URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Submission: On November 21 via manual from US

Summary

This website contacted 29 IPs in 9 countries across 27 domains to perform 70 HTTP transactions. The main IP is 2a02:e980:d::ba, located in United States and belongs to INCAPSULA - Incapsula Inc, US. The main domain is www.fireeye.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on May 7th 2018. Valid for: 2 years.
This is the only time www.fireeye.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
31 2a02:e980:d::ba 19551 (INCAPSULA)
1 1 23.38.51.49 20940 (AKAMAI-ASN1)
2 13.108.250.135 14340 (SALESFORCE)
2 104.17.71.206 13335 (CLOUDFLAR...)
3 2.21.36.164 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 151.101.12.157 54113 (FASTLY)
1 216.58.205.226 15169 (GOOGLE)
2 184.31.84.223 20940 (AKAMAI-ASN1)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2 172.217.21.230 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2 2a05:f500:10:... 14413 (LINKEDIN)
1 1 2a05:f500:10:... 14413 (LINKEDIN)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.197 13414 (TWITTER)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 72.247.226.64 16625 (AKAMAI-AS)
1 104.244.42.67 13414 (TWITTER)
1 182.22.24.252 23816 (YAHOO Yah...)
1 136.147.110.130 14340 (SALESFORCE)
1 192.28.147.68 53580 (MARKETO)
1 183.79.255.12 24572 (YAHOO-JP-...)
2 2a00:1288:f03... 10310 (YAHOO-1)
1 66.117.29.6 15224 (OMNITURE)
70 29
Domain Requested by
31 www.fireeye.com www.fireeye.com
www.googletagmanager.com
2 s.yimg.com www.fireeye.com
2 www.facebook.com www.fireeye.com
connect.facebook.net
2 px.ads.linkedin.com 1 redirects www.fireeye.com
2 connect.facebook.net www.fireeye.com
connect.facebook.net
2 8443343.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 www.google.de www.fireeye.com
2 www.google.com 1 redirects www.fireeye.com
2 munchkin.marketo.net www.googletagmanager.com
munchkin.marketo.net
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 bat.bing.com www.googletagmanager.com
www.fireeye.com
2 js.maxmind.com www.fireeye.com
2 www.googletagmanager.com www.fireeye.com
www.googletagmanager.com
2 s7.addthis.com www.fireeye.com
2 www2.fireeye.com www.fireeye.com
www2.fireeye.com
1 fireeye.tt.omtrdc.net www.fireeye.com
1 b91.yahoo.co.jp www.fireeye.com
1 848-did-242.mktoresp.com www.fireeye.com
1 d.la4-c2-dfw.salesforceliveagent.com www.fireeye.com
1 s.yimg.jp www.googletagmanager.com
1 v1.addthisedge.com s7.addthis.com
1 d.la2c2.salesforceliveagent.com www.fireeye.com
1 analytics.twitter.com www.fireeye.com
1 z.moatads.com s7.addthis.com
1 t.co www.fireeye.com
1 googleads.g.doubleclick.net www.fireeye.com
1 www.linkedin.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 www.googleadservices.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 sjs.bizographics.com www.googletagmanager.com
1 c.la2c2.salesforceliveagent.com www.fireeye.com
1 cloud.typography.com 1 redirects
70 33
Subject Issuer Validity Valid
fireeye.com
Entrust Certification Authority - L1K
2018-05-07 -
2020-05-06
2 years crt.sh
la1-c2-ord.salesforceliveagent.com
DigiCert SHA2 Secure Server CA
2018-07-31 -
2020-07-30
2 years crt.sh
www2.fireeye.com
CloudFlare Inc ECC CA-2
2019-04-06 -
2020-04-06
a year crt.sh
odc-prod-01.oracle.com
DigiCert SHA2 Secure Server CA
2019-10-10 -
2020-09-04
a year crt.sh
*.google-analytics.com
GTS CA 1O1
2019-11-05 -
2020-01-28
3 months crt.sh
*.maxmind.com
COMODO RSA Organization Validation Secure Server CA
2018-10-15 -
2020-11-06
2 years crt.sh
js.bizographics.com
DigiCert SHA2 Secure Server CA
2018-04-13 -
2020-04-17
2 years crt.sh
www.bing.com
Microsoft IT TLS CA 2
2019-04-30 -
2021-04-30
2 years crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2019-08-14 -
2020-08-18
a year crt.sh
www.googleadservices.com
GTS CA 1O1
2019-11-05 -
2020-01-28
3 months crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2018-12-24 -
2020-03-24
a year crt.sh
www.google.de
GTS CA 1O1
2019-11-05 -
2020-01-28
3 months crt.sh
*.doubleclick.net
GTS CA 1O1
2019-11-05 -
2020-01-28
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2019-11-06 -
2020-02-04
3 months crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2019-05-29 -
2021-06-29
2 years crt.sh
*.g.doubleclick.net
GTS CA 1O1
2019-11-05 -
2020-01-28
3 months crt.sh
t.co
DigiCert SHA2 High Assurance Server CA
2019-04-09 -
2020-04-01
a year crt.sh
www.google.com
GTS CA 1O1
2019-11-05 -
2020-01-28
3 months crt.sh
moatads.com
DigiCert ECC Secure Server CA
2018-11-10 -
2020-02-09
a year crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA
2019-04-09 -
2020-04-01
a year crt.sh
*.yahoo.co.jp
Cybertrust Japan Public CA G3
2019-09-24 -
2020-10-23
a year crt.sh
la4-c2-dfw.salesforceliveagent.com
DigiCert SHA2 Secure Server CA
2018-07-31 -
2020-07-30
2 years crt.sh
*.mktoresp.com
GeoTrust RSA CA 2018
2018-02-05 -
2020-02-05
2 years crt.sh
rd.listing.yahoo.co.jp
Cybertrust Japan Public CA G3
2019-08-30 -
2020-09-29
a year crt.sh
*.yahoo.com
DigiCert SHA2 High Assurance Server CA
2019-11-01 -
2019-12-16
a month crt.sh
*.tt.omtrdc.net
DigiCert SHA2 High Assurance Server CA
2017-10-19 -
2020-11-25
3 years crt.sh

This page contains 2 frames:

Primary Page: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Frame ID: E611E0D8640A5F0EB5DCACA2D52483E1
Requests: 79 HTTP requests in this frame

Frame: https://8443343.fls.doubleclick.net/activityi;dc_pre=COGfzeaJ_OUCFQuVdwodHmgLjA;src=8443343;type=sitew0;cat=firee0;ord=2042361587576;gtm=2odav9;auiddc=40782940.1574365843;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Frame ID: A54BD694AF39178CE4D4605E72CD00BC
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • script /\/etc\/designs\//i
  • script /\/etc.clientlibs\//i

Overall confidence: 100%
Detected patterns
  • script /\/etc\/designs\//i
  • script /\/etc.clientlibs\//i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • html /<!-- (?:End )?Google Tag Manager -->/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

70
Requests

100 %
HTTPS

48 %
IPv6

27
Domains

33
Subdomains

29
IPs

9
Countries

1896 kB
Transfer

3896 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://cloud.typography.com/6746836/6977592/css/fonts.css HTTP 302
  • https://www.fireeye.com/content/dam/fireeye-www/fw/f/651819/F3FCCD5E6343B3320.css
Request Chain 34
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=192637828&t=pageview&_s=1&dl=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&ul=en-us&de=UTF-8&dt=Global%20DNS%20Hijacking%20Campaign%3A%20DNS%20Record%20Manipulation%20at%20Scale%20%7C%20FireEye%20Inc&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=1920943203&gjid=772657326&cid=41494941.1574365843&tid=UA-363943-1&_gid=1260548881.1574365843&_r=1&gtm=2wgav9MVGC8KK&z=346132419 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-363943-1&cid=41494941.1574365843&jid=1920943203&_gid=1260548881.1574365843&gjid=772657326&_v=j79&z=346132419 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-363943-1&cid=41494941.1574365843&jid=1920943203&_v=j79&z=346132419 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-363943-1&cid=41494941.1574365843&jid=1920943203&_v=j79&z=346132419&slf_rd=1&random=679823072
Request Chain 35
  • https://8443343.fls.doubleclick.net/activityi;src=8443343;type=sitew0;cat=firee0;ord=2042361587576;gtm=2odav9;auiddc=40782940.1574365843;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html HTTP 302
  • https://8443343.fls.doubleclick.net/activityi;dc_pre=COGfzeaJ_OUCFQuVdwodHmgLjA;src=8443343;type=sitew0;cat=firee0;ord=2042361587576;gtm=2odav9;auiddc=40782940.1574365843;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Request Chain 37
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&time=1574365843090 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D6572%26url%3Dhttps%253A%252F%252Fwww.fireeye.com%252Fblog%252Fthreat-research%252F2019%252F01%252Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html%26time%3D1574365843090%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&time=1574365843090&liSync=true

