www.komando.com Open in urlscan Pro
2606:4700::6812:a460 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Submission: On September 28 via api (September 28th 2020, 8:23:47 pm UTC) from US

Summary HTTP 323 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 77 IPs in 9 countries across 62 domains to perform 323 HTTP transactions. The main IP is 2606:4700::6812:a460, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.komando.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 18th 2020. Valid for: 3 months.

This is the only time www.komando.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	2606:4700::68... 2606:4700::6812:a460	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6812:778	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:eb:... 2a02:26f0:eb::214:bef6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	151.101.65.195 151.101.65.195	54113 (FASTLY) (FASTLY)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
25	178.79.227.9 178.79.227.9	22822 (LLNW) (LLNW)
4	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:81a::2008	15169 (GOOGLE) (GOOGLE)
3	2606:4700:20:... 2606:4700:20::681a:8b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.225.73.46 13.225.73.46	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:81b::2003	15169 (GOOGLE) (GOOGLE)
2	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE)
1 13	2a00:1450:400... 2a00:1450:4001:816::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:832	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6813:9408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	172.217.22.2 172.217.22.2	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::ac43:464d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
3 6	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	216.58.208.38 216.58.208.38	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::ac43:4513	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
6	99.86.240.180 99.86.240.180	16509 (AMAZON-02) (AMAZON-02)
4	3.126.224.165 3.126.224.165	16509 (AMAZON-02) (AMAZON-02)
3	69.173.144.140 69.173.144.140	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
2	104.108.144.24 104.108.144.24	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	104.111.238.139 104.111.238.139	16625 (AKAMAI-AS) (AKAMAI-AS)
19	52.72.80.38 52.72.80.38	14618 (AMAZON-AES) (AMAZON-AES)
4	185.33.220.244 185.33.220.244	29990 (ASN-APPNEX) (ASN-APPNEX)
6	104.16.190.66 104.16.190.66	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:206... 2600:9000:206e:1800:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
15	151.101.13.44 151.101.13.44	54113 (FASTLY) (FASTLY)
1	23.23.105.3 23.23.105.3	14618 (AMAZON-AES) (AMAZON-AES)
1	2.21.37.27 2.21.37.27	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:800::200d	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
2	34.249.58.234 34.249.58.234	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:819::2006	15169 (GOOGLE) (GOOGLE)
1	34.202.140.116 34.202.140.116	14618 (AMAZON-AES) (AMAZON-AES)
2	151.101.113.181 151.101.113.181	54113 (FASTLY) (FASTLY)
1	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1 2	52.95.116.38 52.95.116.38	16509 (AMAZON-02) (AMAZON-02)
2 2	18.196.65.140 18.196.65.140	16509 (AMAZON-02) (AMAZON-02)
2 7	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	40.113.136.100 40.113.136.100	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	185.29.135.234 185.29.135.234	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 2	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
2 2	70.42.32.31 70.42.32.31	13789 (INTERNAP-...) (INTERNAP-BLK3)
1 1	184.30.210.81 184.30.210.81	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	172.217.18.162 172.217.18.162	15169 (GOOGLE) (GOOGLE)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	63.34.98.13 63.34.98.13	16509 (AMAZON-02) (AMAZON-02)
1 2	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	35.162.238.70 35.162.238.70	16509 (AMAZON-02) (AMAZON-02)
1	185.86.138.114 185.86.138.114	201081 (SMARTADSE...) (SMARTADSERVER)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
1	141.226.224.32 141.226.224.32	200478 (TABOOLA-AS) (TABOOLA-AS)
3 3	18.195.193.185 18.195.193.185	16509 (AMAZON-02) (AMAZON-02)
2 2	35.206.141.96 35.206.141.96	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:818::2001	15169 (GOOGLE) (GOOGLE)
5	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE)
4	104.111.215.51 104.111.215.51	16625 (AKAMAI-AS) (AKAMAI-AS)
4 8	3.120.60.93 3.120.60.93	16509 (AMAZON-02) (AMAZON-02)
1	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
4	34.228.106.195 34.228.106.195	14618 (AMAZON-AES) (AMAZON-AES)
1	52.217.67.164 52.217.67.164	16509 (AMAZON-02) (AMAZON-02)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	104.111.215.135 104.111.215.135	16625 (AKAMAI-AS) (AKAMAI-AS)
1	198.148.27.134 198.148.27.134	19189 (PULSEPOINT) (PULSEPOINT)
1	18.196.104.43 18.196.104.43	16509 (AMAZON-02) (AMAZON-02)
1	185.94.180.124 185.94.180.124	35220 (SPOTX-AMS) (SPOTX-AMS)
1	52.212.58.206 52.212.58.206	16509 (AMAZON-02) (AMAZON-02)
323	77

10 2606:4700::6812:a460 (United States)

ASN13335 (CLOUDFLARENET, US)

www.komando.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:778 (United States)

ASN13335 (CLOUDFLARENET, US)

cookie-cdn.cookiepro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:eb::214:bef6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

users.api.jeeng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.195 (United States)

ASN54113 (FASTLY, US)

sdk.jeeng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widget-modal-popup-v2-prod.firebaseapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 178.79.227.9 (Italy)

ASN22822 (LLNW, US)
PTR: https-178-79-227-9.vie.llnw.net

player.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
config.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn5.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::681a:8b (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.73.46 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-46.fra2.r.cloudfront.net

www.stack-sonar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:81b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.188.71.214 (United States)

ASN15169 (GOOGLE, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:816::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:832 (United States)

ASN13335 (CLOUDFLARENET, US)

freestar-io.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9408 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.22.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s14-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:464d (United States)

ASN13335 (CLOUDFLARENET, US)

mrb.upapi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:824::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.208.38 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra15s12-in-f38.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4513 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.23.194 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

backend.upapi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 99.86.240.180 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-240-180.vie50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.224.165 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.108.144.24 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-144-24.deploy.static.akamaitechnologies.com

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.238.139 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-238-139.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 52.72.80.38 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-80-38.compute-1.amazonaws.com

pixel.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.220.244 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.190.66 (United States)

ASN13335 (CLOUDFLARENET, US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206e:1800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 151.101.13.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.23.105.3 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-105-3.compute-1.amazonaws.com

api.stack-sonar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.37.27 (France)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-21-37-27.deploy.static.akamaitechnologies.com

api.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.249.58.234 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-58-234.eu-west-1.compute.amazonaws.com

vid.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:819::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.202.140.116 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-140-116.compute-1.amazonaws.com

lreprx-server.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.181 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

widget.perfectmarket.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

3798d67ecedc9f68471fbe0d5998de60.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.116.38 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.65.140 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 141.226.228.48 (Netherlands) 2 redirects

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 40.113.136.100 (Amsterdam, Netherlands) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.powerlinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.135.234 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.139 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.31 (United States) 2 redirects

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.210.81 (Netherlands) 1 redirects

ASN20940 (AKAMAI-ASN1, EU)
PTR: a184-30-210-81.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s29-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.34.98.13 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.14 (Amsterdam, Netherlands) 1 redirects

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.162.238.70 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)

www.storygize.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.114 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

e1.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)

cds.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.193.185 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.206.141.96 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)

rtb.4finance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:818::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.226.36.58 (United States)

ASN15169 (GOOGLE, US)

