Encoding: gzip
Age: 7811
Connection: keep-alive
Content-Length: 461
x-amz-id-2: aZiDwTlw4rciTlz48Jhfji0MF1tA2KOd+P1qYYUg8NE7marJLgmCvgIWPlvmWLDv8DtP+5AGNHI=
Last-Modified: Thu, 09 Aug 2018 13:37:34 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: CC3D2AF47BC35EBB
Access-Control-Allow-Origin: *
Expires: Fri, 25 Sep 2020 15:21:03 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: 9oEyfyolAdum9dgyt9Cw6qZIm50OH1cD
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: a2afe1f3a4461c42697db9e985395c55
x-amz-meta-s3b-last-modified: 20180704T113415Z

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://www.komando.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 96ms
95ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=10141&val=ad%3Dhttps%253A%252F%252Fvid.springserve.com%252Fvast%252F587900%253Fima%253D1%2526w%253D375%2526h%253D211%2526url%253Dhttps%25253A%25252F%25252Fwww.komando.com%25252Fsecurity-privacy%25252Flokibot-keylogger-spreading%25252F755764%25252F%2526cb%253D489015764%2526widgetid%253D0011r00002HG7NL_1462%2526lob%253D%2526clipid%253Difmfg53jkzewescym5gewvbwkneucskv%2526key_custom1%253D%255Ew%253D0011r00002HG7NL_1462%255Ec%253Difmfg53jkzewescym5gewvbwkneucskv%255Ei%253D1%255Eab%253D%255Ev%253D1%255Ep%253Dkomandocom%2526key_custom2%253D%255Ed%253Dwww.komando.com%255Eu%253D%255Edv%253D1%255Eco%253DFR%255Epl%253Da%2526gdpr%253D%2526consent%253D%2526viewability%253D1%2526schain%253D1.0%252C1%2521anyclip.com%252C0011r00002HG7NLAA1%252C1%252C%252C%252C%252C%2526us_privacy%253D%26rqcm%3D1%26m%3D1%26ast%3D-1%26smb%3D1%26sid%3Dd1qoaWnLVwLyznAdpOUnsnRHbmmssTel%26imaw%3D0%26amd%3D1&wnx=1&abc=&ty=arq&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a&anx=1&arx=1&crt=0&s=0&aty=vid&tty=ac&rol=mid
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:14 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 loader.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 3593 51 KB
18 KB 30ms
0ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/loader.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff372adc4cf4262bb789e8cd8c4d390bd6f2ff1e99ec9ebb9e3de24cd679ea5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:29:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 23 Sep 2020 23:32:11 GMT
server: sffe
age: 110
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18664
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:44:26 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 97ms
92ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=11866&val=&wnx=1&abc=&ty=alo&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a&anx=1&arx=1&crt=1261&s=0&aty=vid&tty=ac&rol=mid
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:16 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK lreprx.js Show response
player.anyclip.com/lreprx/js/v1/src/ Frame 3593 37 KB
11 KB 46ms
46ms Script
application/javascript 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://player.anyclip.com/lreprx/js/v1/src/lreprx.js?ad_tag=https%3A%2F%2Fvid.springserve.com%2Fvast%2F587900%3Fima%3D1%26w%3D375%26h%3D211%26url%3Dhttps%253A%252F%252Fwww.komando.com%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26cb%3D489015764%26widgetid%3D0011r00002HG7NL_1462%26lob%3D%26clipid%3Difmfg53jkzewescym5gewvbwkneucskv%26key_custom1%3D%5Ew%3D0011r00002HG7NL_1462%5Ec%3Difmfg53jkzewescym5gewvbwkneucskv%5Ei%3D1%5Eab%3D%5Ev%3D1%5Ep%3Dkomandocom%26key_custom2%3D%5Ed%3Dwww.komando.com%5Eu%3D%5Edv%3D1%5Eco%3DFR%5Epl%3Da%26gdpr%3D%26consent%3D%26viewability%3D1%26schain%3D1.0%2C1!anyclip.com%2C0011r00002HG7NLAA1%2C1%2C%2C%2C%2C%26us_privacy%3D&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&imaw=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/loader.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 786d190bd0c55665bcf263abf1513e0d3325bffaaa2668910f9ce9dcb7d7d074

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:16 GMT
Content-Encoding: gzip
Age: 54156
Connection: keep-alive
Content-Length: 10788
x-amz-id-2: OotIF0JOlK9pkAvGqxyGTuWqj4Wvhbdj+uXi4FxNgUre47SLdi+0SAkkEb+Vp6wx1PFSFc8iibw=
Last-Modified: Sun, 14 Jun 2020 07:48:29 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 66F6A40B0B30BB55
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-version-id: uZ98hYWXQewWJy5EjjmUBgYIi4NzLtdR
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: c38554a903fe16e515e31303a294c072
Expires: Thu, 24 Sep 2020 22:29:40 GMT

GET
H/1.1 200
OK 587900 Show response
vid.springserve.com/vast/ Frame 3593 3 KB
2 KB 149ms
37ms Fetch
application/xml 34.249.58.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/587900?ima=1&w=375&h=211&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&cb=489015764&widgetid=0011r00002HG7NL_1462&lob=&clipid=ifmfg53jkzewescym5gewvbwkneucskv&key_custom1=^w=0011r00002HG7NL_1462^c=ifmfg53jkzewescym5gewvbwkneucskv^i=1^ab=^v=1^p=komandocom&key_custom2=^d=www.komando.com^u=^dv=1^co=FR^pl=a&gdpr=&consent=&viewability=1&schain=1.0,1!anyclip.com,0011r00002HG7NLAA1,1,,,,&us_privacy=
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/lreprx/js/v1/src/lreprx.js?ad_tag=https%3A%2F%2Fvid.springserve.com%2Fvast%2F587900%3Fima%3D1%26w%3D375%26h%3D211%26url%3Dhttps%253A%252F%252Fwww.komando.com%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26cb%3D489015764%26widgetid%3D0011r00002HG7NL_1462%26lob%3D%26clipid%3Difmfg53jkzewescym5gewvbwkneucskv%26key_custom1%3D%5Ew%3D0011r00002HG7NL_1462%5Ec%3Difmfg53jkzewescym5gewvbwkneucskv%5Ei%3D1%5Eab%3D%5Ev%3D1%5Ep%3Dkomandocom%26key_custom2%3D%5Ed%3Dwww.komando.com%5Eu%3D%5Edv%3D1%5Eco%3DFR%5Epl%3Da%26gdpr%3D%26consent%3D%26viewability%3D1%26schain%3D1.0%2C1!anyclip.com%2C0011r00002HG7NLAA1%2C1%2C%2C%2C%2C%26us_privacy%3D&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&imaw=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.58.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-58-234.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 0575fafbd9c8d134b63206c194eb9a7347838bf1b9adf81e8508409d845c3e6e

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/client
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:16 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1344

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 93ms
93ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=12029&val=1.1.5_147_prod&wnx=1&abc=&ty=xlo&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:16 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vpaid_429b1d85.js Show response
vpaid.springserve.com/production/ Frame 3593 466 KB
97 KB 47ms
8ms Script
application/javascript 2001:4de0:ac18::1:a:2b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_429b1d85.js
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/lreprx/js/v1/src/lreprx.js?ad_tag=https%3A%2F%2Fvid.springserve.com%2Fvast%2F587900%3Fima%3D1%26w%3D375%26h%3D211%26url%3Dhttps%253A%252F%252Fwww.komando.com%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26cb%3D489015764%26widgetid%3D0011r00002HG7NL_1462%26lob%3D%26clipid%3Difmfg53jkzewescym5gewvbwkneucskv%26key_custom1%3D%5Ew%3D0011r00002HG7NL_1462%5Ec%3Difmfg53jkzewescym5gewvbwkneucskv%5Ei%3D1%5Eab%3D%5Ev%3D1%5Ep%3Dkomandocom%26key_custom2%3D%5Ed%3Dwww.komando.com%5Eu%3D%5Edv%3D1%5Eco%3DFR%5Epl%3Da%26gdpr%3D%26consent%3D%26viewability%3D1%26schain%3D1.0%2C1!anyclip.com%2C0011r00002HG7NLAA1%2C1%2C%2C%2C%2C%26us_privacy%3D&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&imaw=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 661fd034f5ef241199cf800ff2facfd19dde9b8d7fe1e04f77f085554ffa9bdb

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:16 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 14:47:35 GMT
server: AmazonS3
x-amz-request-id: D503DE7AE5E51706
etag: "e6720a3c12475b0d9ad9c52a2a1ae3ac"
x-hw: 1601040676.dop211.fr8.t,1601040676.cds206.fr8.hn,1601040676.cds097.fr8.c
content-type: application/javascript
status: 200
cache-control: max-age=2461623
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98597
x-amz-id-2: u71YoGj+oe+hZFcOyxaSvzcC7fRSyFhKQS64Zl9dFcSVq+KIE/7x/h9QiCU8XpNXA76vSyceJv0=

GET
DATA 200
OK truncated
/ 704 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9444735efef35f26725c4e3cc87b7c77970103af8999e71d427d0dbe0fe85a95

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 3593 166 B
1 KB 60ms
54ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_429b1d85.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

47319332cec2dd1c545849bff936095481b11199313f8bb31bae23e640991b09

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:17 GMT
X-Proxy-Origin: 82.102.18.235; 82.102.18.235; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.132:80
AN-X-Request-Uuid: 58b333f0-6bd3-4f89-890c-7fbeea31f227
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 166
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 204
No Content / Show response
hb.emxdgt.com/ Frame 3593 0
307 B 131ms
36ms XHR
text/html 18.196.104.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=&ts=1601040677188&src=pbjs
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_429b1d85.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.104.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 25 Sep 2020 13:31:16 GMT
Content-Type: text/html
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Access-Control-Allow-Headers: security, Content-Type
Content-Length: 0