70 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
www.fireeye.com/blog/threat-research/2019/01/
81 KB
21 KB
Document
General
Full URL
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
8d06e8130b42a1dcd41ce87971ca2d06a362b83108c547dde3a01b0df0883c08
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.fireeye.com
:scheme
https
:path
/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
accept-ranges
bytes
cache-control
no-cache="set-cookie"
content-encoding
gzip
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-type
text/html; charset=UTF-8
date
Thu, 21 Nov 2019 19:50:42 GMT
etag
W/"14568-597e09cc6694a-gzip"
last-modified
Thu, 21 Nov 2019 19:50:42 GMT
set-cookie
AWSELB=F33FE3570E13943BCC35AAB1BBA4B9E9759295F2A331D300084D8CB4FB2D9AECD2D2702761467B8FDED98DC1DAFCCE6E48F8EBCAFDDB78546BDCC32DDC294428315B4CD6AA;PATH=/;MAX-AGE=900 visid_incap_153517=7NmWIksIRT23164UaSNlRpHq1l0AAAAAQUIPAAAAAACYHFH92ns4uTcMgEXX1RBs; expires=Fri, 20 Nov 2020 08:49:44 GMT; path=/; Domain=.fireeye.com nlbi_153517=lOjue+/aSjYA+Bsl2auQYQAAAACRD+p7tl8GFcxUSlX617Mr; path=/; Domain=.fireeye.com incap_ses_260_153517=QQX9OA0idRtHyQ7O5uubA5Lq1l0AAAAAukphrSZU7rJ4gb9mnPYuSw==; path=/; Domain=.fireeye.com
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff nosniff
x-dispatcher
dispatcher2uswest1
x-frame-options
ALLOW-FROM https://content.fireeye.com
x-vhost
publish
x-xss-protection
1; mode=block
x-iinfo
4-20084135-20084136 NNNN CT(154 154 0) RT(1574365841663 0) q(0 0 3 1) r(7 8) U12
jquery.min.js
www.fireeye.com/etc.clientlibs/clientlibs/granite/
111 KB
38 KB
Script
General
Full URL
https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
b397476bcbcf8c9eae3f82007cc4f9495661b367e02e6d3dea6e15f0610ef20a
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084256-20084136 PNNN RT(1574365842482 0) q(0 0 0 -1) r(2 2) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
38305
x-xss-protection
1; mode=block
last-modified
Fri, 26 Jul 2019 09:54:26 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:42 GMT
vary
Accept-Encoding,User-Agent
content-type
application/javascript
etag
"1baa2-58e9287119880-gzip"
accept-ranges
bytes
csrf.min.js
www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/
4 KB
2 KB
Script
General
Full URL
https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
fbcc2c7d4dfbc5d0251c789843b8d7edf25306dfa23188ad267e2786357233c0
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084259-20084260 NNNN CT(150 150 0) RT(1574365842488 0) q(0 0 3 -1) r(5 5) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1676
x-xss-protection
1; mode=block
last-modified
Fri, 26 Jul 2019 09:54:26 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:42 GMT
vary
Accept-Encoding,User-Agent
content-type
application/javascript
etag
"f3e-58e9287119880-gzip"
accept-ranges
bytes
clientlibs_nav.min.js
www.fireeye.com/etc/designs/fireeye-www/
11 KB
3 KB
Script
General
Full URL
https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_nav.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
201509acaf1a9afdbeb88068bb7a0d7114bc6254e1ef032789290f1335eb54b0
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084261-20084262 NNNN CT(146 147 0) RT(1574365842491 0) q(0 0 3 -1) r(5 5) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
3406
x-xss-protection
1; mode=block
last-modified
Fri, 25 Oct 2019 04:23:53 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:42 GMT
vary
Accept-Encoding,User-Agent
content-type
application/javascript
etag
"2a7a-595b4847d2840-gzip"
accept-ranges
bytes
F3FCCD5E6343B3320.css
www.fireeye.com/content/dam/fireeye-www/fw/f/651819/
Redirect Chain
  • https://cloud.typography.com/6746836/6977592/css/fonts.css
  • https://www.fireeye.com/content/dam/fireeye-www/fw/f/651819/F3FCCD5E6343B3320.css
245 KB
184 KB
Stylesheet
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/fw/f/651819/F3FCCD5E6343B3320.css
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
67a99837e80451fd25c1abdf9c96a984bf2aff964034155311361e47213f748b
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
publish
status
200
x-iinfo
4-20084282-20084136 PNNN RT(1574365842541 0) q(0 3 3 -1) r(4 4) U12
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
last-modified
Wed, 04 Apr 2018 18:35:15 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:42 GMT
vary
Accept-Encoding,User-Agent
content-type
text/css
etag
"3d5e0-5690a15823ec0-gzip"
accept-ranges
bytes

Redirect headers

Date
Thu, 21 Nov 2019 19:50:42 GMT
Last-Modified
Wed, 04 Apr 2018 18:37:39 GMT
Server
Apache
ETag
"115e2100d163a3d87ac532e0b7ef66d5:1522867059"
Vary
Accept-Encoding
Content-Type
text/html
Location
https://www.fireeye.com/content/dam/fireeye-www/fw/f/651819/F3FCCD5E6343B3320.css
Cache-Control
must-revalidate, private
Connection
keep-alive
X-HCo-pid
14
Content-Length
154
Expires
Thu, 21 November 2019 19:50:42 GMT
patch.css
www.fireeye.com/content/dam/fireeye-www/fw/css/
559 B
429 B
Stylesheet
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/fw/css/patch.css
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
1658ce76f85d7484329e8b1af212597c2e68c19955bba460567514f0a3bd8d92
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
publish
status
200
x-iinfo
4-20084257-20084258 NNNN CT(155 156 0) RT(1574365842485 0) q(0 0 3 -1) r(5 5) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
281
x-xss-protection
1; mode=block
last-modified
Fri, 05 Jul 2019 19:55:15 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:42 GMT
vary
Accept-Encoding,User-Agent
content-type
text/css
etag
"22f-58cf47916cec0-gzip"
accept-ranges
bytes
clientlibs_fw-2019.min.css
www.fireeye.com/etc/designs/fireeye-www/
207 KB
40 KB
Stylesheet
General
Full URL
https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw-2019.min.css
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
29a772b101ceb386b9b1a3094e0830647b009b0b2bb8af50e49abb2bc2d4ecbe
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084263-20084264 NNNN CT(152 152 0) RT(1574365842493 0) q(0 0 3 -1) r(5 7) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
40566
x-xss-protection
1; mode=block
last-modified
Fri, 25 Oct 2019 04:23:53 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:42 GMT
vary
Accept-Encoding,User-Agent
content-type
text/css
etag
"33b44-595b4847d2840-gzip"
accept-ranges
bytes
clientlibs_base.min.css
www.fireeye.com/etc/clientlibs/fireeye-blog/
5 KB
2 KB
Stylesheet
General
Full URL
https://www.fireeye.com/etc/clientlibs/fireeye-blog/clientlibs_base.min.css
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
757eb886edd9a887fc95b701c88b08191eb743657027636c0c9d4973547ebb4a
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084265-20084266 NNNN CT(146 146 0) RT(1574365842494 0) q(0 0 3 -1) r(5 5) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1501
x-xss-protection
1; mode=block
last-modified
Fri, 04 Oct 2019 05:18:41 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:42 GMT
vary
Accept-Encoding,User-Agent
content-type
text/css
etag
"1507-5940ed5cd2e40-gzip"
accept-ranges
bytes
utils.min.js
www.fireeye.com/etc.clientlibs/clientlibs/granite/
10 KB
4 KB
Script
General
Full URL
https://www.fireeye.com/etc.clientlibs/clientlibs/granite/utils.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
799cb15a25ed2fa78bdba496d1afbc68f033a3a5dd9ead12f4eaac4e0a93236d
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084267-20084262 PNNN RT(1574365842495 0) q(0 5 5 -1) r(6 6) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
3706
x-xss-protection
1; mode=block
last-modified
Fri, 26 Jul 2019 09:54:26 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:43 GMT
vary
Accept-Encoding,User-Agent
content-type
application/javascript
etag
"26ad-58e9287119880-gzip"
accept-ranges
bytes
granite.min.js
www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/
4 KB
2 KB
Script
General
Full URL
https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
c986afd07a4082d65befeef18869a4cd5e00f3ac6e8228d49658802c7453a1b8
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084269-20084266 PNNN RT(1574365842497 0) q(0 5 5 -1) r(6 6) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1702
x-xss-protection
1; mode=block
last-modified
Fri, 26 Jul 2019 09:54:26 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:43 GMT
vary
Accept-Encoding,User-Agent
content-type
application/javascript
etag
"f90-58e9287119880-gzip"
accept-ranges
bytes
jquery.min.js
www.fireeye.com/etc.clientlibs/foundation/clientlibs/
16 B
175 B
Script
General
Full URL
https://www.fireeye.com/etc.clientlibs/foundation/clientlibs/jquery.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
c084b47104c493fb377b6d35d8c08df67d773f6dcf8294c0a7360710cd8cacbd
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084270-20084260 PNYN RT(1574365842498 0) q(0 5 5 -1) r(6 6) U12
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
last-modified
Fri, 26 Jul 2019 09:54:49 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:43 GMT
vary
User-Agent
content-type
application/javascript
etag
"10-58e9288708c40"
accept-ranges
bytes
shared.min.js
www.fireeye.com/etc.clientlibs/foundation/clientlibs/
24 KB
7 KB
Script
General
Full URL
https://www.fireeye.com/etc.clientlibs/foundation/clientlibs/shared.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
4086c8cd4c3361452c1c1da9af3034fc90f4a375c4f6195f31d6dcf1c7b56f00
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084271-20084258 PNNN RT(1574365842500 0) q(0 5 5 -1) r(7 7) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
6920
x-xss-protection
1; mode=block
last-modified
Fri, 26 Jul 2019 09:54:49 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:43 GMT
vary
Accept-Encoding,User-Agent
content-type
application/javascript
etag
"5e7e-58e9288708c40-gzip"
accept-ranges
bytes
modern.min.js
www.fireeye.com/etc.clientlibs/clientlibs/granite/lodash/
34 KB
12 KB
Script
General
Full URL
https://www.fireeye.com/etc.clientlibs/clientlibs/granite/lodash/modern.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
355604a949ef95ceffcd21a7e9b5ed27c95d847f95127e0ddad5aa1793f1bb74
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084272-20084262 PNNN RT(1574365842502 0) q(0 5 5 -1) r(7 7) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
11784
x-xss-protection
1; mode=block
last-modified
Tue, 17 Oct 2017 06:49:31 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:43 GMT
vary
Accept-Encoding,User-Agent
content-type
application/javascript
etag
"87c8-55bb8866db4c0-gzip"
accept-ranges
bytes
kernel.min.js
www.fireeye.com/etc.clientlibs/cq/personalization/clientlib/personalization/
119 KB
26 KB
Script
General
Full URL
https://www.fireeye.com/etc.clientlibs/cq/personalization/clientlib/personalization/kernel.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
79b2448738716f0daf11d4a206e105e3b79e9d082f9c9bf4ad2bd55e591a1a3c
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084273-20084266 PNNN RT(1574365842506 0) q(0 5 5 -1) r(7 8) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
26194
x-xss-protection
1; mode=block
last-modified
Fri, 26 Jul 2019 09:54:50 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:43 GMT
vary
Accept-Encoding,User-Agent
content-type
application/javascript
etag
"1dd96-58e92887fce80-gzip"
accept-ranges
bytes
deployment.js
c.la2c2.salesforceliveagent.com/content/g/js/34.0/
40 KB
41 KB
Script
General
Full URL
https://c.la2c2.salesforceliveagent.com/content/g/js/34.0/deployment.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.108.250.135 , United States, ASN14340 (SALESFORCE - Salesforce.com, Inc., US),
Reverse DNS
dcl6-ord.la1-c2-ord.salesforceliveagent.com
Software
Jetty(9.4.z-SNAPSHOT) /
Resource Hash
3aadac47cf44df595934bec631a78bf2ba62081ab95528e684a85b4c74453e77