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.215.51 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-51.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.120.60.93 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-60-93.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.230.142 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.228.106.195 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

trafficmanager.anyclip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.67.164 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

anyclip-player.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)

vpaid.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.135 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-135.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.134 (New York, United States)

ASN19189 (PULSEPOINT, US)

bid.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.196.104.43 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

hb.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.94.180.124 (Netherlands)

ASN35220 (SPOTX-AMS, NL)

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.58.206 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

vid-io-dub.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
49	anyclip.com player.anyclip.com config.anyclip.com pixel.anyclip.com assets.anyclip.com lreprx-server.anyclip.com trafficmanager.anyclip.com cdn5.anyclip.com	408 KB
28	googlesyndication.com 3798d67ecedc9f68471fbe0d5998de60.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	347 KB
23	taboola.com 2 redirects cdn.taboola.com trc.taboola.com sync.taboola.com match.taboola.com am-sync.taboola.com cds.taboola.com sync-t1.taboola.com	171 KB
20	ampproject.org cdn.ampproject.org	428 KB
17	doubleclick.net 2 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net ad.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net	134 KB
13	gstatic.com fonts.gstatic.com ssl.gstatic.com	88 KB
13	google.com 3 redirects apis.google.com www.google.com accounts.google.com adservice.google.com	112 KB
12	googleapis.com fonts.googleapis.com imasdk.googleapis.com	226 KB
10	pub.network a.pub.network d.pub.network c.pub.network	252 KB
10	komando.com www.komando.com	366 KB
8	3lift.com tlx.3lift.com Failed eb2.3lift.com	1 KB
8	adnxs.com ib.adnxs.com Failed acdn.adnxs.com	3 KB
8	amazon-adsystem.com 1 redirects c.amazon-adsystem.com aax-eu.amazon-adsystem.com	34 KB
6	districtm.io dmx.districtm.io Failed cdn.districtm.io	487 B
5	rubiconproject.com fastlane.rubiconproject.com pixel.rubiconproject.com eus.rubiconproject.com	5 KB
5	twitter.com platform.twitter.com syndication.twitter.com	31 KB
5	cookiepro.com cookie-cdn.cookiepro.com	83 KB
4	springserve.com vid.springserve.com vpaid.springserve.com vid-io-dub.springserve.com	99 KB
4	scorecardresearch.com 1 redirects sb.scorecardresearch.com	3 KB
4	sharethrough.com btlr.sharethrough.com	453 B
4	facebook.com www.facebook.com graph.facebook.com	1 KB
4	wp.com stats.wp.com pixel.wp.com	3 KB
4	facebook.net connect.facebook.net	231 KB
3	bidswitch.net 3 redirects x.bidswitch.net	1 KB
3	contextweb.com 1 redirects bh.contextweb.com bid.contextweb.com	1 KB
3	2mdn.net s0.2mdn.net	21 KB
3	upapi.net mrb.upapi.net backend.upapi.net	235 KB
3	jeeng.com users.api.jeeng.com sdk.jeeng.com	109 KB
2	4finance.com 2 redirects rtb.4finance.com	2 KB
2	emxdgt.com e1.emxdgt.com hb.emxdgt.com	431 B
2	lijit.com 1 redirects ce.lijit.com	1018 B
2	adsrvr.org 2 redirects match.adsrvr.org	914 B
2	zemanta.com 2 redirects b1sync.zemanta.com	1 KB
2	powerlinks.com 2 redirects px.powerlinks.com	1 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	perfectmarket.com widget.perfectmarket.com	34 KB
2	youtube.com www.youtube.com
2	media.net hbx.media.net	9 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	8 KB
2	google.de www.google.de adservice.google.de	1 KB
2	crazyegg.com script.crazyegg.com	34 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	stack-sonar.com www.stack-sonar.com api.stack-sonar.com	3 KB
1	spotxchange.com search.spotxchange.com	1 KB
1	casalemedia.com as-sec.casalemedia.com	356 B
1	amazonaws.com anyclip-player.s3.amazonaws.com	1 KB
1	bttrack.com bttrack.com	380 B
1	adkernel.com dsp.adkernel.com	233 B
1	smartadserver.com rtb-csync.smartadserver.com	697 B
1	storygize.net 1 redirects www.storygize.net	431 B
1	pubmatic.com simage2.pubmatic.com	1003 B
1	bluekai.com 1 redirects stags.bluekai.com	1 KB
1	mathtag.com 1 redirects sync.mathtag.com	797 B
1	firebaseapp.com widget-modal-popup-v2-prod.firebaseapp.com
1	pinterest.com api.pinterest.com	379 B
1	quantcount.com rules.quantcount.com	1 KB
1	ad-delivery.net ad-delivery.net	626 B
1	videoplayerhub.com freestar-io.videoplayerhub.com	29 KB
1	googletagservices.com www.googletagservices.com	18 KB
1	googletagmanager.com www.googletagmanager.com	49 KB
0	yieldmo.com Failed ads.yieldmo.com Failed
0	dotomi.com Failed web.hb.ad.cpe.dotomi.com Failed
323	62