POST ortb
bid.contextweb.com/header/ Frame 3593 0
0

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ Frame 3593 46 B
592 B 1273ms
164ms Script
text/javascript 23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?fn=indexResponse1fd271cf44&v=8.8&s=486388&r=%7B%22id%22%3A%221fd271cf44%22%2C%22site%22%3A%7B%22page%22%3A%22komando.com%22%2C%22ref%22%3A%22komando.com%22%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%220%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%2C%22video%2Fwebm%22%2C%22video%2Fogg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A200%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22w%22%3A375%2C%22h%22%3A211%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22playbackmethod%22%3A%5B3%5D%2C%22startdelay%22%3A0%7D%2C%22ext%22%3A%7B%22sid%22%3A%22pr_1_1_s%22%2C%22custom%22%3A%22videoPlayback%22%7D%2C%22bidfloor%22%3A0.75%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22anyclip.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%220011r00002HG7NLAA1%22%7D%5D%2C%22complete%22%3A1%7D%7D%7D%7D
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_429b1d85.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 441c7a013be2264df673d2a24c20c0d65d8d745f6d00480517d68b0f313de488

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:18 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 58
Expires: Fri, 25 Sep 2020 13:31:18 GMT

POST 282887
search.spotxchange.com/openrtb/2.3/dados/ Frame 3593 0
0

GET
H2 204 social
trc.taboola.com/komando/log/3/ 0
208 B 45ms
37ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/social?route=AM:AM:V&lti=deflated&ri=d59ad0b255b1d4ca75f23cfd6537b2a3&sd=v2_ef9970f7a26e1c2b3121cb8f58af6915_f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699_1601040665_1601040665_CNawjgYQ58o9GMya16vMLiABKAEwSjjE1whA7IsQSMKY2gNQ7aEPWABgAGjipqqRsq2X4nA&ui=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601040665932&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22like%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-share%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-link%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22widget%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%22%2C%22rref%22%3A%22%22%2C%22sref%22%3A%22%22%2C%22hdl%22%3A%22Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet%22%2C%22sec%22%3A%22security-privacy%22%2C%22aut%22%3A%5B%22James%20Gelinas%22%2C%22Komando.com%22%5D%2C%22img%22%3A%22https%3A%2F%2Fwww.komando.com%2Fwp-content%2Fuploads%2F2020%2F09%2Flokibot-malware.jpg%22%2C%22v%22%3A15%2C%22pw%22%3Afalse%7D%5D%7D&tim=15%3A31%3A18.229&id=7804&llvl=1&cv=20200924-16-RELEASE&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 13:31:18 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4020-HHN
pragma: no-cache
server: nginx
x-timer: S1601040678.250231,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H3-Q050 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 3593 296 KB
102 KB 31ms
18ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_429b1d85.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7db90d988f2d569ee665c1666e383f3ccb226e4532320946bb42d09702c6ed8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104172
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:18 GMT

GET
H3-Q050 200 bridge3.411.1_en.html
imasdk.googleapis.com/js/core/ Frame 0009 0
0 18ms
16ms Document
text/html 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.411.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 193074
date: Tue, 22 Sep 2020 18:42:18 GMT
expires: Wed, 22 Sep 2021 18:42:18 GMT
last-modified: Tue, 22 Sep 2020 18:32:46 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 240540
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 3593 26 KB
10 KB 58ms
23ms Script
text/javascript 2a00:1450:4001:819::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10523
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:18 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3593 109 B
168 B 27ms
26ms Script
application/javascript 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.komando.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 COMMON.css
c.evidon.com/a/ Frame D6F3 2 KB
976 B 29ms
28ms Stylesheet
text/css 95.100.73.104
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/COMMON.css?r=0.15875497672812044
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r181114
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.73.104 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-73-104.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:18 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2017 16:26:10 GMT
server: AkamaiNetStorage
status: 200
etag: "c3cc19ce8230df99c7835decc2d79ee8:1486052770"
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS,POST
content-type: text/css
access-control-allow-origin
access-control-max-age: 108000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 715

GET
H2 200 box_19_top-right.png
c.evidon.com/icon/ Frame D6F3 109 B
392 B 40ms
33ms Image
image/png 95.100.73.104
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/box_19_top-right.png
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.73.104 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-73-104.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5c99dc27d465b2f8425daee704098e7335a880b4c757bfdded09721b9054d64d

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:18 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:18 GMT
server: AkamaiNetStorage
status: 200
etag: "8c7c476ac28727b21040351fa3006c59:1360189518"
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS,POST
content-type: image/png
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 118

GET
H2 200 ci.png
c.evidon.com/icon/ Frame D6F3 581 B
880 B 40ms
32ms Image
image/png 95.100.73.104
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/ci.png
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.73.104 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-73-104.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:18 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:44 GMT
server: AkamaiNetStorage
status: 200
etag: "2697f4b848d2400cd051312585a6bf42:1360189544"
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS,POST
content-type: image/png
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 604

GET
H2 204 pixel.gif
l.betrad.com/ct/0_0_0_2532/fr/0/1/0/0/0/0/300/600/242/292/0/ Frame D6F3 0
120 B 309ms
97ms Image
text/plain 52.72.36.5
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/ct/0_0_0_2532/fr/0/1/0/0/0/0/300/600/242/292/0/pixel.gif?v=2_1&ttid=2&d=www.komando.com&r=0.11467366061619888
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.36.5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Fri, 25 Sep 2020 13:31:18 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H2 204 social
trc.taboola.com/komando/log/3/ 0
197 B 49ms
42ms Image
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/social?route=AM:AM:V&lti=deflated&ri=d59ad0b255b1d4ca75f23cfd6537b2a3&sd=v2_ef9970f7a26e1c2b3121cb8f58af6915_f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699_1601040665_1601040665_CNawjgYQ58o9GMya16vMLiABKAEwSjjE1whA7IsQSMKY2gNQ7aEPWABgAGjipqqRsq2X4nA&ui=f39fd6f0-8af8-4719-b038-a74b35dc3a15-tuct6677699&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601040665932&st=social-visible&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-share%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A1%2C%22ln%22%3A%22below-fold%22%2C%22lx%22%3A618%2C%22ly%22%3A867%2C%22m%22%3A%22stp%22%2C%22v%22%3A3%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-link%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A1%2C%22ln%22%3A%22below-fold%22%2C%22lx%22%3A586%2C%22ly%22%3A867%2C%22m%22%3A%22stp%22%2C%22v%22%3A3%7D%5D%7D&tim=15%3A31%3A18.567&id=470&llvl=1&cv=20200924-16-RELEASE&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 10
date: Fri, 25 Sep 2020 13:31:18 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4020-HHN
pragma: no-cache
server: nginx
x-timer: S1601040679.590937,VS0,VE10
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

POST
H2 200 i Show response
vid-io-dub.springserve.com/vd/ Frame 3593 0
125 B 144ms
39ms XHR
text/plain 52.212.58.206
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io-dub.springserve.com/vd/i?suuid=1fd271cf&ps_id=587900&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_429b1d85.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.58.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Fri, 25 Sep 2020 13:31:18 GMT
access-control-allow-credentials: true
server: nginx
access-control-allow-origin: https://www.komando.com
content-length: 0

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 97ms
93ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=14480&val=An+unexpected+error+occurred+within+the+VPAID+creative.+Refer+to+the+inner+error+for+more+info.+%7C%7C+Error%3A+NO_FILL&wnx=1&abc=&ty=aer&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a&anx=1&arx=1&crt=3851&s=0&aty=vid&tty=ac&rol=mid
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:19 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 102ms
94ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=15209&val=1&wnx=0&abc=&ty=crf&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:19 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame D6F3 0
190 B 58ms
58ms Image
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssCiPX05xzNsFa0tDLX5ddbVkJi2PvJvqk_kwJgPQi90slsq-9giyDlWRQ_rQSrg0hSdacDMegE_REL29LChYqhltTglTv4QJECaQIrgxCNuGHFrbshimk7w2lxcFedrjwYLj-cM6ByweqYfqbQt69Sp-8Te_LdtnQBP-IUjZt7nM2_jGrGGzSM2-QDGhQ1LQpuKiowrs_gW2MXhZtupkFGtivMZqLHCCkq7eTmxoo40-lMTh9HZdWHo-IN6nJqhwRO-WeIOc53o8HaJV-UxMIOcZc&sig=Cg0ArKJSzAclPmw1jfOqEAE&urlfix=1&adurl=

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:31:23 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:23 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 22ms
21ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020092201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

980c703ebe0da2faea2a4bb71cbafd69315ab66ab96cab54e2f9bb1e63ef4aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6555
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600730918364481"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5975
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:23 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/216/ Frame F6D2 0
0 7ms
6ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/216/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4674
date: Fri, 25 Sep 2020 13:05:54 GMT
expires: Sat, 25 Sep 2021 13:05:54 GMT
last-modified: Mon, 21 Sep 2020 21:29:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1529
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
463 B 141ms
140ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 7b83dafcd8a9c9b718d50a6b5d5dd2274a62f3d8a78c23dec5791e2d87539820