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date
Thu, 21 Nov 2019 19:50:43 GMT
Cache-Control
max-age=60, must-revalidate
Last-Modified
Wed, 06 Nov 2019 01:23:10 GMT
Server
Jetty(9.4.z-SNAPSHOT)
Accept-Ranges
bytes
Content-Length
41338
Content-Type
application/javascript
fireeye-2-color.png
www.fireeye.com/content/dam/fireeye-www/fw/images/
4 KB
4 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/fw/images/fireeye-2-color.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
2f454290d840efc756bf1009cfa026cbb69b657d41f8962e63427f001374c495
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
x-content-type-options
nosniff
last-modified
Mon, 25 Feb 2019 20:12:45 GMT
etag
"e54-582bd904dc940"
x-vhost
publish
x-frame-options
ALLOW-FROM https://content.fireeye.com
content-type
image/png
status
200
x-iinfo
4-20084274-20084258 PNNN RT(1574365842509 0) q(0 6 6 -1) r(7 7) U12
date
Thu, 21 Nov 2019 19:50:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
3668
x-xss-protection
1; mode=block
Figure1b.png
www.fireeye.com/content/dam/fireeye-www/blog/images/DNSjacking/
253 KB
253 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/DNSjacking/Figure1b.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
882a6bfa980c6b58c3f97037333ced9a0a3f04aa9c6f7c4a758956c31f7d1847
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
x-content-type-options
nosniff
last-modified
Thu, 10 Jan 2019 19:51:57 GMT
etag
"3f24d-57f1fe9379140"
x-vhost
publish
x-frame-options
ALLOW-FROM https://content.fireeye.com
content-type
image/png
status
200
x-iinfo
4-20084275-20084262 PNNN RT(1574365842513 0) q(0 7 7 -1) r(8 8) U12
date
Thu, 21 Nov 2019 19:50:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
258637
x-xss-protection
1; mode=block
Figure2.png
www.fireeye.com/content/dam/fireeye-www/blog/images/DNSjacking/
276 KB
277 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/DNSjacking/Figure2.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
3fe02a83af9c94eae28f17c8b05f3c55472b2d3312190ea1ec4ada15695be3da
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
x-content-type-options
nosniff
last-modified
Thu, 10 Jan 2019 02:41:24 GMT
etag
"451de-57f1183aedd00"
x-vhost
publish
x-frame-options
ALLOW-FROM https://content.fireeye.com
content-type
image/png
status
200
x-iinfo
4-20084351-20084260 PNNN RT(1574365842968 0) q(0 3 3 -1) r(5 6) U12
date
Thu, 21 Nov 2019 19:50:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
283102
x-xss-protection
1; mode=block
Figure3.png
www.fireeye.com/content/dam/fireeye-www/blog/images/DNSjacking/
216 KB
216 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/DNSjacking/Figure3.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
d74ff0f27ccbbb1f41ea8034ef9fda0c094bb2e9312959f4e04aa4a9d2f8c765
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
x-content-type-options
nosniff
last-modified
Thu, 10 Jan 2019 02:41:25 GMT
etag
"3606f-57f1183be1f40"
x-vhost
publish
x-frame-options
ALLOW-FROM https://content.fireeye.com
content-type
image/png
status
200
x-iinfo
4-20084352-20084258 PNNN RT(1574365842969 0) q(0 3 3 -1) r(5 5) U12
date
Thu, 21 Nov 2019 19:50:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
221295
x-xss-protection
1; mode=block
vision-promo-400x300.png
www.fireeye.com/content/dam/fireeye-www/vision/assets/images/
42 KB
42 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/vision/assets/images/vision-promo-400x300.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
f3e29fe041c9d9bcd80dc114b8e10f15844721778cb4f1f08d25a93dd2a32b86
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
x-content-type-options
nosniff
last-modified
Mon, 01 Jul 2019 15:18:51 GMT
etag
"a61c-58ca0253d8cc0"
x-vhost
publish
x-frame-options
ALLOW-FROM https://content.fireeye.com
content-type
image/png
status
200
x-iinfo
4-20084353-20084136 PNNN RT(1574365842970 0) q(0 3 3 -1) r(5 5) U12
date
Thu, 21 Nov 2019 19:50:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
42524
x-xss-protection
1; mode=block
forms2.min.js
www2.fireeye.com/js/forms2/js/
169 KB
58 KB
Script
General
Full URL
https://www2.fireeye.com/js/forms2/js/forms2.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 19:50:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Wed, 25 Sep 2019 18:55:06 GMT
server
cloudflare
age
1420
etag
"32094b-2a536-5936530f69680"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
public, max-age=14400
cf-ray
539531b74bacd6e5-FRA
expires
Thu, 21 Nov 2019 23:50:43 GMT
clientlibs_fw.min.js
www.fireeye.com/etc/designs/fireeye-www/
176 KB
52 KB
Script
General
Full URL
https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
a8851f1c1b036df6f733bd7081b9452ad33c1a1c65b2bc4b4cdd0263091f85f9
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084350-20084264 PNNN RT(1574365842966 0) q(0 2 2 -1) r(3 3) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
52690
x-xss-protection
1; mode=block
last-modified
Fri, 25 Oct 2019 05:20:08 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:43 GMT
vary
Accept-Encoding,User-Agent
content-type
application/javascript
etag
"2c096-595b54da79200-gzip"
accept-ranges
bytes
addthis_widget.js
s7.addthis.com/js/300/
349 KB
113 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 30 Oct 2019 19:35:04 GMT
server
nginx/1.15.8
etag
W/"5db9e5e8-57446"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
status
200
cache-control
public, max-age=600
date
Thu, 21 Nov 2019 19:50:43 GMT
x-host
s7.addthis.com
content-length
114924
_Incapsula_Resource
www.fireeye.com/
114 KB
16 KB
Script
General
Full URL
https://www.fireeye.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=418163422
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
e8fcb00caf13d2c7e926589bf2b83edab6f5c677a7dcddb5e17fbbcd6297e77f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