	Domain	Requested by
23	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.komando.com cdn.ampproject.org tpc.googlesyndication.com
20	cdn.ampproject.org	securepubads.g.doubleclick.net
19	pixel.anyclip.com	www.komando.com
11	trc.taboola.com	cdn.taboola.com www.komando.com
11	assets.anyclip.com	player.anyclip.com www.komando.com
10	cdn5.anyclip.com	www.komando.com player.anyclip.com
10	www.komando.com	www.komando.com
9	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.komando.com
8	eb2.3lift.com	4 redirects a.pub.network
8	imasdk.googleapis.com	player.anyclip.com imasdk.googleapis.com vpaid.springserve.com
8	fonts.gstatic.com	fonts.googleapis.com
6	c.amazon-adsystem.com	a.pub.network c.amazon-adsystem.com
6	www.google.com	3 redirects www.komando.com
5	c.pub.network	a.pub.network
5	ssl.gstatic.com	www.komando.com
5	cookie-cdn.cookiepro.com	www.komando.com cookie-cdn.cookiepro.com
4	trafficmanager.anyclip.com	player.anyclip.com
4	cdn.districtm.io	a.pub.network
4	acdn.adnxs.com	a.pub.network
4	pagead2.googlesyndication.com	www.komando.com securepubads.g.doubleclick.net
4	am-sync.taboola.com	1 redirects www.komando.com
4	sb.scorecardresearch.com	1 redirects a.pub.network www.komando.com
4	ib.adnxs.com	a.pub.network www.komando.com vpaid.springserve.com
4	btlr.sharethrough.com	a.pub.network
4	apis.google.com	www.komando.com apis.google.com
4	platform.twitter.com	www.komando.com platform.twitter.com
4	connect.facebook.net	www.komando.com connect.facebook.net
4	fonts.googleapis.com	www.komando.com securepubads.g.doubleclick.net
3	googleads.g.doubleclick.net	www.komando.com
3	x.bidswitch.net	3 redirects
3	cm.g.doubleclick.net	2 redirects www.komando.com
3	s0.2mdn.net	player.anyclip.com imasdk.googleapis.com
3	pixel.wp.com	www.komando.com
3	cdn.taboola.com	www.komando.com cdn.taboola.com
3	fastlane.rubiconproject.com	a.pub.network
3	www.facebook.com	www.komando.com connect.facebook.net
3	a.pub.network	www.komando.com a.pub.network
3	player.anyclip.com	www.komando.com player.anyclip.com imasdk.googleapis.com
2	rtb.4finance.com	2 redirects
2	ce.lijit.com	1 redirects www.komando.com
2	match.adsrvr.org	2 redirects
2	b1sync.zemanta.com	2 redirects
2	bh.contextweb.com	1 redirects www.komando.com
2	px.powerlinks.com	2 redirects
2	sync.taboola.com	1 redirects www.komando.com
2	rtb.mfadsrvr.com	2 redirects
2	aax-eu.amazon-adsystem.com	1 redirects c.amazon-adsystem.com
2	adservice.google.com	securepubads.g.doubleclick.net imasdk.googleapis.com
2	widget.perfectmarket.com	cdn.taboola.com widget.perfectmarket.com
2	vid.springserve.com	player.anyclip.com
2	www.youtube.com	apis.google.com
2	hbx.media.net	a.pub.network hbx.media.net
2	dmx.districtm.io	a.pub.network
2	mrb.upapi.net	freestar-io.videoplayerhub.com mrb.upapi.net
2	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	d.pub.network	a.pub.network
2	users.api.jeeng.com	www.komando.com sdk.jeeng.com
1	vid-io-dub.springserve.com	vpaid.springserve.com
1	search.spotxchange.com	vpaid.springserve.com
1	hb.emxdgt.com	vpaid.springserve.com
1	bid.contextweb.com	vpaid.springserve.com
1	as-sec.casalemedia.com	vpaid.springserve.com
1	vpaid.springserve.com	player.anyclip.com
1	anyclip-player.s3.amazonaws.com	www.komando.com
1	eus.rubiconproject.com	a.pub.network
1	sync-t1.taboola.com	www.komando.com
1	cds.taboola.com	www.komando.com
1	bttrack.com	www.komando.com
1	e1.emxdgt.com	www.komando.com
1	dsp.adkernel.com	www.komando.com
1	rtb-csync.smartadserver.com	www.komando.com
1	www.storygize.net	1 redirects
1	simage2.pubmatic.com	www.komando.com
1	stags.bluekai.com	1 redirects
1	sync.mathtag.com	1 redirects
1	pixel.rubiconproject.com	www.komando.com
1	match.taboola.com	www.komando.com
1	3798d67ecedc9f68471fbe0d5998de60.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	syndication.twitter.com	www.komando.com
1	lreprx-server.anyclip.com	player.anyclip.com
1	accounts.google.com	apis.google.com
1	pixel.quantserve.com	www.komando.com
1	widget-modal-popup-v2-prod.firebaseapp.com	sdk.jeeng.com
1	graph.facebook.com	www.komando.com
1	api.pinterest.com	www.komando.com
1	api.stack-sonar.com	www.komando.com
1	rules.quantcount.com	secure.quantserve.com
1	config.anyclip.com	player.anyclip.com
1	secure.quantserve.com	a.pub.network
1	backend.upapi.net	mrb.upapi.net
1	ad-delivery.net	www.komando.com
1	ad.doubleclick.net	www.komando.com
1	www.google.de	www.komando.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	freestar-io.videoplayerhub.com	a.pub.network
1	www.googletagservices.com	a.pub.network
1	www.stack-sonar.com	www.komando.com
1	www.googletagmanager.com	www.komando.com
1	stats.wp.com	www.komando.com
1	sdk.jeeng.com	www.komando.com
0	ads.yieldmo.com Failed	a.pub.network
0	tlx.3lift.com Failed	a.pub.network
0	web.hb.ad.cpe.dotomi.com Failed	a.pub.network
323	105

This site contains links to these domains. Also see Links.

Domain
community.komando.com
www.dreamstime.com
en.wikipedia.org
anyclip.com
us-cert.cisa.gov
deals.komando.com
om.forgeofempires.com
go.activatemydiscount.com
totalbattle.com
themarketsguide.com
popup.taboola.com
dicial-weingtone.icu
myjackpot.com
mackeeper.com
k.ilius.net
www.volvocars.com
om.grepolis.com
www.snelleofferte.nl
www.weststar.com
www.facebook.com
www.instagram.com
www.pinterest.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
www.komando.com Let's Encrypt Authority X3	`2020-08-18` - `2020-11-16`	3 months	crt.sh
cookiepro.com Cloudflare Inc ECC CA-3	`2020-07-06` - `2021-07-06`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
cert-00012-cdnedge-bluemix.akamaized.net Let's Encrypt Authority X3	`2020-09-27` - `2020-12-26`	3 months	crt.sh
www.filipg.se Let's Encrypt Authority X3	`2020-08-20` - `2020-11-18`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
platform.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-13` - `2021-08-18`	a year	crt.sh
*.apis.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.anyclip.com Go Daddy Secure Certificate Authority - G2	`2020-07-13` - `2022-07-13`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-17` - `2021-07-17`	a year	crt.sh
www.stack-sonar.com Amazon	`2020-04-21` - `2021-05-21`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2020-03-17` - `2021-05-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
backend.upapi.net GTS CA 1D2	`2020-09-09` - `2020-12-08`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.sharethrough.com Amazon	`2020-09-09` - `2021-10-11`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
districtm.io Cloudflare Inc ECC CA-3	`2020-07-01` - `2021-07-01`	a year	crt.sh
*.taboola.com DigiCert SHA2 Secure Server CA	`2020-08-10` - `2021-12-31`	a year	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2020-07-16` - `2021-08-04`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
firebaseapp.com GTS CA 1O1	`2019-10-28` - `2020-10-26`	a year	crt.sh
accounts.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.springserve.com Amazon	`2020-09-03` - `2021-10-03`	a year	crt.sh
p.ssl.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-09-03` - `2021-02-22`	a year	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2020-06-15` - `2021-06-15`	a year	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
*.smartadserver.com DigiCert Global CA G2	`2020-02-03` - `2022-02-03`	2 years	crt.sh
*.adkernel.com COMODO RSA Domain Validation Secure Server CA	`2017-11-17` - `2021-01-05`	3 years	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2020-05-18` - `2021-07-17`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2019-03-19` - `2021-04-13`	2 years	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh
*.3lift.com Amazon	`2020-07-04` - `2021-08-05`	a year	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2019-11-09` - `2021-03-12`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.spotxchange.com GeoTrust RSA CA 2018	`2019-03-18` - `2021-03-17`	2 years	crt.sh

This page contains 32 frames:

Primary Page: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Frame ID: C36992F3C9DEF4935EEEC450F440ED7B
Requests: 217 HTTP requests in this frame

Frame: https://www.facebook.com/v4.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ca9c7df9036ac%26domain%3Dwww.komando.com%26origin%3Dhttps%253A%252F%252Fwww.komando.com%252Ff33538c18b98568%26relation%3Dparent.parent&container_width=394&href=https%3A%2F%2Fwww.facebook.com%2Fkimkomando&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&width=
Frame ID: 9E77FD12B27619446961533798E32B3C
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.komando.com
Frame ID: AD612B347F269D43EC516E900E1BDCB4
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?usegapi=1&channel=kimkomandoshow&layout=default&theme=dark&count=hidden&origin=https%3A%2F%2Fwww.komando.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__
Frame ID: 1676A8EE1034DFEE0EF627F2FEE2BB32
Requests: 1 HTTP requests in this frame