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 13:31:23 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
605 B 19ms
18ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=216&t=2&li=gpt_2020092201&jk=1786646821579299&bg=!0NOl08tYST4dy_kRJlsCAAABvlIAAAAwCgEFKZBvraSugkJ7ZDb8vnNp1zB-2UuTWMA4lOPltBn38gnZioQ1shbiVpo76NOCsB4S3Y9xdp2dCsFSQcPuuMhPRCVL7PdWJJZiQ3k4yhRCtJg6BNCrfS3N-tBijplsrHIj-uThjoMI78Si-_lZ_FJD4r4ETjbv-TOuAq4P5Ii7q8KR5lxgmbLhdH2bkiYr_qjUcYtBWe50GfQMVP5K51y4npZBWnHBkTBtUE1iCIbhpAfSphwJYGYcUTHaxnCGci70Cyd9yelicS1DYnDbKz2pe3BxCNj6Qzq_QVMdVs84_HoYty0-6QAxD7ioElM_Gvav9w-ipCyYQ7MT2hKhlmTtyO8Ysu1rmQGoABSOnvtgnlXF5KTSGe9aegT9n3KMLcTL0iD3cpbjz9zYnmy4wrJtxnOjQoVNg_zpUbaJ7eordx8IBAb-IDWnVtj-MSSY3BhDgt8FXjL-0EW8cDglRr3lk9s-WzCfXZUiFlzLKPZCA6mQPOq797YEzJY2252dmYUn4gHnzcIbHQWVQzxLVBsXDZkNdTeQFLS6dldgqVhAEKDViBNE5s9H9EEcCwnvXkhvYv5YLk1HPXnUnLIu8arKQreO2M8KNlD0Z60m5staGZusfRaBJX3AbO8hzLjEkY-QSXBDuJwa-TgPYC16oFttQU_8JZH5V3rmM_8ZyFMYAMpI2z7NYitN9LjhE1_ze8ozGGT1oc75RB6RWMaXKMuQZKoSWUPyqpH4do9hTl9Z3bwR0X9i5FLz3cYljb7jp4ML6J7XLVams3RywBNcYhf1Ao9qYPJNo1ULKa3-AsOy2IrnxvF7niq5odUBYuLW9QEktNTt6lO68aoUhxikxnmKs1510Dzi0MLc--TSk5rOfM1esV3caVN_wOxVbrIGBGT5GOtb-oA6nHAJGFfdJMXChQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 93ms
93ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=22456&val=1&wnx=0&abc=&ty=grf&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:27 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 93ms
93ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=24678&val=ad%3Dhttps%253A%252F%252Fvid.springserve.com%252Fvast%252F587900%253Fima%253D1%2526w%253D375%2526h%253D211%2526url%253Dhttps%25253A%25252F%25252Fwww.komando.com%25252Fsecurity-privacy%25252Flokibot-keylogger-spreading%25252F755764%25252F%2526cb%253D7944675%2526widgetid%253D0011r00002HG7NL_1462%2526lob%253D%2526clipid%253Difmfg53jkzewescym5gewvbwkneucskv%2526key_custom1%253D%255Ew%253D0011r00002HG7NL_1462%255Ec%253Difmfg53jkzewescym5gewvbwkneucskv%255Ei%253D1%255Eab%253D%255Ev%253D1%255Ep%253Dkomandocom%2526key_custom2%253D%255Ed%253Dwww.komando.com%255Eu%253D%255Edv%253D1%255Eco%253DFR%255Epl%253Da%2526gdpr%253D%2526consent%253D%2526viewability%253D1%2526schain%253D1.0%252C1%2521anyclip.com%252C0011r00002HG7NLAA1%252C1%252C%252C%252C%252C%2526us_privacy%253D%26rqcm%3D1%26m%3D1%26ast%3D-1%26smb%3D1%26sid%3Dd1qoaWnLVwLyznAdpOUnsnRHbmmssTel%26imaw%3D0%26amd%3D1&wnx=1&abc=&ty=arq&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a&anx=2&arx=2&crt=14004&s=0&aty=vid&tty=ac&rol=mid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:29 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

POST
H2 204 perf Show response
trc-events.taboola.com/komando/log/3/ 0
424 B 25ms
25ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/komando/log/3/perf?route=AM%3AAM%3AV&lti=deflated
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:29 GMT
server: nginx
x-fastly-to-nlb-rtt: 14051
status: 204
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
tbl-x-upstream: 10.40.0.111:10213

GET
H2 200 loader.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 92D7 51 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/loader.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff372adc4cf4262bb789e8cd8c4d390bd6f2ff1e99ec9ebb9e3de24cd679ea5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:29:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 23 Sep 2020 23:32:11 GMT
server: sffe
age: 123
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18664
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:44:26 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 93ms
93ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=24802&val=&wnx=1&abc=&ty=alo&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a&anx=2&arx=2&crt=14128&s=0&aty=vid&tty=ac&rol=mid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:29 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK lreprx.js Show response
player.anyclip.com/lreprx/js/v1/src/ Frame 92D7 37 KB
11 KB 46ms
45ms Script
application/javascript 178.79.242.139
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://player.anyclip.com/lreprx/js/v1/src/lreprx.js?ad_tag=https%3A%2F%2Fvid.springserve.com%2Fvast%2F587900%3Fima%3D1%26w%3D375%26h%3D211%26url%3Dhttps%253A%252F%252Fwww.komando.com%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26cb%3D7944675%26widgetid%3D0011r00002HG7NL_1462%26lob%3D%26clipid%3Difmfg53jkzewescym5gewvbwkneucskv%26key_custom1%3D%5Ew%3D0011r00002HG7NL_1462%5Ec%3Difmfg53jkzewescym5gewvbwkneucskv%5Ei%3D1%5Eab%3D%5Ev%3D1%5Ep%3Dkomandocom%26key_custom2%3D%5Ed%3Dwww.komando.com%5Eu%3D%5Edv%3D1%5Eco%3DFR%5Epl%3Da%26gdpr%3D%26consent%3D%26viewability%3D1%26schain%3D1.0%2C1!anyclip.com%2C0011r00002HG7NLAA1%2C1%2C%2C%2C%2C%26us_privacy%3D&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&imaw=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/loader.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.139 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-139.fra.llnw.net
Software: AmazonS3 /
Resource Hash: 786d190bd0c55665bcf263abf1513e0d3325bffaaa2668910f9ce9dcb7d7d074

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:29 GMT
Content-Encoding: gzip
Age: 54169
Connection: keep-alive
Content-Length: 10788
x-amz-id-2: OotIF0JOlK9pkAvGqxyGTuWqj4Wvhbdj+uXi4FxNgUre47SLdi+0SAkkEb+Vp6wx1PFSFc8iibw=
Last-Modified: Sun, 14 Jun 2020 07:48:29 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 66F6A40B0B30BB55
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-version-id: uZ98hYWXQewWJy5EjjmUBgYIi4NzLtdR
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: 587cdfacb2c63a03bba4e01741108ef4
Expires: Thu, 24 Sep 2020 22:29:40 GMT

GET
H/1.1 200
OK 587900 Show response
vid.springserve.com/vast/ Frame 92D7 2 KB
2 KB 38ms
37ms Fetch
application/xml 34.249.58.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/587900?ima=1&w=375&h=211&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&cb=7944675&widgetid=0011r00002HG7NL_1462&lob=&clipid=ifmfg53jkzewescym5gewvbwkneucskv&key_custom1=^w=0011r00002HG7NL_1462^c=ifmfg53jkzewescym5gewvbwkneucskv^i=1^ab=^v=1^p=komandocom&key_custom2=^d=www.komando.com^u=^dv=1^co=FR^pl=a&gdpr=&consent=&viewability=1&schain=1.0,1!anyclip.com,0011r00002HG7NLAA1,1,,,,&us_privacy=
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/lreprx/js/v1/src/lreprx.js?ad_tag=https%3A%2F%2Fvid.springserve.com%2Fvast%2F587900%3Fima%3D1%26w%3D375%26h%3D211%26url%3Dhttps%253A%252F%252Fwww.komando.com%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26cb%3D7944675%26widgetid%3D0011r00002HG7NL_1462%26lob%3D%26clipid%3Difmfg53jkzewescym5gewvbwkneucskv%26key_custom1%3D%5Ew%3D0011r00002HG7NL_1462%5Ec%3Difmfg53jkzewescym5gewvbwkneucskv%5Ei%3D1%5Eab%3D%5Ev%3D1%5Ep%3Dkomandocom%26key_custom2%3D%5Ed%3Dwww.komando.com%5Eu%3D%5Edv%3D1%5Eco%3DFR%5Epl%3Da%26gdpr%3D%26consent%3D%26viewability%3D1%26schain%3D1.0%2C1!anyclip.com%2C0011r00002HG7NLAA1%2C1%2C%2C%2C%2C%26us_privacy%3D&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&imaw=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.58.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-58-234.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 8013c0d5234bb1fc24e8fc107d0dd7ab14478314a1583d36e91d46c17bf6b535

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/client
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 25 Sep 2020 13:31:29 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1219

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 93ms
93ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=24873&val=1.1.5_147_prod&wnx=1&abc=&ty=xlo&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:29 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vpaid_429b1d85.js Show response
vpaid.springserve.com/production/ Frame 92D7 466 KB
96 KB 8ms
7ms Script
application/javascript 2001:4de0:ac18::1:a:2b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_429b1d85.js
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/lreprx/js/v1/src/lreprx.js?ad_tag=https%3A%2F%2Fvid.springserve.com%2Fvast%2F587900%3Fima%3D1%26w%3D375%26h%3D211%26url%3Dhttps%253A%252F%252Fwww.komando.com%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26cb%3D7944675%26widgetid%3D0011r00002HG7NL_1462%26lob%3D%26clipid%3Difmfg53jkzewescym5gewvbwkneucskv%26key_custom1%3D%5Ew%3D0011r00002HG7NL_1462%5Ec%3Difmfg53jkzewescym5gewvbwkneucskv%5Ei%3D1%5Eab%3D%5Ev%3D1%5Ep%3Dkomandocom%26key_custom2%3D%5Ed%3Dwww.komando.com%5Eu%3D%5Edv%3D1%5Eco%3DFR%5Epl%3Da%26gdpr%3D%26consent%3D%26viewability%3D1%26schain%3D1.0%2C1!anyclip.com%2C0011r00002HG7NLAA1%2C1%2C%2C%2C%2C%26us_privacy%3D&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&imaw=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 661fd034f5ef241199cf800ff2facfd19dde9b8d7fe1e04f77f085554ffa9bdb