status
200
strict-transport-security
max-age=31536000
content-encoding
gzip
cache-control
no-cache
x-robots-tag
noindex
content-length
16640
content-type
application/javascript
gtm.js
www.googletagmanager.com/
200 KB
62 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MVGC8KK
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
75c11878d22ea571e708034e4697174704e2fc7df52a978f1ca50010890bfed2
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 19:50:43 GMT
content-encoding
br
last-modified
Thu, 21 Nov 2019 19:12:49 GMT
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
63505
x-xss-protection
0
expires
Thu, 21 Nov 2019 19:50:43 GMT
token.json
www.fireeye.com/libs/granite/csrf/
2 B
139 B
XHR
General
Full URL
https://www.fireeye.com/libs/granite/csrf/token.json
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
date
Thu, 21 Nov 2019 19:50:43 GMT
x-vhost
publish
x-frame-options
ALLOW-FROM https://content.fireeye.com
content-type
application/json;charset=iso-8859-1
status
200
x-iinfo
4-20084349-20084260 PNYN RT(1574365842960 0) q(0 1 1 -1) r(3 3) U12
cache-control
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
vary
User-Agent
x-xss-protection
1; mode=block
expires
-1
me
js.maxmind.com/geoip/v2.1/country/
771 B
1 KB
XHR
General
Full URL
https://js.maxmind.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.fireeye.com
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:262f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
11150b84387bc902db3d8b17fed5e2df123d0b7ef0080bf6306f08a0f177a722

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Origin
https://www.fireeye.com

Response headers

date
Thu, 21 Nov 2019 19:50:43 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200
content-type
application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin
*
cf-ray
539531b70e818ca4-VIE
content-length
771
insight.min.js
sjs.bizographics.com/
3 KB
2 KB
Script
General
Full URL
https://sjs.bizographics.com/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVGC8KK
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:38f::3adf , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date
Thu, 21 Nov 2019 19:50:43 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=36328
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
bat.js
bat.bing.com/
23 KB
7 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVGC8KK
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 19:50:43 GMT
content-encoding
gzip
last-modified
Tue, 10 Sep 2019 18:57:28 GMT
x-msedge-ref
Ref A: 51A10EBB87F242CDBF33ACB97705748F Ref B: VIEEDGE0411 Ref C: 2019-11-21T19:50:43Z
access-control-allow-origin
*
etag
"09c5197968d51:0"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
7148
analytics.js
www.google-analytics.com/
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVGC8KK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
4626
date
Thu, 21 Nov 2019 18:33:37 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Thu, 21 Nov 2019 20:33:37 GMT
uwt.js
static.ads-twitter.com/
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVGC8KK
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 19:50:43 GMT
content-encoding
gzip
age
41823
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1954
x-served-by
cache-fra19139-FRA
last-modified
Tue, 23 Jan 2018 20:09:00 GMT
x-timer
S1574365843.077002,VS0,VE0
etag
"b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
conversion_async.js
www.googleadservices.com/pagead/
25 KB
10 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVGC8KK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.205.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f2.1e100.net
Software
cafe /
Resource Hash
69e3a796f4b120879065a812b95b56fd4d28f88faf8c1976ad9b0fa2f31dc0eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 19:50:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
9614
x-xss-protection
0
server
cafe
etag
5296095546589048175
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 21 Nov 2019 19:50:43 GMT
js
www.googletagmanager.com/gtag/
73 KB
27 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-8443343
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVGC8KK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6db12becfa6902d1dd4416c43b4f3c8531e72e02858a7bb7212c1575a7bb170a
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 19:50:43 GMT
content-encoding
br
last-modified
Thu, 21 Nov 2019 19:12:49 GMT
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
27662
x-xss-protection
0
expires
Thu, 21 Nov 2019 19:50:43 GMT
marketoCookieServlet.js
www.fireeye.com/bin/
161 B
297 B
Script
General
Full URL
https://www.fireeye.com/bin/marketoCookieServlet.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVGC8KK
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
ba9ecb16b29bdaa655630fc9a6b46de9f20b18207de7a1fef5b133f9acddefad
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
x-vhost
publish
status
200
x-iinfo
4-20084360-20084266 PNNN RT(1574365843011 0) q(0 3 3 -1) r(5 5) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
118
x-xss-protection
1; mode=block
last-modified
Thu, 21 Nov 2019 19:50:03 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:43 GMT
vary
Accept-Encoding,User-Agent
content-type
application/javascript
etag
"a1-597e09a753a95-gzip"
accept-ranges
bytes
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVGC8KK
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-31-84-223.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f97341de4415531cb15d7472b1a00e875c1ad9b5541fd7e9f8ef5905f2a02092

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date
Thu, 21 Nov 2019 19:50:43 GMT
Content-Encoding
gzip
Last-Modified
Fri, 25 Oct 2019 16:30:39 GMT
Server
Apache
ETag
"521a36d038605fd35c0785cc62e39b0e:1572021039"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
766
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=192637828&t=pageview&_s=1&dl=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-ma...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-363943-1&cid=41494941.1574365843&jid=1920943203&_gid=1260548881.1574365843&gjid=772657326&_v=j79&z=346132419
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-363943-1&cid=41494941.1574365843&jid=1920943203&_v=j79&z=346132419
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-363943-1&cid=41494941.1574365843&jid=1920943203&_v=j79&z=346132419&slf_rd=1&random=679823072
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-363943-1&cid=41494941.1574365843&jid=1920943203&_v=j79&z=346132419&slf_rd=1&random=679823072
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Nov 2019 19:50:43 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 21 Nov 2019 19:50:43 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-363943-1&cid=41494941.1574365843&jid=1920943203&_v=j79&z=346132419&slf_rd=1&random=679823072
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activityi;dc_pre=COGfzeaJ_OUCFQuVdwodHmgLjA;src=8443343;type=sitew0;cat=firee0;ord=2042361587576;gtm=2odav9;auiddc=40782940.1574365843;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F20...
8443343.fls.doubleclick.net/ Frame A54B
Redirect Chain
  • https://8443343.fls.doubleclick.net/activityi;src=8443343;type=sitew0;cat=firee0;ord=2042361587576;gtm=2odav9;auiddc=40782940.1574365843;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F...
  • https://8443343.fls.doubleclick.net/activityi;dc_pre=COGfzeaJ_OUCFQuVdwodHmgLjA;src=8443343;type=sitew0;cat=firee0;ord=2042361587576;gtm=2odav9;auiddc=40782940.1574365843;u1=https%3A%2F%2Fwww.firee...
0
0
Document
General
Full URL
https://8443343.fls.doubleclick.net/activityi;dc_pre=COGfzeaJ_OUCFQuVdwodHmgLjA;src=8443343;type=sitew0;cat=firee0;ord=2042361587576;gtm=2odav9;auiddc=40782940.1574365843;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-8443343
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.230 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s13-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
8443343.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=COGfzeaJ_OUCFQuVdwodHmgLjA;src=8443343;type=sitew0;cat=firee0;ord=2042361587576;gtm=2odav9;auiddc=40782940.1574365843;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Thu, 21 Nov 2019 19:50:43 GMT
expires
Thu, 21 Nov 2019 19:50:43 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
401
x-xss-protection
0
set-cookie
IDE=AHWqTUk-yJjxuACpDGjtFK9JgGSCV9I6_vu_ll6E5CSCPIT-G6kD0P63zU3DEfBE; expires=Tue, 15-Dec-2020 19:50:43 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

Redirect headers

status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Thu, 21 Nov 2019 19:50:43 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://8443343.fls.doubleclick.net/activityi;dc_pre=COGfzeaJ_OUCFQuVdwodHmgLjA;src=8443343;type=sitew0;cat=firee0;ord=2042361587576;gtm=2odav9;auiddc=40782940.1574365843;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Thu, 21-Nov-2019 20:05:43 GMT; path=/; domain=.doubleclick.net
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
fbevents.js
connect.facebook.net/en_US/
121 KB
26 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
f20f83cb7683a1a3138cd52201d83436e33a5e67ef0b9c96bbdab860b5f7da16
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-23=":443"; ma=3600
content-length
26765
x-xss-protection
0
pragma
public
x-fb-debug
57DFB/jeB7w3o+lb9IMQ10tgCr9otULWYI8zRH9VkCkb5j6HR6ZYTPTWZFRv6xzxcBsE5S+a8TStxSYikaONgQ==
x-fb-trip-id
420120009
date
Thu, 21 Nov 2019 19:50:43 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D6572%26url%3Dhttps%253A%252F%252Fwww.fireeye.com%252Fblog%252Fthreat-research%252...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&...
0
88 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&time=1574365843090&liSync=true
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 19:50:43 GMT
content-encoding
gzip
server
Play
vary
Accept-Encoding
x-li-fabric
prod-ltx1
status
200
x-li-proto
http/2
x-li-pop
prod-efr5
content-type
application/javascript
content-length
20
x-li-uuid
BnLwrmRF2RUQfeITnisAAA==