Frame: https://widget-modal-popup-v2-prod.firebaseapp.com/update-user-data.html?domain_id=VAkN2egYB1&uid=d211e91c-c62d-4c0c-a72c-ca705fca7df3&language=en-US&profile=
Frame ID: 4D33AD30AC07EF45414CB675C06E5F0B
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.komando.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__
Frame ID: 1131510E42A7C70B548EE355E6704280
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
Frame ID: EB2C282F52BDEE95BD742B180223F511
Requests: 1 HTTP requests in this frame

Frame: https://hbx.media.net/checksync.php?&vsSync=1&cs=17&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C226%2C10000&usp_status=0&usp_consent=1&https=1&gdpr=1&gdprconsent=2
Frame ID: 59627FEBE7E6289DC396F0C07F61C1CF
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCU9HtOaaO-lcitPVVdsq99w&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__
Frame ID: 7B6B57A7D83709BEECDB4612EC907AFD
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t
Frame ID: 4B9E566F1DF5E3E3472FDF0262D0B5B3
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=3835b0c3-58b7-4c22-b114-747b807ecca4&tbid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&query=taboola_hm%3D3835b0c3-58b7-4c22-b114-747b807ecca4&isDirect=0
Frame ID: 9634507C55A9F374643DC7C0F475253A
Requests: 20 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js
Frame ID: AF78A52D42DA49CB38F7D922C5E7EED9
Requests: 15 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js
Frame ID: 8BA7F3FCF36417AA5043E267D3BB6C1D
Requests: 17 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js
Frame ID: 4EAB74B99ACB7FC439C0DA3CC6F575D2
Requests: 16 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js
Frame ID: 69EBFE22808A6BDAE25E9DF8B7BDAB96
Requests: 15 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 9464BBDBC97855EB6899A689C1A76AB7
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: E6D395B3C6BE163845BC9B2DDB6A14FE
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: C1D5FB4BFADEF0450B7E0BFFBC1BBA4F
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: D3EBA9A874434D6F5406A92BF0BBE0E1
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: AFE0A07117AD0F5951BBBD2C138664E5
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 5DE06F55FA7A65435AC54587E05FBA5E
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 4EFD4B7CCE112D709A9E00DB35DB072F
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: C90973FE704EDF2817C3732C76BED689
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 65B36D7F3C480DC4F786BB1D251DC722
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 96A618F6EBB01ACA4E5E0A3CC632EB47
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=0&gdpr_consent=
Frame ID: 46F12602C69842B2A0ACDE097BD713E5
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: C6C362C733F9ABA1F3AD66E139685276
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 86C2434E2CAC11495F897CEC7D21381D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html
Frame ID: 177FEC5ACBF40B366FCB68E45FA8EEBA
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html
Frame ID: 40F514A0F56DC1AFCE8D3F0A6404281E
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/loader.js
Frame ID: 3F72CEAACD5964B0E6A62D0EAA223E0C
Requests: 13 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html
Frame ID: D03CFAB22B96019E633498A39639F81E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

323
Requests

91 %
HTTPS

35 %
IPv6

62
Domains

105
Subdomains

77
IPs

9
Countries

3610 kB
Transfer

14438 kB
Size

44
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://community.komando.com/watch/
Title: Watch

Search URL Search Domain Scan URL

URL: https://community.komando.com/listen/
Title: Listen

Search URL Search Domain Scan URL

URL: https://community.komando.com/
Title: Login/join the community

Search URL Search Domain Scan URL

URL: https://www.dreamstime.com/bug-as-symbol-malware-trojan-virus-program-code-hacking-theft-personal-information-data-green-pixel-locks-red-image179472219
Title: Dreamstime.com

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Ryu_(Street_Fighter)
Title: Read More

Search URL Search Domain Scan URL

URL: https://anyclip.com/?source=logo&wid=0011r00002HG7NL_1462

Search URL Search Domain Scan URL

URL: https://us-cert.cisa.gov/ncas/alerts/aa20-266a
Title: The DHS is issuing a warning about Lokibot infections

Search URL Search Domain Scan URL

URL: https://deals.komando.com/sales/luft-cube-portable-filterless-air-purifier-black-gold?utm_source=komando.com&utm_medium=referral&utm_campaign=luft-cube-portable-filterless-air-purifier-black-gold&utm_term=scsf-433502&utm_content=a0x1P000004Y7oIQAS&scsonar=1
Title: Clean up the air in any room with this portable UV purifier

Search URL Search Domain Scan URL

URL: https://om.forgeofempires.com/foe/?ref=tab_row_en_mktdet2&&external_param=235914724&pid=komando&bid=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F34ae3d8438b9f0684092dd84dd25fdb9.jpeg&tblci=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDJqD8#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDJqD8
Title: Forge of Empires - Free Online Game

Search URL Search Domain Scan URL

URL: https://om.forgeofempires.com/foe/nl/?ref=tab_nl_nl&&external_param=2855376884&pid=komando&bid=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5fd13f545e5e63784883df9fc5c3cd47.jpeg&tblci=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDJqD8#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDJqD8
Title: Forge of Empires

Search URL Search Domain Scan URL

URL: https://go.activatemydiscount.com/0ef23240-ef56-4331-b06f-c9b1c16340c4?campaign=5241825&ad=2921958735&site=1008999&sitename=komando&title=You%27re+Allowed+To+Do+Anything+You+Want+In+This+Game&thumbnail=https%3A%2F%2Fresources.anstrex.com%2Fthumbnails%2Ftaboola_com_bcrnews_com_2019_01_23_8cd5a0d2.png&clickid=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDksUs#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDksUs
Title: RAID

Search URL Search Domain Scan URL

URL: https://totalbattle.com/en/lp/parallax1_webgl_dark_po_2/3?adgp=ads&prtr=taboola&acc=main&adsite=komando&cpn=6294055&iid=2928379712&clickid=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyCakUM#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyCakUM
Title: Total Battle: Tactical War Game

Search URL Search Domain Scan URL

URL: https://themarketsguide.com/vc/nl_WEBCR-29-V1-tb-new-MALE/?utm_source=TBL&utm_medium=discovery&utm_campaign=NL+-+Desktop+-+Amazon+-+n2+-+speaker&utm_term=komando_komando.com&utm_content=Hoe+een+belegging+van+%E2%82%AC250+in+Amazon+een+vast+inkomen+zou+kunnen+opleveren&tbclid=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDKkE4&tblci=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDKkE4#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDKkE4
Title: The Markets Guide

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=komando&utm_medium=referral&utm_content=alternating-thumbnails-rr:Alternating%20Right%20Rail%20Thumbnails:
Title:

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=komando&utm_medium=referral&utm_content=thumbnails-b:Right%20Rail%20Thumbnails:
Title:

Search URL Search Domain Scan URL

URL: https://totalbattle.com/en/lp/village028_webgl_dark_po_2/3?adgp=ads&prtr=taboola&acc=main&adsite=komando&cpn=6294055&iid=2928379715&clickid=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyCakUM#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyCakUM
Title: Total Battle: Tactical War Game