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:29 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 14:47:35 GMT
server: AmazonS3
x-amz-request-id: D503DE7AE5E51706
etag: "e6720a3c12475b0d9ad9c52a2a1ae3ac"
x-hw: 1601040689.dop211.fr8.t,1601040689.cds206.fr8.hn,1601040689.cds097.fr8.c
content-type: application/javascript
status: 200
cache-control: max-age=2461610
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98597
x-amz-id-2: u71YoGj+oe+hZFcOyxaSvzcC7fRSyFhKQS64Zl9dFcSVq+KIE/7x/h9QiCU8XpNXA76vSyceJv0=

POST
H/1.1 204
No Content / Show response
hb.emxdgt.com/ Frame 92D7 0
307 B 129ms
46ms XHR
text/html 18.196.104.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=&ts=1601040689623&src=pbjs
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_429b1d85.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.104.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 25 Sep 2020 13:31:29 GMT
Content-Type: text/html
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Access-Control-Allow-Headers: security, Content-Type
Content-Length: 0

POST
H2 204 ortb Show response
bid.contextweb.com/header/ Frame 92D7 0
503 B 120ms
120ms XHR
text/plain 198.148.27.134
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/ortb?src=prebid
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_429b1d85.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.148.27.134 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:31:29 GMT
server: envoy
status: 204
cwdl: 22/4211
access-control-allow-origin: https://www.komando.com
access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-credentials: true
x-envoy-upstream-service-time: 27
cw-server: bid-deployment-8694d784f8-sk9dm

GET
H3-Q050 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 92D7 296 KB
102 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_429b1d85.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7db90d988f2d569ee665c1666e383f3ccb226e4532320946bb42d09702c6ed8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104172
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:29 GMT

GET
H3-Q050 200 bridge3.411.1_en.html
imasdk.googleapis.com/js/core/ Frame 213D 0
0 6ms
6ms Document
text/html 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.411.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 193074
date: Tue, 22 Sep 2020 18:42:18 GMT
expires: Wed, 22 Sep 2021 18:42:18 GMT
last-modified: Tue, 22 Sep 2020 18:32:46 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 240551
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 92D7 26 KB
10 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:819::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10523
x-xss-protection: 0
expires: Fri, 25 Sep 2020 13:31:29 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 92D7 109 B
168 B 15ms
15ms Script
application/javascript 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.komando.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 13:31:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

POST
H2 200 i Show response
vid-io-dub.springserve.com/vd/ Frame 92D7 0
125 B 116ms
37ms XHR
text/plain 52.212.58.206
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io-dub.springserve.com/vd/i?suuid=f8c1bd6d&ps_id=587900&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_429b1d85.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.58.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Fri, 25 Sep 2020 13:31:30 GMT
access-control-allow-credentials: true
server: nginx
access-control-allow-origin: https://www.komando.com
content-length: 0

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 93ms
92ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=25507&val=An+unexpected+error+occurred+within+the+VPAID+creative.+Refer+to+the+inner+error+for+more+info.+%7C%7C+Error%3A+NO_FILL&wnx=1&abc=&ty=aer&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a&anx=2&arx=2&crt=14833&s=0&aty=vid&tty=ac&rol=mid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 132 B
513 B 193ms
191ms XHR
text/javascript 13.226.159.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&pid=ugoQacFMpuhUL&cb=1&ws=1600x1200&v=7.54.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22970x90%22%2C%22728x90%22%2C%221x1%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Adhesion%22%7D%5D&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-204.dus51.r.cloudfront.net
Software: Server /
Resource Hash: 10c289346cba2ae0c51c938075b153e9305663ab39dd652205ba2e401e587ea3

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:35 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: DUS51-C1
status: 200
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 137
via: 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
x-amz-cf-id: ZbMCAxom3sENJLZlX7TifF_2-rPu4oJCCJH2ROdezffI3dDbGgOmyA==

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
191 B 21ms
20ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:31:35 GMT
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
cf-ray: 5d851b395c1408ab-CDG
access-control-allow-headers: Content-Type, Origin
cf-request-id: 05670f57d5000008ab44bf4200000001

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 101ms
48ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

97f7c6bfa4148cab659ebbe8c7eb849c5ba5f9ae12ff9ab9295c9dd475d7c3b5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:35 GMT
X-Proxy-Origin: 82.102.18.235; 82.102.18.235; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.90:80
AN-X-Request-Uuid: b812421b-04c1-42b9-81d7-ab21cbff4bf9
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 prebid Show response
ads.yieldmo.com/exchange/ 0
224 B 42ms
39ms XHR
text/plain 52.209.188.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/exchange/prebid?p=%5B%7B%22placement_id%22%3A%22Komando_Adhesion%22%2C%22callback_id%22%3A%2277b63eec7cef303%22%2C%22sizes%22%3A%5B%5B1%2C1%5D%2C%5B728%2C90%5D%2C%5B970%2C90%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%5D&page_url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&bust=1601040695251&pr=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&scrd=1&dnt=false&e=0&description=If%20your%20device%20is%20infected%20with%20Lokibot%20malware%2C%20kiss%20your%20credit%20cards%20goodbye.%20This%20keylogger%20can%20capture%20everything%20you%20type.&title=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3Afalse%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=8c27c76c-13c4-44cc-94ce-925d6106a7e5&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.188.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-188-101.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:35 GMT
status: 204
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
x-robots-tag: none,NOINDEX,NOFOLLOW
access-control-request-headers: Cache-Control, Pragma

POST 25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 0
0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 104ms
54ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

ee387ae33b68d8bef44de7fb33566d68e19b7e5e28b62b5f9fb1fe1150378f8a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:35 GMT
X-Proxy-Origin: 82.102.18.235; 82.102.18.235; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.237:80
AN-X-Request-Uuid: 5643a34a-38fd-49c5-9681-98f8fa1e322a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 4 KB
4 KB 222ms
129ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=2&alt_size_ids=55%2C221&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=b1f06534-fc98-4ca2-8280-65e6d2c6681d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.036470042810677006
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: baf274876d048857e998e0f18399bc589aa374602d41ce0b7e8e6371d41a6dc1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:35 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 2249
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 132 B
513 B 178ms
178ms XHR
text/javascript 13.226.159.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&pid=ugoQacFMpuhUL&cb=2&ws=1600x1200&v=7.54.00&t=1000&slots=%5B%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Leaderboard_1%22%7D%5D&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-204.dus51.r.cloudfront.net
Software: Server /
Resource Hash: e77c417c9fc9dcc933e5efb242db4d753ec2f56bc6de6cecf98b840ed43520f8

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:35 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: DUS51-C1
status: 200
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 137
via: 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
x-amz-cf-id: oRMIlK7NbfTru3fTKRE_cAS_csnAuTPHjK9UQiifb7YaykHdS-exBA==

GET
H2 204 prebid Show response
ads.yieldmo.com/exchange/ 0
224 B 39ms
38ms XHR
text/plain 52.209.188.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/exchange/prebid?p=%5B%7B%22placement_id%22%3A%22Komando_Leaderboard_1%22%2C%22callback_id%22%3A%2285907ad106df8c3%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%5D&page_url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&bust=1601040695278&pr=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&scrd=1&dnt=false&e=0&description=If%20your%20device%20is%20infected%20with%20Lokibot%20malware%2C%20kiss%20your%20credit%20cards%20goodbye.%20This%20keylogger%20can%20capture%20everything%20you%20type.&title=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3Afalse%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=8c27c76c-13c4-44cc-94ce-925d6106a7e5&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.188.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-209-188-101.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:35 GMT
status: 204
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
x-robots-tag: none,NOINDEX,NOFOLLOW
access-control-request-headers: Cache-Control, Pragma

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
476 B 137ms
137ms XHR
application/json 35.157.104.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=3.26.0&referrer=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tmax=1200&gdpr=false

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.104.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-104-14.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 13:31:35 GMT
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.komando.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 100ms
47ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

254db6c803801a08fcdbaa986cc77e0a67a47b04a16714ede25ef1f1eabfff57

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:35 GMT
X-Proxy-Origin: 82.102.18.235; 82.102.18.235; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.238:80
AN-X-Request-Uuid: 2acbb047-bd82-4cc6-afb9-68a5c00a3ca1
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 100ms
51ms XHR
text/plain 52.58.195.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=9MEQZN2deHJrCcpvbkL54Zkc&bidId=9181df0deba0c57&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.195.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-195-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Fri, 25 Sep 2020 13:31:35 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

POST 25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 0
0

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
62 B 31ms
31ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 25 Sep 2020 13:31:35 GMT
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
cf-ray: 5d851b399cb208ab-CDG
access-control-allow-headers: Content-Type, Origin
cf-request-id: 05670f57ff000008ab44bf9200000001