Redirect headers

date
Thu, 21 Nov 2019 19:50:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
302
x-li-pop
prod-efr5
content-length
20
x-li-uuid
fL3ypGRF2RVQA9bx/ioAAA==
pragma
no-cache
server
Play
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary
Accept-Encoding
strict-transport-security
max-age=2592000
x-li-fabric
prod-ltx1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&time=1574365843090&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1063990389/
2 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1063990389/?random=1574365843092&cv=9&fst=1574365843092&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgav9&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&tiba=Global%20DNS%20Hijacking%20Campaign%3A%20DNS%20Record%20Manipulation%20at%20Scale%20%7C%20FireEye%20Inc&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
1e581b00bf4439e8a38ad702adf3a6c803a0cb172506ddb1c69d5ce3f613be3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Nov 2019 19:50:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/javascript; charset=UTF-8
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
1030
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adsct
t.co/i/
43 B
448 B
Image
General
Full URL
https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nw2v7&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 19:50:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=0
content-length
65
x-xss-protection
0
x-response-time
117
pragma
no-cache
last-modified
Thu, 21 Nov 2019 19:50:43 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
a38d4aeb7e730b1c5c509cc937a6f21e
x-transaction
00f87601009d1fc0
expires
Tue, 31 Mar 1981 05:00:00 GMT
1847206522249226
connect.facebook.net/signals/config/
349 KB
86 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1847206522249226?v=2.9.13&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
945036b782243da4f2d54da1e525b9c3e5fcd7b2ac94b91e1bb4601a5fde060b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-23=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
IoQouLYxBvzUDHznCZzrglvDCnD9lffOJdgENLctXOUyUDIMbu/tiUeOxhpMiNVp2GMLTOgp9oYfQq9C5eRClg==
x-fb-trip-id
420120009
date
Thu, 21 Nov 2019 19:50:43 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
0
bat.bing.com/action/
0
148 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=5870833&Ver=2&mid=a0cb2ddd-765a-7e0a-1445-ce6a327bf914&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Global%20DNS%20Hijacking%20Campaign%3A%20DNS%20Record%20Manipulation%20at%20Scale%20%7C%20FireEye%20Inc&p=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&r=&evt=pageLoad&msclkid=N&rn=512309
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Thu, 21 Nov 2019 19:50:43 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: BBC40597DC1C4112B155E6759E7FE255 Ref B: VIEEDGE0411 Ref C: 2019-11-21T19:50:43Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/1063990389/
42 B
303 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/1063990389/?random=1574365843092&cv=9&fst=1574362800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgav9&sendb=1&frm=0&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&tiba=Global%20DNS%20Hijacking%20Campaign%3A%20DNS%20Record%20Manipulation%20at%20Scale%20%7C%20FireEye%20Inc&async=1&fmt=3&is_vtc=1&random=2596205910&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Nov 2019 19:50:43 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1063990389/
42 B
525 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/1063990389/?random=1574365843092&cv=9&fst=1574362800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgav9&sendb=1&frm=0&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&tiba=Global%20DNS%20Hijacking%20Campaign%3A%20DNS%20Record%20Manipulation%20at%20Scale%20%7C%20FireEye%20Inc&async=1&fmt=3&is_vtc=1&random=2596205910&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 21 Nov 2019 19:50:43 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/
44 B
260 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1847206522249226&ev=PageView&dl=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&rl=&if=false&ts=1574365843276&sw=1600&sh=1200&v=2.9.13&r=stable&ec=0&o=30&fbp=fb.1.1574365843276.1830132480&it=1574365843104&coo=false&rqm=GET
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 19:50:43 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-23=":443"; ma=3600
content-length
44
expires
Thu, 21 Nov 2019 19:50:43 GMT
truncated
/
13 KB
13 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
752c7139c09399f8cddbab1d71aeb083524c9b8c03bd2e4b90a966f5a2bdc763

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Content-Type
application/x-font-woff2
fireicons.woff
www.fireeye.com/content/dam/fireeye-www/fw/f/
72 KB
37 KB
Font
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/fw/f/fireicons.woff?mva1rk
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
1de5a2b057fc1fd85e8b3ccffa91101c8304a88b32fccb33e19d7657a1460dae
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer
https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw-2019.min.css
Origin
https://www.fireeye.com

Response headers

x-dispatcher
dispatcher1uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
publish
status
200
x-iinfo
4-20084424-20084429 NNNY CT(0 0 0) RT(1574365843403 0) q(0 0 0 0) r(2 3) U12
strict-transport-security
max-age=31536000; includeSubDomains
content-length
36804
x-xss-protection
1; mode=block
last-modified
Tue, 24 Sep 2019 21:47:18 GMT
x-frame-options
ALLOW-FROM https://content.fireeye.com
date
Thu, 21 Nov 2019 19:50:43 GMT
vary
Accept-Encoding,User-Agent
content-type
application/x-font-woff
cache-control
no-cache="set-cookie"
truncated
/
4 KB
4 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
41c3f798bdde59c64755a4c33767a0e71b52dd39c21f4ab89fd12634582f3bed

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Content-Type
application/x-font-woff2
truncated
/
13 KB
13 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0d1e4ec6235dcfe83b8acd4b53c23c0219f907814d53e3f7802bee9a6a30d6d7

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Content-Type
application/x-font-woff2
truncated
/
13 KB
13 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
47ab2c68d4d2a483c9acca1adfa39a747e60d90ebc2d4a20e286f4395f5b155d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Content-Type
application/x-font-woff2
truncated
/
13 KB
13 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9c4592519a4cfc8940c9f97d6e2474547e5727f21672bc4f6207f96bb9d43211

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Content-Type
application/x-font-woff2
truncated
/
14 KB
14 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
08d28b17f25567ddd8c194c6e0fda5f91fb0348eca5da3d3e4e430913b299bcd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Content-Type
application/x-font-woff2
truncated
/
4 KB
4 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af3448cd96702455db358ac221e082df9ffb5f43bb3c69df18b9ae2fe4a552b5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Content-Type
application/x-font-woff2
truncated
/
4 KB
4 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3def2fdee0e6288ea076c7c2d0db897efec9762062cfb7a52b0d4087eeb212eb

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Content-Type
application/x-font-woff2
truncated
/
4 KB
4 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bcf5ca1256b444bb0c6f30c83a6b56833fea661c7ebaa04e66b245cf8e3c2aef

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Content-Type
application/x-font-woff2
truncated
/
5 KB
5 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6bd4ef669f2dc4574947479804de0667ceee407931d7088b8021ee925b1fc693

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Content-Type
application/x-font-woff2
getForm
www2.fireeye.com/index.php/form/
0
0
Script
General
Full URL
https://www2.fireeye.com/index.php/form/getForm?munchkinId=848-DID-242&form=3353&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&callback=jQuery1124001506106645204408_1574365843536&_=1574365843537
Requested by
Host: www2.fireeye.com
URL: https://www2.fireeye.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

moatframe.js
z.moatads.com/addthismoatframe568911941483/
2 KB
1 KB
Script
General
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
72.247.226.64 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a72-247-226-64.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date
Thu, 21 Nov 2019 19:50:43 GMT
Content-Encoding
gzip
Last-Modified
Fri, 08 Nov 2019 20:13:52 GMT
Server
AmazonS3
x-amz-request-id
C0B7E130097BC605
ETag
"f14b4e1f799b14f798a195f43cf58376"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=37503
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
948
x-amz-id-2
WMRpIO186SrpMgXAdDxxqtwuB/nVpPpDrif5aSQ8+ORAAGwczaqMUoDLYLjYQOU+EHP09vSgz8E=
me
js.maxmind.com/geoip/v2.1/country/
771 B
824 B
XHR
General
Full URL
https://js.maxmind.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.fireeye.com
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:262f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
72b7e2be4c5282c17df0279e7ce88d134f93621a1f6d7dd6a697457b98818fd6

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Origin
https://www.fireeye.com