Search URL Search Domain Scan URL

URL: https://dicial-weingtone.icu/7d16b945-80f6-40c4-beb0-6329f98cb6e2?campaign=%7Bcampaign%7D&site=komando&thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F02c1c5a78fe7e055fc9f5c99b2ead6a9.jpg&title=%E2%82%AC+250+investeren+in+deze+bedrijven+kan+een+tweede+salaris+opleveren&campaign_item_id=2927804989&site_id=1008999&click_id=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyC2j1E&utm_source=taboola&utm_medium=referral&external_id=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyC2j1E&tblci=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyC2j1E#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyC2j1E
Title: Investeer in Amazon

Search URL Search Domain Scan URL

URL: https://myjackpot.com/lp/slotgames2b-nl?aid=tbl-nl&utm_source=komando&utm_medium=native&utm_campaign=MyJackpot.com_NL_Desktop-Slotgames2b-Smartbid&utm_content=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FSKP%2F898342434__A55NmfBd.jpg&utm_term=2886110821&tblci=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyCvv0c#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyCvv0c
Title: MyJackpot.com

Search URL Search Domain Scan URL

URL: https://mackeeper.com/link/b875dadc-fe48-11ea-abbb-127369ec21d1?tid_ext=How+to+Remove+GBs+of+Junk+From+Your+Mac%3F+Learn+More.;2930060848;1008999;GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDA_0k&tblci=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDA_0k#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDA_0k
Title: MacKeeper

Search URL Search Domain Scan URL

URL: http://k.ilius.net/?mtcmk=914124&fsid=086&utm_source=taboola&utm_term=komando&utm_medium=display&utm_campaign=2251162&tblci=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDNskk#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDNskk
Title: Lexa

Search URL Search Domain Scan URL

URL: https://www.volvocars.com/nl/care-by-volvo/?utm_source=taboola&utm_medium=native&utm_content=lifestyle_native&utm_campaign=nl_lifestyle_awareness_2001_care-by-volvo_b2c_always-on_052020_copy3&tblci=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyCL1k0#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyCL1k0
Title: Care by Volvo

Search URL Search Domain Scan URL

URL: https://om.grepolis.com/grepo/nl/?ref=tab_nl_nl&&external_param=279959544&pid=komando&bid=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fa337594dce215b64301d915806c522cd.jpeg&tblci=GiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDlp0A#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyDlp0A
Title: Grepolis

Search URL Search Domain Scan URL

URL: https://www.snelleofferte.nl/trapliften-keuzehulp/?utm_content=6043-tp_vid-im_280-ad_benieuwd_hoe_duur_ee-bs_vid&utm_img=280-121-vdt-sta_gen-np-nl-bv1-not&utm_source=taboola&utm_medium=cpc&utm_campaign=sta_gen-2002665-de-pr-prp_compare_prices&utm_ctype=vid&utm_term=1008999#tblciGiC0UMe6pw4jYRmzRFV1Bx6ujx-2PRqshhNeVy_om31ewyCFnUI
Title: Snelle Offerte

Search URL Search Domain Scan URL

URL: https://www.weststar.com/
Title: About us

Search URL Search Domain Scan URL

URL: https://www.facebook.com/kimkomando
Title: facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/kimkomando/
Title: instagram

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/kimkomando/
Title: pinterest

Search URL Search Domain Scan URL

URL: https://twitter.com/kimkomando
Title: twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/kimkomando
Title: youtube youtube

Search URL Search Domain Scan URL

URL: https://anyclip.com/?source=powered&wid=0011r00002HG7NL_1462
Title: Powered by AnyClip

Search URL Search Domain Scan URL

URL: https://anyclip.com/privacy-policy/?source=policy&wid=0011r00002HG7NL_1462
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 163

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t

Request Chain 164

https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola HTTP 302
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=3835b0c3-58b7-4c22-b114-747b807ecca4 HTTP 302
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=3835b0c3-58b7-4c22-b114-747b807ecca4&tbid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&query=taboola_hm%3D3835b0c3-58b7-4c22-b114-747b807ecca4&isDirect=0

Request Chain 166

https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Fam-sync.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D&orig=trc HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=113&redir=%2F%2Fpx.powerlinks.com%2Fuser%2Fsync%2Fdsps%3FuserId%3D%5BMM_UUID%5D%26sourceId%3Daa4e7548-789b-4df8-a72f-d951a5b206eb%26sync%3D0%26rurl%3Dhttps%25253A%25252F%25252Fam-sync.taboola.com%25252Fsg%25252Fpowerlinksdsp-network%25252F1%25252Frtb-h%25252F%25253Ftaboola_hm%25253D0505CuF7SagFCEHod7RIyy7tvRHjh_cyrxfnl1ulwt0%2525253D HTTP 302
https://px.powerlinks.com/user/sync/dsps?userId=b2b15f72-463f-4000-9d66-35fb126f8a72&sourceId=aa4e7548-789b-4df8-a72f-d951a5b206eb&sync=0&rurl=https%3A%2F%2Fam-sync.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D0505CuF7SagFCEHod7RIyy7tvRHjh_cyrxfnl1ulwt0%253D HTTP 302
https://am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=0505CuF7SagFCEHod7RIyy7tvRHjh_cyrxfnl1ulwt0%3D

Request Chain 167

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fam-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc HTTP 302
https://am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=hh3ZNA6kJ3jD&ev=1&orig=trc&pid=562107

Request Chain 168

https://b1sync.zemanta.com/usersync/taboola/?puid={user_id}&cb=https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=__ZUID__&orig=trc HTTP 302
https://stags.bluekai.com/site/23178?id=kjYGYEDot4rSIsPr0DdV&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LBNZ2GC4TUMIWW4ZLUO5XXE2ZPGEXXE5DCFVUC6P3FPBRWQYLOM5ST25DBMJXW63DBEZ2GCYTPN5WGCX3INU6WW2SZI5MUKRDPOQ2HEU2JONIHEMCEMRLA HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LBNZ2GC4TUMIWW4ZLUO5XXE2ZPGEXXE5DCFVUC6P3FPBRWQYLOM5ST25DBMJXW63DBEZ2GCYTPN5WGCX3INU6WW2SZI5MUKRDPOQ2HEU2JONIHEMCEMRLA HTTP 302
https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=kjYGYEDot4rSIsPr0DdV

Request Chain 170

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm=&google_sc=&google_tc= HTTP 302
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEMyZD-sdDNCD5zvqBrqKf7Y&google_cver=1

Request Chain 172

https://am-sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba

Request Chain 174

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=a68a219e-3f25-49b5-bacc-092f68f4c67f

Request Chain 175

https://ce.lijit.com/merge?pid=42&3pid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&us_privacy=&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=42&3pid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&us_privacy=&gdpr=0&gdpr_consent=&dnr=1

Request Chain 177

https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba HTTP 302
https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301

Request Chain 183

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent= HTTP 302
https://rtb.4finance.com/sync?ssp=bidswitch&bidswitch_ssp_id=taboola&bsw_user_id=1a17ccd8-ffea-4336-8778-73f50a5e3c3e&bsw_param=1a17ccd8-ffea-4336-8778-73f50a5e3c3e HTTP 302
https://rtb.4finance.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=taboola&bsw_user_id=1a17ccd8-ffea-4336-8778-73f50a5e3c3e&bsw_param=1a17ccd8-ffea-4336-8778-73f50a5e3c3e HTTP 302
https://x.bidswitch.net/sync?dsp_id=159&expires=14&user_id=143a1de0-a828-4538-bc85-c07950e97027&ssp=taboola&user_group=&bsw_param=1a17ccd8-ffea-4336-8778-73f50a5e3c3e HTTP 302
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=1a17ccd8-ffea-4336-8778-73f50a5e3c3e