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 93ms
44ms XHR
application/json 185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

ef43f23d8a5175941499ee0ec062770e14185148877cfaa5cb486d907cd766b1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:35 GMT
X-Proxy-Origin: 82.102.18.235; 82.102.18.235; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.247:80
AN-X-Request-Uuid: 0a071c35-1bd3-4599-bb4d-6b4949290f59
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 4 KB
4 KB 198ms
103ms XHR
application/json 69.173.144.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=2&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=2453636e-1005-497d-9a84-35234caea3d8&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8610678627145194
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: f53a5a2ba9b5d545b91915dabe0f4553beebfa3e86b3f52abe9922e4e4e4211b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 25 Sep 2020 13:31:35 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 2233
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 48 KB
11 KB 399ms
398ms XHR
text/plain 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1786646821579299&correlator=1723921295001399&output=ldjh&impl=fifs&adsid=NT&hxva=1&scor=1045951232413782&eid=21067517%2C21067414&vrg=2020092201&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200925&iu_parts=15184186%2CKomando_Leaderboard_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=29&rcs=1&prev_scp=fsrefresh%3Dtrue%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%26fspbg%3Dfreestar%26freestar_path%3D%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26freestar_domain%3Dkomando.com%26custom_bidder_size%3Drubicon_728x90%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.08%26hb_adid%3D100dc971ab713a83%26hb_bidder%3Drubicon&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1601040695&dt=1601040695502&dlt=1601040664332&idt=1722&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=944&adks=2773792623&ucis=6&ifi=6&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&dssz=74&icsg=9261088716&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1263x112&msz=1241x90&psts=AGkb-H-49eXnPi72-UUOZZ9mYzosljXpymXc4BiH3yDk705RxHQcPJfuiPQVOlcveQacqGTe5tXbg0VxAIJO207KDU3lc4MQ&ga_vid=1548064432.1601040665&ga_sid=1601040667&ga_hid=1147930810&fws=4&ohw=1600&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

d0e9c7d4dd5f2a37d2ad910e903e9f20bd8dc3acda710f5b76f41f0e7849b379

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11042
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 56 KB
12 KB 712ms
711ms XHR
text/plain 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1786646821579299&correlator=1723921295001399&output=ldjh&impl=fifs&adsid=NT&hxva=1&scor=1045951232413782&eid=21067517%2C21067414&vrg=2020092201&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200925&iu_parts=15184186%2CKomando_Adhesion&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1%7C728x90%7C970x90&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D2%26amznp%3D2%26fsbid%3D0%26fspbg%3Dfreestar%26freestar_path%3D%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26freestar_domain%3Dkomando.com%26custom_bidder_size%3Drubicon_728x90%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.08%26hb_adid%3D59b22b092eb15c4%26hb_bidder%3Drubicon&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1601040695&dt=1601040695525&dlt=1601040664332&idt=1722&frm=20&biw=1600&bih=1200&oid=3&adxs=800&adys=1199&adks=1494144272&ucis=7&ifi=7&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&dssz=74&icsg=9261088716&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x-1&msz=1600x-1&psts=AGkb-H-49eXnPi72-UUOZZ9mYzosljXpymXc4BiH3yDk705RxHQcPJfuiPQVOlcveQacqGTe5tXbg0VxAIJO207KDU3lc4MQ&ga_vid=1548064432.1601040665&ga_sid=1601040667&ga_hid=1147930810&fws=516&ohw=1600&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

bd90fb7f8878dcb6dcb03917f919ef09ebbdeb7bf5fde4624e8946868da320c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:36 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11860
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
463 B 125ms
124ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 631b0fbf40957784459e751dcd409e54c02f815b9e3a0839d61a58d240bf1eb3

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 13:31:35 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 93ms
92ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=31239&val=&wnx=1&abc=&ty=c20&v=1&ext=1&ta=1&lnx=0&sid=d1qoaWnLVwLyznAdpOUnsnRHbmmssTel&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 13:31:35 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009010507000/ Frame DB47 206 KB
57 KB 33ms
5ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 97495
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57296
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9e379dcbf00ec980"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:40 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame DB47 16 KB
6 KB 45ms
18ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 97468
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:07 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame DB47 95 KB
29 KB 44ms
16ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 97456
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:19 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame DB47 4 KB
2 KB 42ms
15ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 97457
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:27:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:27:18 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009010507000/v0/ Frame DB47 47 KB
14 KB 40ms
14ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 97489
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Thu, 24 Sep 2020 10:26:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Sep 2021 10:26:46 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame DB47 5 KB
738 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 11:56:21 GMT
server: ESF
date: Fri, 25 Sep 2020 13:31:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Sep 2020 13:31:35 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame DB47 5 KB
761 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 11:57:47 GMT
server: ESF
date: Fri, 25 Sep 2020 13:31:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Sep 2020 13:31:35 GMT

GET
DATA 200
OK truncated
/ Frame DB47 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 64d5ad9d5206906d2bebc7d7d9d3258f6afb1d86bb30246880001d1df9674d8c

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 16380974775579898341
tpc.googlesyndication.com/daca_images/simgad/ Frame DB47 55 KB
55 KB 10ms
7ms Image
image/jpeg 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/16380974775579898341

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c8556aa78d5519f1304e424a4bde6b42942dfc33bcd12c10d4032dd8e029c22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 10:45:51 GMT
x-content-type-options: nosniff
age: 182744
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56205
x-xss-protection: 0
last-modified: Thu, 16 Jun 2016 00:42:12 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Sep 2021 10:45:51 GMT

GET
H2 200 40933678460698624
tpc.googlesyndication.com/simgad/ Frame DB47 1 KB
898 B 9ms
7ms Image
image/svg+xml 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/40933678460698624

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09fba596f1ba572cf4b3ceb9c1f3962d1b75bbb4a6d6d7707f1f93e2fe889aee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 12:20:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177078
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 728
x-xss-protection: 0
last-modified: Thu, 26 Oct 2017 18:18:20 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Sep 2021 12:20:17 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DB47 0
0 42ms
40ms Image
text/html 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C9EF0N_FtX7_iIbWhrATuv4noD-b9lMxNlKvI4KACwI23ARABINrXxTlg-4GAgIgKoAHEx4y_A8gBAeACAKgDAcgDCqoEkgJP0AN2zU8MpivJq2XCRHp6zWUB4WkW-xRUAGxMBJFf1UJ0xsKpR1_1ZXAQfSxqS0So6BX0gPxXp3svZ54LTILpCVoYYIiSSx4QADoOlpyLn-xgUL8fZPMyORybN7aUVhMTiQ6difF6w8kIYx76Y_cq2S3W_wCTFYB7o54vTQ_akb41EzR1ekGNFK51pU-B-aUbEbX2tBXyljjK0SVEysx72RiRiCibCxMOoW7khaQN81-gWvD0D8k3MgDFZUe8IgePZWlHDL-tVSszkFQp8QCpnUOf1ps-EwvJk4-or3nkhZwWIeBVEZCFUM7slSFBl0QJ0jDBT8_2Kp41nfHpXTCk8-JtlznGEStPGvyc7t-Jo53QwATE8MC_ZeAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBgAekuPNAqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEM3nCdIICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tOTUzMTM3OTk4MjE3OTc2MIAKA8gLAbIMFHB1Yi0zNjA1MjU3MzYwODUzMTg12BMC&sigh=E3oMk9q6wd8&tpd=AGWhJmsIvNCEBaeeQzdx70StQnnJuq89Owc3bnHI53ssJeGnNg
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s22-in-f162.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame DB47 0
0 15ms
14ms Image
text/html 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSe3fIZSBgkTI_t6QAjsQWtZKZZDp8NxfKv_dEFWL-mlyyPyjrNO0Lw3t75Ms6qjzvbFxbQ
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DB47 2 KB
3 KB 8ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8557
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 26 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DB47 295 B
509 B 10ms
9ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57877
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 25 Sep 2020 21:26:58 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame DB47 11 KB
11 KB 18ms
15ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 09:06:19 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 361516
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 21 Sep 2021 09:06:19 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame DB47 11 KB
11 KB 18ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 10:07:04 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 357871
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Tue, 21 Sep 2021 10:07:04 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame DB47
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
39ms

Image
text/html

2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Fri, 25 Sep 2020 13:31:36 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 16380974775579898341
tpc.googlesyndication.com/daca_images/simgad/ Frame DB47 55 KB
55 KB 10ms
8ms Image
image/jpeg 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/16380974775579898341

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c8556aa78d5519f1304e424a4bde6b42942dfc33bcd12c10d4032dd8e029c22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 10:45:51 GMT
x-content-type-options: nosniff
age: 182745
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56205
x-xss-protection: 0
last-modified: Thu, 16 Jun 2016 00:42:12 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Sep 2021 10:45:51 GMT

GET
H3-Q050 200 40933678460698624
tpc.googlesyndication.com/simgad/ Frame DB47 1 KB
869 B 7ms
6ms Image
image/svg+xml 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/40933678460698624

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09fba596f1ba572cf4b3ceb9c1f3962d1b75bbb4a6d6d7707f1f93e2fe889aee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 12:20:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177079
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 728
x-xss-protection: 0
last-modified: Thu, 26 Oct 2017 18:18:20 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Sep 2021 12:20:17 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DB47 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 8558
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 26 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DB47 295 B
324 B 8ms
7ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57878
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 25 Sep 2020 21:26:58 GMT

POST
H2 204 fullPageRevenue Show response
trc.taboola.com/komando/log/3/ 0
264 B 39ms
38ms XHR
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/log/3/fullPageRevenue
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 8
date: Fri, 25 Sep 2020 13:31:36 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4020-HHN
pragma: no-cache
server: nginx
x-timer: S1601040696.156876,VS0,VE8
content-type: image/gif
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
335 B 135ms
134ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 631b0fbf40957784459e751dcd409e54c02f815b9e3a0839d61a58d240bf1eb3