Response headers

date
Thu, 21 Nov 2019 19:50:43 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200
content-type
application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin
*
cf-ray
539531bac8dd8ca4-VIE
content-length
771
segmentation.segment.js
www.fireeye.com/etc/
0
533 B
XHR
General
Full URL
https://www.fireeye.com/etc/segmentation.segment.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
x-content-type-options
nosniff, nosniff
etag
"d41d8cd98f00b204e9800998ecf8427e"
x-vhost
publish
x-frame-options
ALLOW-FROM https://content.fireeye.com
content-type
application/x-javascript
status
200
x-iinfo
4-20084451-20084266 PNNN RT(1574365843595 0) q(0 0 0 0) r(2 2) U12
cache-control
no-cache="set-cookie"
date
Thu, 21 Nov 2019 19:50:43 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
User-Agent
content-length
0
x-xss-protection
1; mode=block
stores.init.js
www.fireeye.com/etc/clientcontext/default/content/jcr:content/
2 KB
1 KB
XHR
General
Full URL
https://www.fireeye.com/etc/clientcontext/default/content/jcr:content/stores.init.js?path=%2Fcontent%2Ffireeye-www%2Fen_US%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale&_=1574365842860
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
2258b7432c2bd14d31415c61b082d2022233b52962226753f7e09198567d63c2
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher1uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
date
Thu, 21 Nov 2019 19:50:43 GMT
x-vhost
publish
x-frame-options
ALLOW-FROM https://content.fireeye.com
content-type
text/javascript;charset=iso-8859-1
status
200
x-iinfo
4-20084452-20084453 NNNY CT(0 0 0) RT(1574365843598 0) q(0 1 1 0) r(2 2) U12
cache-control
no-cache="set-cookie"
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding,User-Agent
content-length
689
x-xss-protection
1; mode=block
read-blogentries
www.fireeye.com/bin/www-blogs/
91 KB
16 KB
XHR
General
Full URL
https://www.fireeye.com/bin/www-blogs/read-blogentries?categoryPath=%2Fcontent%2Ffireeye-www%2Fen_US%2Fblog%2Fthreat-research
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
e13a0f8ba6f338dba39d1c539b2383ee94c36aaae531887658182925092311ac
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
date
Thu, 21 Nov 2019 19:50:43 GMT
x-vhost
publish
x-frame-options
ALLOW-FROM https://content.fireeye.com
status
200
x-iinfo
4-20084454-20084429 PNNy RT(1574365843602 0) q(0 1 1 1) r(5 5) U12
cache-control
no-cache="set-cookie"
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding,User-Agent
content-length
16109
x-xss-protection
1; mode=block
adsct
analytics.twitter.com/i/
31 B
635 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nw2v7&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 19:50:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
57
x-xss-protection
0
x-response-time
120
pragma
no-cache
last-modified
Thu, 21 Nov 2019 19:50:44 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
289963147c5383e72d63dff0fa7b414c
x-transaction
00f884fd004e76e0
expires
Tue, 31 Mar 1981 05:00:00 GMT
MultiNoun.jsonp
d.la2c2.salesforceliveagent.com/chat/rest/System/
226 B
592 B
Script
General
Full URL
https://d.la2c2.salesforceliveagent.com/chat/rest/System/MultiNoun.jsonp?nouns=VisitorId,Settings&VisitorId.prefix=Visitor&Settings.prefix=Visitor&Settings.buttonIds=[573a00000008kP3]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=572a0000000H8aJ&org_id=00D3000000063LS&version=34
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.108.250.135 , United States, ASN14340 (SALESFORCE - Salesforce.com, Inc., US),
Reverse DNS
dcl6-ord.la1-c2-ord.salesforceliveagent.com
Software
/
Resource Hash
6460150f0f27c080d001a35f41f7530d158070fb8991c7736265c5d7bdcc27d2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma
no-cache
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
close
Expires
-1
_ate.track.config_resp
v1.addthisedge.com/live/boost/fewebadmin/
3 KB
1016 B
Script
General
Full URL
https://v1.addthisedge.com/live/boost/fewebadmin/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.8.v20180619) /
Resource Hash
4e040b6884ad0623aece79feb28b75ee490c568a930c6bbfd83255d058d54611

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

date
Thu, 21 Nov 2019 19:50:44 GMT
content-encoding
gzip
surrogate-key
fewebadmin
server
Jetty(9.4.8.v20180619)
etag
2015823830--gzip
vary
Accept-Encoding
cache-tag
fewebadmin
status
200
cache-control
public, max-age=58, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-type
application/javascript;charset=utf-8
content-length
782
_Incapsula_Resource
www.fireeye.com/
1 B
72 B
Image
General
Full URL
https://www.fireeye.com/_Incapsula_Resource?SWKMTFSR=1&e=0.11175889959405394
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

status
200
strict-transport-security
max-age=31536000
cache-control
no-cache
x-robots-tag
noindex
content-length
1
content-type
text/plain
loader.json
www.fireeye.com/etc/clientcontext/default/contextstores/twitterprofiledata/
91 B
232 B
XHR
General
Full URL
https://www.fireeye.com/etc/clientcontext/default/contextstores/twitterprofiledata/loader.json?authorizableId=anonymous
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
8d857cc8dac6ee38e2715f3c6497b2841c63b742c84eec546b7830e549082aac
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
date
Thu, 21 Nov 2019 19:50:44 GMT
x-vhost
publish
x-frame-options
ALLOW-FROM https://content.fireeye.com
content-type
application/json;charset=utf-8
status
200
x-iinfo
4-20084574-20084429 PNNy RT(1574365844218 0) q(0 0 0 -1) r(1 1) U12
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding,User-Agent
content-length
96
x-xss-protection
1; mode=block
loader.json
www.fireeye.com/etc/clientcontext/default/contextstores/fbprofiledata/
90 B
186 B
XHR
General
Full URL
https://www.fireeye.com/etc/clientcontext/default/contextstores/fbprofiledata/loader.json?authorizableId=anonymous
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
27566ff7b6b2d9741e6e57f7b326ae745e9d961b4a50f0dcc08a0023a265d442
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
date
Thu, 21 Nov 2019 19:50:44 GMT
x-vhost
publish
x-frame-options
ALLOW-FROM https://content.fireeye.com
content-type
application/json;charset=utf-8
status
200
x-iinfo
4-20084608-20084429 PNNy RT(1574365844392 0) q(0 0 0 -1) r(2 2) U12
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding,User-Agent
content-length
96
x-xss-protection
1; mode=block
loader.json
www.fireeye.com/etc/clientcontext/default/contextstores/fbinterestsdata/
5 B
120 B
XHR
General
Full URL
https://www.fireeye.com/etc/clientcontext/default/contextstores/fbinterestsdata/loader.json?authorizableId=anonymous
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
7b86d506062bf09d8db4e081fbf442b773929e5c13a70f415243e12185f37767
Security Headers
Name Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

x-dispatcher
dispatcher2uswest1
content-security-policy
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
content-encoding
gzip
x-content-type-options
nosniff, nosniff
date
Thu, 21 Nov 2019 19:50:44 GMT
x-vhost
publish
x-frame-options
ALLOW-FROM https://content.fireeye.com
content-type
application/json;charset=utf-8
status
200
x-iinfo
4-20084635-20084429 PNYy RT(1574365844561 0) q(0 0 0 -1) r(2 2) U12
strict-transport-security
max-age=31536000; includeSubDomains
vary
User-Agent
x-xss-protection
1; mode=block
conversion.js
s.yimg.jp/images/listing/tool/cv/
4 KB
2 KB
Script
General
Full URL
https://s.yimg.jp/images/listing/tool/cv/conversion.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVGC8KK
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
182.22.24.252 Tokyo, Japan, ASN23816 (YAHOO Yahoo Japan Corporation, JP),
Reverse DNS
Software
ATS /
Resource Hash
e55596fc1c3349cbbc926529c29c27e1de7b98b47a31cc7bb4789970e571065f

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

ats-carp-promotion
1
date
Thu, 21 Nov 2019 19:48:15 GMT
content-encoding
gzip
last-modified
Thu, 29 Aug 2019 10:27:08 GMT
server
ATS
age
150
vary
Accept-Encoding
p3p
policyref="http://privacy.yahoo.co.jp/w3c/p3p_jp.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
status
200
cache-control
public, max-age=600
accept-ranges
bytes
content-type
application/javascript
content-length
1421
via
http/1.1 edge1367.img.bbt.yahoo.co.jp (ApacheTrafficServer [cRs f ]), http/1.1 edge1362.img.bbt.yahoo.co.jp (ApacheTrafficServer [cRs f ])
expires
Thu, 21 Nov 2019 19:58:15 GMT
/
www.facebook.com/tr/
0
106 B
Other
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Origin
https://www.fireeye.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundary9v99sshWNnFJ8ta1