Request Chain 228

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 229

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 235

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601324605699&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601324605699&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=&cs_ak_ss=1

Request Chain 249

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 259

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 262

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 264

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 266

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

323 HTTP transactions
17 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/ 406 KB
83 KB 191ms
168ms Document
text/html 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

80325753dfda513353d6498662f2c01a3d9d588f73a048082e1dafb59399fd94

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.komando.com
:scheme: https
:path: /security-privacy/lokibot-keylogger-spreading/755764/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d17390bbd7da59f973086fcf499b70dfe1601324598; expires=Wed, 28-Oct-20 20:23:18 GMT; path=/; domain=.www.komando.com; HttpOnly; SameSite=Lax k3FormInserters=%7B%2215940519701%22%3A%222020-10-05%2019%3A43%3A17%22%2C%22generalExpiration%22%3A%222020-10-01%2019%3A43%3A17%22%7D; expires=Wed, 01-Jan-2031 00:00:00 GMT; Max-Age=323669803; path=/ k3ModalInserters=%7B%2215940546631%22%3A%222020-10-05%2019%3A43%3A17%22%2C%22generalExpiration%22%3A%222020-10-01%2019%3A43%3A17%22%7D; expires=Wed, 01-Jan-2031 00:00:00 GMT; Max-Age=323669803; path=/
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-frame-options: SAMEORIGIN
link: <https://www.komando.com/wp-json/>; rel="https://api.w.org/" <https://www.komando.com/wp-json/wp/v2/posts/755764>; rel="alternate"; type="application/json" <https://www.komando.com/?p=755764>; rel=shortlink
x-elasticpress-query: true
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 1
x-cache-group: normal
cf-cache-status: DYNAMIC
cf-request-id: 0577fb5e5b0000062984185200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5da02e76fa5a0629-FRA
content-encoding: br

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ 12 KB
4 KB 50ms
19ms Script
application/javascript 2606:4700::6812:778
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

396197a350c5f917f454cb764fa31f624d64f8fbac73445c4d2862bad7ca22bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: reFiWB6U0BSmOZ1FSpYaOw==
age: 3759
status: 200
cf-request-id: 0577fb5f2800002c267405f200000001
x-ms-lease-status: unlocked
last-modified: Fri, 11 Sep 2020 01:42:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f5babbb1-701e-00b1-3ce8-872658000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 5da02e78486b2c26-FRA

GET
H2 200 css
fonts.googleapis.com/ 17 KB
1 KB 46ms
25ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e4a66d01f6e756434873901b4c7c7fd74d0a2c08710e8e2bec2113f97dcff2d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Sep 2020 20:23:19 GMT
server: ESF
date: Mon, 28 Sep 2020 20:23:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Sep 2020 20:23:19 GMT

GET
H2 200 configs Show response
users.api.jeeng.com/users/domains/VAkN2egYB1/sdk/ 1 KB
928 B 59ms
20ms Script
text/javascript 2a02:26f0:eb::214:bef6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://users.api.jeeng.com/users/domains/VAkN2egYB1/sdk/configs
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:eb::214:bef6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Google Frontend / Express
Resource Hash: d9d704f0b7a23f56e6ba623424e2ab48dcd02522940f8c2302fed24aa211e7e5

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: gzip
etag: W/"502-tT0LLQ0YJPUP5DvhRO06Xsu/uWs"
server: Google Frontend
status: 200
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: d6711f865fe8fc4697e6e7d158106581
cache-control: max-age=384
content-length: 702

GET
H2 200 v3.js Show response
sdk.jeeng.com/ 492 KB
108 KB 2015ms
17ms Script
text/javascript 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://sdk.jeeng.com/v3.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

76acf8c85fbf30f66baaf8a77b45a8c55239360611284cbd426bafeaf12806ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Thu, 03 Sep 2020 16:24:28 GMT
x-timer: S1601324601.156285,VS0,VE0
etag: "86bc67d8013fe6abe723ac297daa52084dc88b1c37b0ad399cf0552e9ad9b41d-br"
x-served-by: cache-ams21075-AMS
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=3600
date: Mon, 28 Sep 2020 20:23:21 GMT
accept-ranges: bytes
content-length: 110062
x-cache-hits: 1524

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 27ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

27f7565f1db12d6ddab49a8b795d6a804067be98fcea51ecfb5ca71f7906389a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.komando.com
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: tsm2URCb8OuCbLt7ahE9AQ==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
etag: "0415438e425088697d0bdce45d0b8806"
x-fb-debug: 9F5E21dz3Fyi7tFebn7kfqfA8lUZBRn66PBLMKtD4YSVd7aSzBGIGF9saxoGrHomFTg/tFvdjMUJ5O95mIhhSw==
x-fb-trip-id: 664085054
x-fb-content-md5: 578f7bd4cc5cab6a1ab4a362f8f0ee39
x-frame-options: DENY
date: Mon, 28 Sep 2020 20:23:19 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 28 Sep 2020 20:41:37 GMT

GET
H2 200 widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 2030ms
23ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:21 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 28881
x-served-by: cache-bwi5144-BWI, cache-fra19169-FRA
last-modified: Tue, 01 Sep 2020 20:40:54 GMT
etag: "a58136137a93f33c1d165df7d4d973f8+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1800
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 platform.js Show response
apis.google.com/js/ 49 KB
19 KB 68ms
33ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a59455402cb06fdade0b4c6ca2c44f2f627a085fb354b911531235c4c4f538a3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-E7+eHiYbTqgu2Ezw+9xvrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "34d16df61d59ba6d7f2edc09bf4e76e8"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-E7+eHiYbTqgu2Ezw+9xvrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Mon, 28 Sep 2020 20:23:19 GMT

GET
H/1.1 200
OK lre.js Show response
player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/ 921 KB
236 KB 2237ms
76ms Script
application/javascript 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 777a900b48ed2b99b8a4ba93c8a314ee3caeba5ab77e866c8e5ef494f188c1f9

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:21 GMT
Content-Encoding: gzip
Age: 8276
Connection: keep-alive
Content-Length: 241556
x-amz-id-2: zJQQ/BX7Il1deM+LJ0Rq38eMpdljxgpMcvFaTjQWhZTKzfjUK2WZ5oCcHXhK/zapmjFlgKoDAgo=
Last-Modified: Thu, 17 Sep 2020 10:17:09 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: F1BD7E08FE1DE233
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-version-id: jwkzrAv8q8XuzJxtu9nJBgBo_0BcZ0B1
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: deee204bd02ef5f51786bef3d6feda71
Expires: Mon, 28 Sep 2020 18:06:25 GMT

GET
H2 200 lazysizes.min.js Show response
www.komando.com/wp-content/plugins/autoptimize/classes/external/js/ 9 KB
4 KB 30ms
23ms Script
application/javascript 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-content/plugins/autoptimize/classes/external/js/lazysizes.min.js?ao_version=2.7.7
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b88ddfa92e4cb2646d5c7e19274939caa3495dcb33c307f1bbaec31b1d9691a