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 13:31:36 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/022009010507000/ Frame 9FBF 206 KB
56 KB 30ms
15ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022009010507000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2b10fb279adbcdcc16000ee52100f323dcebcc29973abf7936222c3c028a29e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 236045
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57330
x-xss-protection: 0
server: sffe
date: Tue, 22 Sep 2020 19:57:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "17f31bdc58839121"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Sep 2021 19:57:31 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/022009010507000/v0/ Frame 9FBF 16 KB
7 KB 27ms
13ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022009010507000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 236045
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Tue, 22 Sep 2020 19:57:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c8394c73e5080432"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Sep 2021 19:57:31 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/022009010507000/v0/ Frame 9FBF 95 KB
29 KB 32ms
18ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022009010507000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 236045
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29275
x-xss-protection: 0
server: sffe
date: Tue, 22 Sep 2020 19:57:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "56557b91d9fb04b1"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Sep 2021 19:57:31 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/022009010507000/v0/ Frame 9FBF 4 KB
2 KB 28ms
15ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022009010507000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 235989
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1795
x-xss-protection: 0
server: sffe
date: Tue, 22 Sep 2020 19:58:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0cc102b09e8903d"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Sep 2021 19:58:27 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/022009010507000/v0/ Frame 9FBF 47 KB
14 KB 32ms
18ms Script
text/javascript 2a00:1450:4001:81e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/022009010507000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 235989
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14591
x-xss-protection: 0
server: sffe
date: Tue, 22 Sep 2020 19:58:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4ca25f57e218a94a"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Sep 2021 19:58:27 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 9FBF 4 KB
705 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=optional

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6d573851cf7e01f2f62cc1da7f3961e45baac2e6776f8e9cab16ba120233d721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 12:50:49 GMT
server: ESF
date: Fri, 25 Sep 2020 13:31:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Sep 2020 13:31:36 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9FBF 295 B
319 B 6ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 57878
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 25 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame 9FBF 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83d01ea9a0d24c513c44baf39a64527f9fa8da8ec2011e591740a09d9f2cc094

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 en_bl.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9FBF 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en_bl.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 25 Sep 2020 02:38:56 GMT
x-content-type-options: nosniff
server: cafe
age: 39160
etag: 11660698925711390587
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2471
x-xss-protection: 0
expires: Sat, 26 Sep 2020 02:38:56 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9FBF 0
0 36ms
36ms Image
text/html 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CDAHTN_FtX5j2NaPH3gP5n4XgDfqlxbRf-ZO4968MuLmy_bMhEAEg15WNAmD7gYCAiAqgAa6SwMsDyAEB4AIAqAMByAMKqgSNAk_QIfubOI3yFQUQU1DgUl_X_RtP9dRG0rcdGP6Se4YsJzWn-_rX0YaBfB5PesnYdrgW7s-FzWI06mL0VMwwVDxR5hDu6C2xJ-oscNCGDsG-LFHYwzm9w4mtjIJyeCrxwOLtDpAVtSBMz0Gw-xt55tmIyCMwHsRjBoHVkE2Q83rhgfDx_kYJUQz35Zc07RycNcCjpwfXkB2AmOv_CcOoFOBIdwDr1GKzDLfcCA8esjspLVr1UBA190-Kxoz6L_Zit4DIuTcBxewh9E3cAymk_2SexSUM_jrsh-ITgwLJcFCgRmNchvnkxxYi8xmv30TD2O96SN1mNBHozFCiIwzW8AnVInDTbtPHNoUaUPGowAS955j2igPgBAGSBQQIBBgBkgUECAUYBIAHuu2_NKgHjs4bqAfVyRuoB5PYG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAfIHBBCrux7SCAkIgOGAUBABGB2ACgHICwGyDBRwdWItMTU4MTg3MTUyNzYyODA2NtgTDIgUAQ&sigh=rL6Pc1qOfrE&tpd=AGWhJmvfMPW664WLu7gfAPM7H9j9vEXj41s3rC9DLCIG6tZDew
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.23.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s22-in-f162.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame 9FBF 14 KB
14 KB 28ms
14ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=optional

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=optional
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 11:04:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:26 GMT
server: sffe
age: 354433
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14608
x-xss-protection: 0
expires: Tue, 21 Sep 2021 11:04:23 GMT

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
fonts.gstatic.com/s/googlesans/v16/ Frame 9FBF 14 KB
15 KB 27ms
13ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=optional

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=optional
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 11:04:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Dec 2019 18:44:18 GMT
server: sffe
age: 354442
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14816
x-xss-protection: 0
expires: Tue, 21 Sep 2021 11:04:14 GMT

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 9FBF
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
38ms

Image
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Fri, 25 Sep 2020 13:31:36 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

POST
H2 204 fullPageRevenue Show response
trc.taboola.com/komando/log/3/ 0
56 B 36ms
36ms XHR
image/gif 151.101.113.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/log/3/fullPageRevenue
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 9
date: Fri, 25 Sep 2020 13:31:36 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-hhn4020-HHN
pragma: no-cache
server: nginx
x-timer: S1601040696.472438,VS0,VE9
content-type: image/gif
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
335 B 124ms
124ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 631b0fbf40957784459e751dcd409e54c02f815b9e3a0839d61a58d240bf1eb3

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Fri, 25 Sep 2020 13:31:36 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.hb.ad.cpe.dotomi.com
URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25

Domain: bid.contextweb.com
URL: https://bid.contextweb.com/header/ortb?src=prebid

Domain: search.spotxchange.com
URL: https://search.spotxchange.com/openrtb/2.3/dados/282887

Domain: web.hb.ad.cpe.dotomi.com
URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25

Domain: web.hb.ad.cpe.dotomi.com
URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25

Verdicts & Comments Add Verdict or Comment

317 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.doubleclick.net/	1970-01-19 12:44:01	Name: test_cookie Value: CheckForPermission