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
access-control-allow-origin
https://www.fireeye.com
date
Thu, 21 Nov 2019 19:50:44 GMT
content-type
text/plain
status
200
access-control-allow-credentials
true
alt-svc
h3-23=":443"; ma=3600
content-length
0
munchkin.js
munchkin.marketo.net/155/
9 KB
4 KB
Script
General
Full URL
https://munchkin.marketo.net/155/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-31-84-223.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Date
Thu, 21 Nov 2019 19:50:44 GMT
Content-Encoding
gzip
Last-Modified
Fri, 30 Nov 2018 03:18:20 GMT
Server
Apache
ETag
"c67dad42946949112916578f78706df8:1543547900"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
3923
Expires
Sat, 29 Feb 2020 19:50:44 GMT
layers.ab5cd98fe1b9a38a4a9f.js
s7.addthis.com/static/
263 KB
76 KB
Script
General
Full URL
https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-164.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 18 Sep 2019 14:16:17 GMT
server
nginx/1.15.8
etag
W/"5d823c31-41b9f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Thu, 21 Nov 2019 19:50:44 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77528
MultiNoun.jsonp
d.la4-c2-dfw.salesforceliveagent.com/chat/rest/System/
497 B
743 B
Script
General
Full URL
https://d.la4-c2-dfw.salesforceliveagent.com/chat/rest/System/MultiNoun.jsonp?nouns=VisitorId,Settings&VisitorId.prefix=Visitor&Settings.prefix=Visitor&Settings.buttonIds=[573a00000008kP3]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=572a0000000H8aJ&org_id=00D3000000063LS&version=34
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
136.147.110.130 , United States, ASN14340 (SALESFORCE - Salesforce.com, Inc., US),
Reverse DNS
dcl6-dfw.la4-c2-dfw.salesforceliveagent.com
Software
/
Resource Hash
691d930dbfbbde09fd00cede9439f639235f300aae2ad29a9d13c8553c7fc8d0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma
no-cache
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
close
Expires
-1
visitWebPage
848-did-242.mktoresp.com/webevents/
2 B
303 B
XHR
General
Full URL
https://848-did-242.mktoresp.com/webevents/visitWebPage?_mchNc=1574365844898&_mchCn=&_mchId=848-DID-242&_mchTk=_mch-fireeye.com-1574365844897-92384&_mchHo=www.fireeye.com&_mchPo=&_mchRu=%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.147.68 , United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software
akka-http/10.1.7 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Origin
https://www.fireeye.com

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 21 Nov 2019 19:50:45 GMT
Content-Encoding
gzip
Server
akka-http/10.1.7
Transfer-Encoding
chunked
X-Request-Id
e39c5466-7367-4771-bed9-20f83f70c7c0
Content-Type
text/plain; charset=UTF-8
/
b91.yahoo.co.jp/pagead/conversion/1000244663/
42 B
909 B
Image
General
Full URL
https://b91.yahoo.co.jp/pagead/conversion/1000244663/?random=1574365845842&cv=9&fst=1574365845842&num=1&fmt=3&value=0&label=ppcGCKvb3mcQ_c2swgM&guid=ON&disvt=true&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&tiba=Global%20DNS%20Hijacking%20Campaign%3A%20DNS%20Record%20Manipulation%20at%20Scale%20%7C%20FireEye%20Inc&hn=www.googleadservices.com&async=1
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
183.79.255.12 , Japan, ASN24572 (YAHOO-JP-AS-AP Yahoo Japan, JP),
Reverse DNS
Software
ATS /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 21 Nov 2019 19:50:46 GMT
Via
http/1.1 mscedge2001.img.djm.yahoo.co.jp (ApacheTrafficServer [c sSf ])
X-Content-Type-Options
nosniff
Content-Type
image/gif
Server
ATS
Age
0
P3P
policyref="http://privacy.yahoo.co.jp/w3c/p3p_jp.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Cache-Control
no-cache, must-revalidate, private
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
42
X-XSS-Protection
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
ytc.js
s.yimg.com/wi/
19 KB
6 KB
Script
General
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),
Reverse DNS
Software
ATS /
Resource Hash
7edb2213c1f4f569617389783ba544f9997d11a1fc5e54406582b25967bfde66
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36

Response headers

ats-carp-promotion
1
date
Thu, 21 Nov 2019 19:09:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2462
x-amz-server-side-encryption
AES256
status
200
strict-transport-security
max-age=15552000
content-length
5150
x-amz-id-2
0fQGKvktAXjdRSonBU/9SKFPqApgkWuPrNF6AHRMjbw6bU5A2qD390ANQNeS/M5e0xkcOxNSXto=
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Thu, 12 Nov 2020 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Tue, 08 Oct 2019 10:16:59 GMT
server
ATS
etag
"254a43f994019deb4ca1830f04bd5d32-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Accept-Encoding
x-amz-request-id
1F226ADA3184625E
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
x-amz-version-id
x4Y4HVRbF4l0Lw4GKvYmVr0DuE8bwWr0
accept-ranges
bytes
content-type
application/javascript
json
fireeye.tt.omtrdc.net/m2/fireeye/mbox/
96 B
355 B
XHR
General
Full URL
https://fireeye.tt.omtrdc.net/m2/fireeye/mbox/json?mbox=target-global-mbox&mboxSession=b7fa5e4e96ab472d9710104149a09629&mboxPC=&mboxPage=7858bd8702ff447abbeade5d8a57012b&mboxRid=ab1e203445ad43089057049e88102065&mboxVersion=1.7.1&mboxCount=1&mboxTime=1574369445866&mboxHost=www.fireeye.com&mboxURL=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2019%2F01%2Fglobal-dns-hijacking-campaign-dns-record-manipulation-at-scale.html&mboxReferrer=&browserHeight=1200&browserWidth=1585&browserTimeOffset=60&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.117.29.6 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
/
Resource Hash
47e18577edcad879b25edb39ae1488789173f053b7e14f31c440da587800804b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Origin
https://www.fireeye.com

Response headers

pragma
no-cache
date
Thu, 21 Nov 2019 19:50:45 GMT
status
200
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.fireeye.com
cache-control
no-cache
access-control-allow-credentials
true
timing-allow-origin
*
content-length
96
x-request-id
ab1e203445ad43089057049e88102065
435600.json
s.yimg.com/wi/config/
2 B
482 B
XHR
General
Full URL
https://s.yimg.com/wi/config/435600.json
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.min.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),
Reverse DNS
Software
ATS /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Referer
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Origin
https://www.fireeye.com

Response headers

date
Thu, 21 Nov 2019 19:50:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3
status
200
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id
FBD6982DCABFC974
x-amz-id-2
lVkmvj7G+B8M1Uuu3qMExgpWuBM4uJ88GOPlFCS12Ryb5QF4C3wROW0l+BVg/TPnfeSecWEk768=
referrer-policy
no-referrer-when-downgrade
server
ATS
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public,max-age=3600

Verdicts & Comments Add Verdict or Comment

187 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate undefined| companyDetails6Sense undefined| jsonVal undefined| companyRevenueRange undefined| companyCountry undefined| companyIndustry undefined| companyName undefined| companyRegion undefined| companyDomain object| dataLayer function| $ function| jQuery object| matched object| browser object| Granite object| fdc object| geoip2 undefined| cookiesOK function| onAccept function| onDecline function| ipLocation string| userAgent boolean| gomezAgent boolean| prtgAgent object| _satellite object| google_tag_manager function| postscribe string| _bizo_data_partner_id undefined| _bizo_data_partner_title undefined| _bizo_data_partner_domain undefined| _bizo_data_partner_company undefined| _bizo_data_partner_location undefined| _bizo_data_partner_employee_range undefined| _bizo_data_partner_sics undefined| _bizo_data_partner_email object| uetq string| GoogleAnalyticsObject function| ga function| twq object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| gtag function| fbq function| _fbq function| lintrk boolean| _already_called_lintrk function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| twttr function| UET object| addthis_config object| addthis_share undefined| _6SenseJsonObj undefined| _6SenseTime undefined| isJsonStale undefined| jsonObj function| targetPageParams object| _g function| $CQ object| CQ undefined| G_XHR_HOOK undefined| G_RELOAD_HOOK undefined| G_IS_HOOKED undefined| G_CONTENT_PATH function| _ function| generateURLSignature function| initializeTeaserLoader function| initializeLandingPageLoader object| CQ_Analytics object| CQ_Context boolean| CQ_trackTeasersStats boolean| CQ_trackLandingPagesStats object| ClientContext object| ContextCloud object| _laq boolean| liveAgentDeployment object| liveagent object| MktoForms2 object| digitalData function| jQuery1124001506106645204408_1574365843536 object| feedcontainerSr undefined| feedurlSr undefined| levelsFeedSr undefined| typeofEmp undefined| jobDescriptinUrlSr object| content object| jobFunctionsArray function| displayFeedSR function| filterResultsSR function| getPostings function| populateDropDowns function| replaceQueryParam function| addMissingUTMsFromCookies number| slideTotal number| currentSlide string| target function| getCurrentSlide function| showHideControls string| activeLbox function| calculateTopMargin function| closec08 function| updatec08 function| fixCta function| showNav function| showNavSub function| showNavMore function| initNav number| totalSlides function| changeSlide function| initCarousel function| msieversion undefined| intervalId function| showSuggestions undefined| content_category_1 undefined| content_category_2 undefined| content_category_3 undefined| flag function| marketoFormViewGtmEvent function| marketoFormSubmitGTMEvent undefined| startTimer undefined| getParameterByName undefined| validateMarketoform undefined| marketoFormViewTealiumEvent undefined| marketoFormSubmitTealiumEvent undefined| bannerEvent undefined| getContentCategory undefined| fireproofFormSubmitTealiumEvent function| readCookie object| jQuery112402924443136515702 object| html5 object| Modernizr function| yepnope object| respond function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| campaigns object| queryString object| object number| qIndex function| onYouTubeIframeAPIReady object| yahoo_conversion_id object| yahoo_conversion_label object| yahoo_conversion_value boolean| __@@##MUH function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| MunchkinTracker object| _atw string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks number| len object| yahoo_conversion_language object| yahoo_conversion_color object| yahoo_ss_retargeting_id object| yahoo_ss_retargeting object| yahoo_sstag_custom_params object| dotq object| adobe object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate object| YAHOO undefined| I13N_Conf undefined| YWA_Global_Conf