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 30 Aug 2020 17:50:42 GMT
server: cloudflare
age: 2440066
etag: W/"5f4be6f2-22ea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5da02e78bf6c0629-FRA
cf-request-id: 0577fb5f7500000629841a0200000001

GET
H2 200 wp-polyfill.min.js Show response
www.komando.com/wp-includes/js/dist/vendor/ 97 KB
32 KB 36ms
34ms Script
application/javascript 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96ed609b415be6ee67eadb8d2de7ce64d13de9c928bce8e1373bec97e233e74c

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Sep 2019 15:19:18 GMT
server: cloudflare
age: 2440066
etag: W/"5d839c76-1833d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5da02e784dec0629-FRA
cf-request-id: 0577fb5f290000062984195200000001

GET
H2 200 lodash.min.js Show response
www.komando.com/wp-includes/js/dist/vendor/ 72 KB
23 KB 43ms
41ms Script
application/javascript 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.15
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55e35a1415438685f71fe809dfb0e94ff9d3b994dd8d8ae8f7206bb878d59a84

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 18 Aug 2019 12:31:00 GMT
server: cloudflare
age: 2440066
etag: W/"5d594504-11e2d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5da02e784ded0629-FRA
cf-request-id: 0577fb5f290000062984196200000001

GET
H2 200 jquery.js Show response
www.komando.com/wp-includes/js/jquery/ 95 KB
32 KB 32ms
30ms Script
application/javascript 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: cloudflare
age: 1695933
etag: W/"5cde37d2-17a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5da02e784dee0629-FRA
cf-request-id: 0577fb5f290000062984197200000001

GET
H2 200 formSubscribe.min.js Show response
www.komando.com/wp-content/plugins/k2-prefs-center/public/js/ 7 KB
2 KB 28ms
26ms Script
application/javascript 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-content/plugins/k2-prefs-center/public/js/formSubscribe.min.js?ver=2.2.4
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aeb08680a67ab108b80d0d5eca97457046c90c4d885d817aac059ed5b47b5fbc

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 09 Jul 2020 23:30:05 GMT
server: cloudflare
age: 2440066
etag: W/"5f07a87d-1cfa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5da02e784def0629-FRA
cf-request-id: 0577fb5f290000062984198200000001

GET
H2 200 e-202040.js Show response
stats.wp.com/ 9 KB
3 KB 2014ms
17ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202040.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams
date: Mon, 28 Sep 2020 20:23:21 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
expires: Mon, 27 Sep 2021 03:56:41 GMT

GET
H2 200 autoptimize_31cd2dcd020668663b3824abe7f5215c.js Show response
www.komando.com/wp-content/cache/autoptimize/js/ 180 KB
55 KB 45ms
38ms Script
application/javascript 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.komando.com/wp-content/cache/autoptimize/js/autoptimize_31cd2dcd020668663b3824abe7f5215c.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 126b0db475dac8550795ad28030ebfacde3d381588872e38c9828dc9458e3292

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 02 Sep 2020 15:25:16 GMT
server: cloudflare
age: 2264124
etag: W/"5f4fb95c-2cfcc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2630000
cf-ray: 5da02e78bf6d0629-FRA
cf-request-id: 0577fb5f7500000629841a1200000001

GET
H2 200 a79128fe-d59a-42d8-9e14-0260245c83af.json Show response
cookie-cdn.cookiepro.com/consent/a79128fe-d59a-42d8-9e14-0260245c83af/ 2 KB
2 KB 36ms
21ms XHR
application/x-javascript 2606:4700::6812:778
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/a79128fe-d59a-42d8-9e14-0260245c83af/a79128fe-d59a-42d8-9e14-0260245c83af.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3a596f4c7ac754b8f88aadb4987603e4b56a82b074e14d1a60b2f2cc7429e9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: Cm6zZKZ2XDpDclOZfX6Qrw==
age: 6341
status: 200
cf-request-id: 0577fb5f5d00003250920f4200000001
x-ms-lease-status: unlocked
last-modified: Fri, 25 Sep 2020 14:12:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 52e9bb9c-401e-00aa-2b4e-93185b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 5da02e7899c93250-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 163 KB
49 KB 43ms
35ms Script
application/javascript 2a00:1450:4001:81a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PWK6RF

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9af6550ca2c42a37009bae2158dca11ca60287039f406a7cc4b6b1df1185ecfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49860
x-xss-protection: 0
last-modified: Mon, 28 Sep 2020 18:11:57 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 28 Sep 2020 20:23:19 GMT

GET
H2 200 pubfig.min.js Show response
a.pub.network/komando-com/ 305 KB
76 KB 71ms
39ms Script
application/javascript 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/komando-com/pubfig.min.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29468b66389df59555ae33050768a903311d689837e6aa6e8e33511869282b93

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
cf-cache-status: HIT
x-guploader-uploadid: ABg5-UznmbXhaL_812kjSCA32FNAlbGhJ7B-qXLOvx8Hw-Cp5CB3HQAUWRfyoHdDL1Adz2g7tBTJIweGgBVhglYu3uFpoRxG3g
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
cf-request-id: 0577fb5f8d000018e5a32db200000001
last-modified: Mon, 21 Sep 2020 21:49:14 GMT
server: cloudflare
etag: W/"0c9f250c7d4ace14f64fa892a265565a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=l7/LmQ==, md5=DJ8lDH1KzhT2T6iSomVWWg==
x-goog-generation: 1600724954463575
cache-control: public, max-age=1800
x-goog-stored-content-length: 311838
cf-ray: 5da02e78effb18e5-FRA
expires: Thu, 24 Sep 2020 21:46:38 GMT

GET
H2 200 ping.js Show response
www.stack-sonar.com/ 6 KB
3 KB 2032ms
22ms Script
application/javascript 13.225.73.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.stack-sonar.com/ping.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.73.46 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-46.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5216fcdc6d278ba8cce42f910754b33365608bcba89401423816cc2b7b28f161

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:11:24 GMT
content-encoding: gzip
last-modified: Fri, 06 Sep 2019 17:57:21 GMT
server: AmazonS3
age: 718
etag: "4ccf47293af41539d748a114e8658c75"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: WW7us3Ag-TnJ0t4QUAaYyCkhPU7a_WFM6zGfyYX8H-x1eQ2zIDsumQ==
via: 1.1 57d93b321db68494cc6755a0d3fb29cd.cloudfront.net (CloudFront)

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:11 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 33548
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:11 GMT

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/6.6.0/ 338 KB
61 KB 26ms
25ms Script
application/javascript 2606:4700::6812:778
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.6.0/otBannerSdk.js

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fefa6bc00a2fca4d3ca705862d42dfdbb8f69124b2f0cc0896d3c7c2c05890a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: Xs4BplpA7QV+zkRYpo3+wA==
age: 2314
status: 200
cf-request-id: 0577fb5f8200002c267406a200000001
x-ms-lease-status: unlocked
last-modified: Fri, 11 Sep 2020 01:42:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: aa6d9383-901e-0096-7e0c-88319c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 5da02e78d9f72c26-FRA