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://sdk.jeeng.com/v3.js(Line 2) Message: %c2020-09-25T13:31:04.889Z %c[INFO] %cJeeng: %cupdateServiceWorker: Force Popup. Stopping. color:DimGrey color:LimeGreen color:Black; font-weight: bold :
console-api	log	URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 1) Message: Video gallery initializing
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js?21067517(Line 6) Message: Invalid GPT fixed size specification: []
console-api	info	URL: https://a.pub.network/komando-com/pubfig.min.js(Line 1) Message: %cPubfig background: #00C389; color: #fff; border-radius: 3px; padding: 3px pubfig.messaging.js - Init ========== LOADING MESSAGING ==========
console-api	log	URL: https://sdk.jeeng.com/v3.js(Line 2) Message: %c2020-09-25T13:31:10.764Z %c[INFO] %cJeeng: %cProfiler: No user visits data to send... Stopping. color:DimGrey color:LimeGreen color:Black; font-weight: bold :
console-api	log	URL: https://sdk.jeeng.com/v3.js(Line 2) Message: %c2020-09-25T13:31:10.764Z %c[INFO] %cJeeng: %cProfiler: No Channels subscriptions yet. Stopping. color:DimGrey color:LimeGreen color:Black; font-weight: bold :
console-api	log	URL: https://sdk.jeeng.com/v3.js(Line 2) Message: %c2020-09-25T13:31:10.765Z %c[INFO] %cJeeng: %cWidgets.browserNotificationModal: No push support. color:DimGrey color:LimeGreen color:Black; font-weight: bold :
console-api	info	URL: https://cdn.ampproject.org/rtv/012009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
console-api	info	URL: https://cdn.ampproject.org/rtv/022009010507000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009010507000 https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
aax-eu.amazon-adsystem.com
accounts.google.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.w55c.net
ads.yieldmo.com
adservice.google.com
adservice.google.de
am-sync.taboola.com
anyclip-player.s3.amazonaws.com
api.pinterest.com
api.stack-sonar.com
apis.google.com
as-sec.casalemedia.com
assets.anyclip.com
b1sync.zemanta.com
backend.upapi.net
beacon-eu2.rubiconproject.com
bh.contextweb.com
bid.contextweb.com
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c.evidon.com
c.pub.network
cdn.ampproject.org
cdn.districtm.io
cdn.taboola.com
cdn5.anyclip.com
cds.taboola.com
ce.lijit.com
cm.g.doubleclick.net
config.anyclip.com
connect.facebook.net
cookie-cdn.cookiepro.com
cti.w55c.net
d.pub.network
d4a9e844630148f59cbb2afdc494b4c0.safeframe.googlesyndication.com
dmx.districtm.io
dsp.adkernel.com
e1.emxdgt.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-io.videoplayerhub.com
googleads.g.doubleclick.net
graph.facebook.com
hb.emxdgt.com
hbx.media.net
i.w55c.net
ib.adnxs.com
imasdk.googleapis.com
l.betrad.com
lreprx-server.anyclip.com
match.adsrvr.org
match.taboola.com
mrb.upapi.net
p.rfihub.com
pagead2.googlesyndication.com
pixel.anyclip.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.wp.com
platform.twitter.com
player.anyclip.com
px.powerlinks.com
rtb-csync.smartadserver.com
rtb.mfadsrvr.com
rules.quantcount.com
s0.2mdn.net
sb.scorecardresearch.com
script.crazyegg.com
sdk.jeeng.com
search.spotxchange.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
ssl.gstatic.com
stags.bluekai.com
stats.g.doubleclick.net
stats.wp.com
sync-t1.taboola.com
sync.mathtag.com
sync.taboola.com
syndication.twitter.com
t.myvisualiq.net
tlx.3lift.com
tpc.googlesyndication.com
tps.doubleverify.com
trafficmanager.anyclip.com
trc-events.taboola.com
trc.taboola.com
users.api.jeeng.com
vid-io-dub.springserve.com
vid.springserve.com
vpaid.springserve.com
web.hb.ad.cpe.dotomi.com
widget-modal-popup-v2-prod.firebaseapp.com
widget.perfectmarket.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.komando.com
www.stack-sonar.com
www.storygize.net
www.youtube.com
x.bidswitch.net
bid.contextweb.com
search.spotxchange.com
web.hb.ad.cpe.dotomi.com
104.111.230.142
104.16.190.66
104.244.42.200
13.226.159.204
130.211.23.194
141.226.224.32
141.226.228.48
151.101.113.44
151.101.12.84
151.101.13.181
151.101.65.195
172.217.23.162
172.217.23.98
174.137.133.49
178.79.227.9
178.79.242.139
18.194.69.213
18.195.155.181
18.196.104.43
185.29.135.42
185.33.220.145
185.64.189.110
185.86.139.89
192.0.76.3
192.132.33.46
193.0.160.128
198.148.27.134
198.148.27.139
2001:4de0:ac18::1:a:2b
213.254.244.24
216.58.208.38
23.210.249.164
23.210.249.83
23.212.156.24
23.37.53.17
2600:9000:2182:7000:6:44e3:f8c0:93a1
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700:20::681a:8b
2606:4700:20::681a:91b
2606:4700:20::681a:932
2606:4700:20::ac43:4513
2606:4700::6812:678
2606:4700::6812:a460
2606:4700::6813:9308
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1450:4001:800::2003
2a00:1450:4001:800::200d
2a00:1450:4001:801::2001
2a00:1450:4001:802::200a
2a00:1450:4001:802::200e
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:809::2008
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::200a
2a00:1450:4001:816::200e
2a00:1450:4001:817::200a
2a00:1450:4001:817::200e
2a00:1450:4001:818::2002
2a00:1450:4001:818::2003
2a00:1450:4001:819::2006
2a00:1450:4001:81a::2001
2a00:1450:4001:81a::200e
2a00:1450:4001:81b::2003
2a00:1450:4001:81e::2001
2a00:1450:4001:821::200e
2a00:1450:4001:824::2004
2a00:1450:400c:c0c::9c
2a02:26f0:64::214:84d8
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f02d:e:face:b00c:0:2
2a03:2880:f12d:83:face:b00c:0:25de
3.120.143.70
3.126.247.13
34.195.35.40
34.225.120.49
34.249.58.234
35.157.104.14
35.188.71.214
35.226.36.58
40.113.136.100
52.16.238.200
52.206.86.50
52.209.188.101
52.212.58.206
52.217.101.196
52.57.173.127
52.58.195.54
52.59.61.242
52.72.36.5
52.72.80.38
52.95.123.41
54.190.100.128
64.202.112.191
68.232.34.237
69.173.144.139
69.173.144.141
69.173.144.154
72.251.249.9
92.123.150.214
93.184.220.187
95.100.73.104
99.86.7.22
02a2079808b1d062ff16a7d19627e9ee4a94f989aa879d9f81333364fa5a8ea0
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
0575fafbd9c8d134b63206c194eb9a7347838bf1b9adf81e8508409d845c3e6e
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06f777ff38a8dd1b7583e8323755ef6ed1c5ab41107894ed98792553e82097ba
088c63ac9aaf5857af695cd4553585fd5955c6c483b21fb3174ad58a9c81cd90
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
09fba596f1ba572cf4b3ceb9c1f3962d1b75bbb4a6d6d7707f1f93e2fe889aee
0b7b74a139779fba8e1d17d597aa7cbffa27bd33d2b5c43d8039264c2a627412
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fbdde14de3aa39d2b3ef4a34deef57b0a4905a2464f7b257b600bd696e6b6c4
0fd27194f95dc70ab3db90fc41bf954eb609711bfb78253373bc838974f2866f
10c289346cba2ae0c51c938075b153e9305663ab39dd652205ba2e401e587ea3
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
126b0db475dac8550795ad28030ebfacde3d381588872e38c9828dc9458e3292
12a24c1feb4b8e8e3872a9fedee80fcce55a6f59b14607d640fcf4f3054ec43e
1301a4fd823a6b23ec99783585c7d947d18c86a10cd7257b21e1c13ed4a4642a
13553abbe7402dd8026d333399456a89b427c236c31d3aa84d455215e74257dc
1632e13bb4b75973ab4e1ae7b45ebbcf3aae9dc050a24048d6875d6e3a466088
166489f1e5c39e83c5606c671097ec5ef4d45cbbc04d46dbd31cd9f9b92b6bc5
167eefa83e1aa1374767855f64054dde21c967fc23cd0dfe4217aaa4cb02a7db
1ab080656fab6802aab402d3e385c6c3aa1715d4d962edd506907862dfdad8dc
1b6863771c330f7b6a857dbfee3959d8e8c61c0e34f1e9ba5f6f38268d05573d
1c8e23b28540c9a6c6cdfc331f245b35d11f84e5de0619c933258eb8ed974587
1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47
209c5a3d5663e93da5f73f50923b757791f11078e28ec10f6138d65d9b00b1a9
214ba7bea769b92906cbdc8b07a4c971a7c2040683cf150aac896e67253877ad
21cb9221d772cfd0d3de7240fe5c07ee1c06b9bd945111a2e0491ae243eb0b41
223dffd74c3dd2a212cdd68708f2b201fe0b9918780463bbc3bd89b075eb5c8c
232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45
2391cc30306861b59fcdb16b83a8f427ee342e5f5d6e8299a91d586687e8bef2
254db6c803801a08fcdbaa986cc77e0a67a47b04a16714ede25ef1f1eabfff57
29468b66389df59555ae33050768a903311d689837e6aa6e8e33511869282b93
2bf4b5202559dbe01d8188a3adb26d68755a69064f233ef63f284b08efaed6ad
2cecc971cba1f2e7b8891f65ae30fa0fb7dd9972a8342ff3bed23e4ba38cb978
2fb500f34c1e92bea56bab8e0e5ccd68f794b9a514e5302a2f7e07723938d91b
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
394ee880685b17bc2c3e8a5a628c4ddce428531b165836c0b5717c71d76faeb7
396197a350c5f917f454cb764fa31f624d64f8fbac73445c4d2862bad7ca22bf
39cb24159c965e9896b3b1d3ecf5e29e88bdd771bc50a0d3c417d8ce2875236b
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3c5689e055872de0de49a59540ec97b96237cf2ec28ebaefff0cc08821f4f08b
3c8556aa78d5519f1304e424a4bde6b42942dfc33bcd12c10d4032dd8e029c22
3cc9389c9cfdbc0fb7c282c3026c3cd9c11894913f4cf60cf9d1140a1415ad0a
3d5535fc993e2a02b5523add7738f08a15fabac527da55db4834d64603e97e83
403bfa21e733c139da9d7d87c48fa0ebbed91514fbbadf34cbc455294a004389
40bbe37ef3f30820bc6fe1c7fedf01d41f7e2716e1e2b5d01ebfa117eb43aabe
436e80e0cd3fb887309561487734b026f02258d3f092b9a038b5ab1ec6aaa1e2
441c7a013be2264df673d2a24c20c0d65d8d745f6d00480517d68b0f313de488