0 Cookies

10 Console Messages

Source Level URL
Text
console-api log URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html(Line 1113)
Message:
currentPagePath :: /blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale
console-api log URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html(Line 1119)
Message:
[object Object]
console-api log URL: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html(Line 1120)
Message:
[object Object]
console-api log URL: https://www.fireeye.com/etc.clientlibs/cq/personalization/clientlib/personalization/kernel.min.js(Line 2782)
Message:
authorizableId is anonymous
console-api log URL: https://www.fireeye.com/etc.clientlibs/cq/personalization/clientlib/personalization/kernel.min.js(Line 2786)
Message:
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
console-api log URL: https://www.fireeye.com/etc.clientlibs/cq/personalization/clientlib/personalization/kernel.min.js(Line 2799)
Message:
object is null
console-api log URL: https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw.min.js(Line 352)
Message:
cookie value
console-api log URL: https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw.min.js(Line 352)
Message:
cookie value
console-api log URL: https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw.min.js(Line 352)
Message:
cookie value
console-api log URL: https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw.min.js(Line 352)
Message:
cookie value

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options ALLOW-FROM https://content.fireeye.com
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8443343.fls.doubleclick.net
848-did-242.mktoresp.com
analytics.twitter.com
b91.yahoo.co.jp
bat.bing.com
c.la2c2.salesforceliveagent.com
cloud.typography.com
connect.facebook.net
d.la2c2.salesforceliveagent.com
d.la4-c2-dfw.salesforceliveagent.com
fireeye.tt.omtrdc.net
googleads.g.doubleclick.net
js.maxmind.com
munchkin.marketo.net
px.ads.linkedin.com
s.yimg.com
s.yimg.jp
s7.addthis.com
sjs.bizographics.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
v1.addthisedge.com
www.facebook.com
www.fireeye.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www2.fireeye.com
z.moatads.com
104.17.71.206
104.244.42.197
104.244.42.67
13.108.250.135
136.147.110.130
151.101.12.157
172.217.21.230
182.22.24.252
183.79.255.12
184.31.84.223
192.28.147.68
2.21.36.164
216.58.205.226
23.38.51.49
2606:4700::6810:262f
2620:1ec:c11::200
2a00:1288:f03d:1fa::4000
2a00:1450:4001:800::2003
2a00:1450:4001:808::2002
2a00:1450:4001:808::200e
2a00:1450:4001:818::2004
2a00:1450:4001:821::2008
2a00:1450:400c:c08::9d
2a02:26f0:10c:38f::3adf
2a02:e980:d::ba
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:10:101::b93f:9101
2a05:f500:10:101::b93f:9105
66.117.29.6
72.247.226.64
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
08d28b17f25567ddd8c194c6e0fda5f91fb0348eca5da3d3e4e430913b299bcd
0d1e4ec6235dcfe83b8acd4b53c23c0219f907814d53e3f7802bee9a6a30d6d7
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11150b84387bc902db3d8b17fed5e2df123d0b7ef0080bf6306f08a0f177a722
1658ce76f85d7484329e8b1af212597c2e68c19955bba460567514f0a3bd8d92
1de5a2b057fc1fd85e8b3ccffa91101c8304a88b32fccb33e19d7657a1460dae
1e581b00bf4439e8a38ad702adf3a6c803a0cb172506ddb1c69d5ce3f613be3d
201509acaf1a9afdbeb88068bb7a0d7114bc6254e1ef032789290f1335eb54b0
2258b7432c2bd14d31415c61b082d2022233b52962226753f7e09198567d63c2
27566ff7b6b2d9741e6e57f7b326ae745e9d961b4a50f0dcc08a0023a265d442
29a772b101ceb386b9b1a3094e0830647b009b0b2bb8af50e49abb2bc2d4ecbe
2f454290d840efc756bf1009cfa026cbb69b657d41f8962e63427f001374c495
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82
355604a949ef95ceffcd21a7e9b5ed27c95d847f95127e0ddad5aa1793f1bb74
3aadac47cf44df595934bec631a78bf2ba62081ab95528e684a85b4c74453e77
3def2fdee0e6288ea076c7c2d0db897efec9762062cfb7a52b0d4087eeb212eb
3fe02a83af9c94eae28f17c8b05f3c55472b2d3312190ea1ec4ada15695be3da
4086c8cd4c3361452c1c1da9af3034fc90f4a375c4f6195f31d6dcf1c7b56f00
41c3f798bdde59c64755a4c33767a0e71b52dd39c21f4ab89fd12634582f3bed
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47ab2c68d4d2a483c9acca1adfa39a747e60d90ebc2d4a20e286f4395f5b155d
47e18577edcad879b25edb39ae1488789173f053b7e14f31c440da587800804b
4e040b6884ad0623aece79feb28b75ee490c568a930c6bbfd83255d058d54611
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
6460150f0f27c080d001a35f41f7530d158070fb8991c7736265c5d7bdcc27d2
67a99837e80451fd25c1abdf9c96a984bf2aff964034155311361e47213f748b
691d930dbfbbde09fd00cede9439f639235f300aae2ad29a9d13c8553c7fc8d0
69e3a796f4b120879065a812b95b56fd4d28f88faf8c1976ad9b0fa2f31dc0eb
6bd4ef669f2dc4574947479804de0667ceee407931d7088b8021ee925b1fc693
6db12becfa6902d1dd4416c43b4f3c8531e72e02858a7bb7212c1575a7bb170a
72b7e2be4c5282c17df0279e7ce88d134f93621a1f6d7dd6a697457b98818fd6
752c7139c09399f8cddbab1d71aeb083524c9b8c03bd2e4b90a966f5a2bdc763
757eb886edd9a887fc95b701c88b08191eb743657027636c0c9d4973547ebb4a
75c11878d22ea571e708034e4697174704e2fc7df52a978f1ca50010890bfed2
799cb15a25ed2fa78bdba496d1afbc68f033a3a5dd9ead12f4eaac4e0a93236d
79b2448738716f0daf11d4a206e105e3b79e9d082f9c9bf4ad2bd55e591a1a3c
7b86d506062bf09d8db4e081fbf442b773929e5c13a70f415243e12185f37767
7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4
7edb2213c1f4f569617389783ba544f9997d11a1fc5e54406582b25967bfde66
882a6bfa980c6b58c3f97037333ced9a0a3f04aa9c6f7c4a758956c31f7d1847
8d06e8130b42a1dcd41ce87971ca2d06a362b83108c547dde3a01b0df0883c08
8d857cc8dac6ee38e2715f3c6497b2841c63b742c84eec546b7830e549082aac
945036b782243da4f2d54da1e525b9c3e5fcd7b2ac94b91e1bb4601a5fde060b
9c4592519a4cfc8940c9f97d6e2474547e5727f21672bc4f6207f96bb9d43211
a8851f1c1b036df6f733bd7081b9452ad33c1a1c65b2bc4b4cdd0263091f85f9
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
af3448cd96702455db358ac221e082df9ffb5f43bb3c69df18b9ae2fe4a552b5
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721
b397476bcbcf8c9eae3f82007cc4f9495661b367e02e6d3dea6e15f0610ef20a
ba9ecb16b29bdaa655630fc9a6b46de9f20b18207de7a1fef5b133f9acddefad
bcf5ca1256b444bb0c6f30c83a6b56833fea661c7ebaa04e66b245cf8e3c2aef
c084b47104c493fb377b6d35d8c08df67d773f6dcf8294c0a7360710cd8cacbd
c986afd07a4082d65befeef18869a4cd5e00f3ac6e8228d49658802c7453a1b8
d74ff0f27ccbbb1f41ea8034ef9fda0c094bb2e9312959f4e04aa4a9d2f8c765
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e13a0f8ba6f338dba39d1c539b2383ee94c36aaae531887658182925092311ac
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e55596fc1c3349cbbc926529c29c27e1de7b98b47a31cc7bb4789970e571065f
e8fcb00caf13d2c7e926589bf2b83edab6f5c677a7dcddb5e17fbbcd6297e77f
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775
f20f83cb7683a1a3138cd52201d83436e33a5e67ef0b9c96bbdab860b5f7da16
f3e29fe041c9d9bcd80dc114b8e10f15844721778cb4f1f08d25a93dd2a32b86
f97341de4415531cb15d7472b1a00e875c1ad9b5541fd7e9f8ef5905f2a02092
fbcc2c7d4dfbc5d0251c789843b8d7edf25306dfa23188ad267e2786357233c0