453e9cc6fc295196d8914da9858a388ce58a1dcb9b033aab9037aa2badbbc0d9
46fe925aebeb82c977cf241c08c4708f57641674f6f4065796cc4b454649b6ae
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
47319332cec2dd1c545849bff936095481b11199313f8bb31bae23e640991b09
51885f3f46c7317c00dc6b36ae543d48f1b3d1c3768381c9f7c8fb47e38214f1
5216fcdc6d278ba8cce42f910754b33365608bcba89401423816cc2b7b28f161
528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187
52d1fa8a9ebff6670209bdaf47bafa374eb128a7c83a73d372f5538fbaa2e6e1
5416bb3c019c4a5687c50ecb53535f402e8baaa3d24812d662e8d9cbd2a9d69b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55775baf70d2f1d40bac3a60de82e8e42b7e34687802f73671f25f2f60fdc6d4
55e35a1415438685f71fe809dfb0e94ff9d3b994dd8d8ae8f7206bb878d59a84
5c99dc27d465b2f8425daee704098e7335a880b4c757bfdded09721b9054d64d
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5e1390f7c515a04fbd18d7c3e864de65e7fc473f8a2e5134f74a79e122911dd7
5f5959426fab9f8d0458c57ff0a4fe388c95554d2bde2f73c44a7ea2c9dfc71e
5fefa6bc00a2fca4d3ca705862d42dfdbb8f69124b2f0cc0896d3c7c2c05890a
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
61fbc34f91d8af09b7d8434e27d4f7f12fdfae8311d2d26d0eea187ad16c4dd6
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
631b0fbf40957784459e751dcd409e54c02f815b9e3a0839d61a58d240bf1eb3
633aeda2d57927567b195da28166cf7d5a619539c2a3dc4793a88d62ea9bbe25
64bd7529494fcb29ae2245d4d977261083632b107e5e468df0f997e858ebdf84
64d5ad9d5206906d2bebc7d7d9d3258f6afb1d86bb30246880001d1df9674d8c
661fd034f5ef241199cf800ff2facfd19dde9b8d7fe1e04f77f085554ffa9bdb
67386f7f6c11079518c59fdca44b5a6c5b17f4b8cda8ead4e993f3b2dfda0e5d
6883ce59605b04b6c6782ba17cb02dae671c9228e429ced6c1ab1171a38e12a1
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c73cf3d94d29e498f66facb6891a9be80ef4f5caee6c9b09e6128b167b3c966
6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1
6d573851cf7e01f2f62cc1da7f3961e45baac2e6776f8e9cab16ba120233d721
6f613a44dbe81266c39e923fbf649e2a37670c6329d52d12f6a3b1c0addf4232
6fca0b40781598023aed9b45225711771eafce8f14392a49d6ed57d567255002
73640611b9fd11fb3a266b8bcb6659f731a95dae3266ae4e94e040c34c92f586
75f09c10bc7e746f5dd81f4b7c6c0a41c61977e622d0c92c946362e4cc279d72
76a8c8ef4cde9cbd17bbaecf11ee316fab4e55cc661093e4b2d80a4e1ff52897
76acf8c85fbf30f66baaf8a77b45a8c55239360611284cbd426bafeaf12806ba
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
772f30f80abc4903d2b32118044a9c210abb95bdf422f8e22c9923fe18a1611f
776bc870aebdc54c7bfac7b59b26cd7fd79f7119ba5c14094ef8da5545ce237b
777a900b48ed2b99b8a4ba93c8a314ee3caeba5ab77e866c8e5ef494f188c1f9
786d190bd0c55665bcf263abf1513e0d3325bffaaa2668910f9ce9dcb7d7d074
7b83dafcd8a9c9b718d50a6b5d5dd2274a62f3d8a78c23dec5791e2d87539820
7f3f58c2fd4529fffc91067658a9689ffc59257d6e329de3f156539fdc9d44c3
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8013c0d5234bb1fc24e8fc107d0dd7ab14478314a1583d36e91d46c17bf6b535
83d01ea9a0d24c513c44baf39a64527f9fa8da8ec2011e591740a09d9f2cc094
84b2c3f57b4c2c7872c3fc061463fdb9c9df7fcf61a2fca19b9e98c22bda53af
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89cb81b15741129a01edcb8665b1f6172e270197a1335e9f0db3558e6c338a60
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b88ddfa92e4cb2646d5c7e19274939caa3495dcb33c307f1bbaec31b1d9691a
8bdab1eac9d2b05029f47b7436dfacc93b2cc5f89f4b8dff900c98c9a0774ebd
90dd355c112d81a2acb4e3647df6d4a7cf473b52e46cc8ddb81e950b81330075
9444735efef35f26725c4e3cc87b7c77970103af8999e71d427d0dbe0fe85a95
96ed609b415be6ee67eadb8d2de7ce64d13de9c928bce8e1373bec97e233e74c
97f7c6bfa4148cab659ebbe8c7eb849c5ba5f9ae12ff9ab9295c9dd475d7c3b5
980c703ebe0da2faea2a4bb71cbafd69315ab66ab96cab54e2f9bb1e63ef4aa9
984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4
993dd9c705fd43f0ae68f0f6bd7dd6e40e1120a16327b21339f5da90bc238c28
9af6550ca2c42a37009bae2158dca11ca60287039f406a7cc4b6b1df1185ecfd
9c49fdcc3ebafd488bf5c0f7e8d5d883f03ba7bef90e5d85bfa9877b134c8dd0
a05b6b902fc0110a35204d05a8360b0fcff6bf23859f7fca952444bf6184b248
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a3424bb0fb20a47d1806c2ba2c741502e84fde1358df4450adba707df6d0ccd8
a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907
a59455402cb06fdade0b4c6ca2c44f2f627a085fb354b911531235c4c4f538a3
a75ca1967edccf50657450f062c43c274b61a0644998070a5b80cbfc52882805
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9
a78f3c394abdb5185b2a1235457e0e9a50b97625ef7c01a276a0aef6c5dd87fb
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
a9face165b5af8cc8cd1aef61858dc946c4296ee34ef63790747394d4f25c38b
ab9e8a012fc196335a4749d4a81ad4e6b82dce60d55853a7ca2fe9b103393d88
ac2354138204710f28686bcd02c64db26c77f3ad2a6d43b4518e09020c883050
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae407e415a45b6c720d8d61fef8c28756883d0f546a64e7a2969d6174c669951
aeb08680a67ab108b80d0d5eca97457046c90c4d885d817aac059ed5b47b5fbc
aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308
b02dea6e9b189abd6496125975e134539609a2bcb0496ebd91f23420bfce88b4
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b317742277d72c28cb24020d61cc7daecd4e51e48a68a16440d26bf1a008a129
b3c7fc0cf7be713a4e97298f59db197355a9bdbd1d55944e6d8a4006f1a01cf6
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b7db90d988f2d569ee665c1666e383f3ccb226e4532320946bb42d09702c6ed8
b94c0c588c960ee9b1b4fdc774c776f770059745e5219ecc28c1cbe5f633ba84
baccc36f4643b5739459f6075bbe88ef37d443e9c6a87e7b9f5c617774732094
baf274876d048857e998e0f18399bc589aa374602d41ce0b7e8e6371d41a6dc1
bcdf7b6ec5fe23c3049d66b4a6f1881cb1a6dfbbbd52088c60b4f0b6c538f36d
bd90fb7f8878dcb6dcb03917f919ef09ebbdeb7bf5fde4624e8946868da320c4
bdc6f35981582b0bb0423b70243eac10776c99215aaa26dede1b002555215e99
bf8a3d71354828a837da5f234fdeab608b2e535b11b4851e89d75b1686686635
c427820d10fd65f85b3f4165edd9586dedb7050815e868589fa5053427141ad0
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
c569a275e7295dd7aaf172184dc86efc15f04168ee2f898d018594c98d0412d1
c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374
ca5398fb76a3d11f43a00312ca1f4a0b11cc37d1925d82bcc80c906ffc956ff2
cd65be12262a2774c87d77fbbeccf6a965c2455bca82031acbe6838db0c489b0
cd91e6cc01731d085fcedda480d1f01e1bdb36e51332878bc76dc52ec648f4e6
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d0e9c7d4dd5f2a37d2ad910e903e9f20bd8dc3acda710f5b76f41f0e7849b379
d337aa4ea0cace6bd743ef8c3b5d1d20e6e676bb4a650c7335a7383635529f31
d3b142f2fc1b181088ebc5bd873a725bba5e4ea24b20874e7880b163f778765e
d5391db155b16023a08f123e0cfd5c833d65a8f1d50f87bf195bc3f25cca3451
d544eae637d61ee786c0a45bb0a7f250f9280bcd2ea1576655a761f1d397b8df
d9417079952dbe5d1b1bc0bf209d04bcf97459ce3c271837b4d9c45a48e3ecfa
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
da3e524928bcca821af2551eb6f9e9ae2449ceb48642cce4f2dae23383098537
db03313b117d5687f500d3a57cf5a279c0e9c92cf8b2182b5ec74257257537c3
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64
e098e7520dbccfe6cdaa96ce30b3245894b060fdc2d31145e870c81432cff684
e1a3c83144fa5752c8668ca056742ec9e6d6dfe5cfb75a97a9e53d1150068f91
e2b10fb279adbcdcc16000ee52100f323dcebcc29973abf7936222c3c028a29e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a66d01f6e756434873901b4c7c7fd74d0a2c08710e8e2bec2113f97dcff2d6
e683e849f4a29ef934b5be036422d994940d7448b0239236bf17093d0e4bd83e
e77c417c9fc9dcc933e5efb242db4d753ec2f56bc6de6cecf98b840ed43520f8
e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb
e9e40f737e08ad5b6c7ec3d3ee2232ce91f00b1f4f753c79f5e8e4f74c1c4a60
eb744b621e8b353c5c4b5cc39f2a7b06855a02634992cbcc0ec6ac30cee45b77
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
ee387ae33b68d8bef44de7fb33566d68e19b7e5e28b62b5f9fb1fe1150378f8a
eeb3af8f1b68acd03bbf7577a8aeb0f2c1163e35de160f3fefe67dcda3b8e2e3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef43f23d8a5175941499ee0ec062770e14185148877cfaa5cb486d907cd766b1
f00dd1db7de0e8916241284a33f65ff7a044c45ed2a7c1ee969f084cf6b0d63b
f0b5290ffd7ebefe5bb9d7cde55f244efb5076db25b9b2a85b9d1b14f7972d25
f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f403985da17a23ec32f8e36227c17e9f17e631eed5f760340a2d04385cb47c96
f53a5a2ba9b5d545b91915dabe0f4553beebfa3e86b3f52abe9922e4e4e4211b
f7d5b42f53668e5080beccc9ae7c2cb936ce23cf96c23f0b0f0a0f659c001750
ff372adc4cf4262bb789e8cd8c4d390bd6f2ff1e99ec9ebb9e3de24cd679ea5d
ff592f2f7d9a58ad2295ab0af7c19c580480f9515e0ec2b3a0831992318499ae

www.komando.com Open in urlscan Pro 2606:4700::6812:a460 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

330 Requests

97 %HTTPS

37 %IPv6

67 Domains

114 Subdomains

96 IPs

9 Countries

3648 kBTransfer

14764 kBSize

1 Cookies

32 Outgoing links

Redirected requests

330 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.komando.com Open in urlscan Pro
2606:4700::6812:a460 Public Scan

Screenshot
Live screenshot

Full Image

330
Requests

97 %
HTTPS

37 %
IPv6

67
Domains

114
Subdomains

96
IPs

9
Countries

3648 kB
Transfer

14764 kB
Size

1
Cookies

330 HTTP transactions
12 data transactions