GET
DATA 200
OK truncated
/ 501 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 51885f3f46c7317c00dc6b36ae543d48f1b3d1c3768381c9f7c8fb47e38214f1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 985 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f3f58c2fd4529fffc91067658a9689ffc59257d6e329de3f156539fdc9d44c3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2fb500f34c1e92bea56bab8e0e5ccd68f794b9a514e5302a2f7e07723938d91b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 209c5a3d5663e93da5f73f50923b757791f11078e28ec10f6138d65d9b00b1a9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db03313b117d5687f500d3a57cf5a279c0e9c92cf8b2182b5ec74257257537c3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ad-background.png
www.komando.com/wp-content/themes/komando/assets/images/ 167 B
321 B 25ms
24ms Image
image/png 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.komando.com/wp-content/themes/komando/assets/images/ad-background.png
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b94c0c588c960ee9b1b4fdc774c776f770059745e5219ecc28c1cbe5f633ba84

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
cf-cache-status: HIT
last-modified: Wed, 03 Jun 2020 17:53:13 GMT
server: cloudflare
age: 2440141
etag: "5ed7e389-a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 5da02e78e8180629-FRA
content-length: 167
cf-request-id: 0577fb5f9500000629841b9200000001

GET
H3-Q050 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 36ms
16ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 33544
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:15 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 30ms
13ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 33553
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:06 GMT

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Origin: https://www.komando.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 201 KB
61 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=f342c2f17aa356c185df69d9ce43740e&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6053864e7b55bc74a16194f9e8e3abdf839595d95f8938c9db3a94196855d37e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.komando.com
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: NvDjpp8cg12hmc9IjjgDdQ==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 62342
etag: "dd8ca6ed04a588a1c7aa22304d17cbe9"
x-fb-debug: CcNW2Z7jc2ilqr8bidC1oFezJ+boJclSbqh/qt72h956SUgvqFDcXlJz9iOwAC3qg7zkN7lLbJLrvNiJzZBtsQ==
x-fb-trip-id: 664085054
x-fb-content-md5: f057599ae756c8d1c1dee888f58068c5
x-frame-options: DENY
date: Mon, 28 Sep 2020 20:23:19 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Tue, 28 Sep 2021 20:01:45 GMT

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/a79128fe-d59a-42d8-9e14-0260245c83af/544e2fd0-57e1-4ac1-a1c1-d69d2056980e/ 77 KB
13 KB 33ms
29ms Fetch
application/x-javascript 2606:4700::6812:778
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/a79128fe-d59a-42d8-9e14-0260245c83af/544e2fd0-57e1-4ac1-a1c1-d69d2056980e/en.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.6.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56ce45cb99da8ae45d74bf123b740ec2c74c82e7599030e2e9b0904aecff36ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: Gi4O10T7CCRBmrD9ZPm/rg==
age: 3737
status: 200
cf-request-id: 0577fb600800003250920fb200000001
x-ms-lease-status: unlocked
last-modified: Fri, 25 Sep 2020 14:12:45 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 1058ad6c-c01e-0032-6e4e-93383a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
cf-ray: 5da02e79ac913250-FRA

GET
H/1.1 200
OK cookie Show response
d.pub.network/ 36 B
463 B 2313ms
129ms XHR
text/plain 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/cookie
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 3e0d9ede781cc77c3e3935c2d5cc7893fd9dd8ef0b95d285e92b03dfe757dcaf

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Mon, 28 Sep 2020 20:23:21 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 51 KB
18 KB 58ms
39ms Script
text/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51f2ad17b8ea1c4150f2901e1d648f4606a158cd8b15b3276a2df74e56cec904

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "647 / 807 of 1000 / last-modified: 1601301927"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 17530
x-xss-protection: 0
expires: Mon, 28 Sep 2020 20:23:19 GMT

GET
H2 200 gallery.js Show response
freestar-io.videoplayerhub.com/ 126 KB
29 KB 66ms
47ms Script
application/javascript 2606:4700:20::681a:832
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-io.videoplayerhub.com/gallery.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:832 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82eb45a4b3636bf0f88a983199c0830c5e5b64c53ec73684889b69ffeb0be421

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 3416
x-cache: Miss from cloudfront
status: 200
content-encoding: br
content-type: application/javascript
cf-request-id: 0577fb603a0000177ebfa06200000001
last-modified: Mon, 28 Sep 2020 17:26:31 GMT
server: cloudflare
etag: W/"b5a9a5e900d84753cc0c3316dd50e448"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: SzYRQ3zbBwjm1r2YSjNY..VkYvgGzy_I
cache-control: max-age=86400
x-amz-cf-pop: FRA2-C2
cf-ray: 5da02e79f8d9177e-FRA
x-amz-cf-id: R1YsyzlUJHUTBELYT-f2Rtokyw8T0reljKmsJvR7wWuTZz4-4d0Glg==

GET
H2 200 prebid-analytics-3.26.12.js Show response
a.pub.network/core/ 413 KB
122 KB 40ms
38ms Script
text/html 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46fe925aebeb82c977cf241c08c4708f57641674f6f4065796cc4b454649b6ae

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
cf-cache-status: HIT
x-guploader-uploadid: ABg5-UxIz802srrdJd57Xy2JUbsAuSlY64M5WS7AscX_riPVF8hBgloQLNje57WED7pddv4UDH1izF8bZM-DQ4vx5QHMihQRFg
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
content-type: text/html
cf-request-id: 0577fb604a000018e5a32ea200000001
last-modified: Wed, 26 Aug 2020 18:54:36 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=o4JEAg==, md5=xNvwCSi8qTO4CMgYt+2Y2A==
x-goog-generation: 1598468076316093
cache-control: private, max-age=86400
x-goog-stored-content-length: 423274
cf-ray: 5da02e7a1a8318e5-FRA
expires: Mon, 27 Sep 2021 21:42:16 GMT

GET
H/1.1 200
OK location Show response
d.pub.network/ 69 B
507 B 2263ms
129ms XHR
application/json 35.188.71.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/location
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: a791e9bd4e929f0f5db01e6c8bbfbfc3aea7265a8ff98535822f27bb1d63e0d2

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Mon, 28 Sep 2020 20:23:21 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWK6RF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 6578
date: Mon, 28 Sep 2020 18:33:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Mon, 28 Sep 2020 20:33:41 GMT

GET
H2 200 5696.js Show response
script.crazyegg.com/pages/scripts/0092/ 4 KB
2 KB 48ms
21ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0092/5696.js?444812
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWK6RF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f1091622c90672124acea6aa3bd3c22761a88f486f7fc2c2d679765d81b8bc1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: gzip
cf-cache-status: HIT
ce-version: 11.1.118
age: 7760
cf-polished: origSize=4550
status: 200
cf-request-id: 0577fb606b0000d6e159803200000001
last-modified: Mon, 28 Sep 2020 18:13:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
cf-ray: 5da02e7a4bf6d6e1-FRA
cf-bgj: minify

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 135 KB
34 KB 20ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34302
x-xss-protection: 0
pragma: public
x-fb-debug: EXHZDkFM+t/NtzEHk4p+yg2lXK3IH4j7t2UPN+QqOZeb0YrJYnAy6tjuDHUDfUpK2oc4VqgrqTpmCybetYBm5A==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 28 Sep 2020 20:23:19 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/6.6.0/assets/ 12 KB
3 KB 17ms
17ms Fetch
application/json 2606:4700::6812:778
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.6.0/assets/otFlat.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.6.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:778 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae407e415a45b6c720d8d61fef8c28756883d0f546a64e7a2969d6174c669951

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
content-md5: R7qOr1WClmhADOzbz5s+Bw==
age: 1768
status: 200
cf-request-id: 0577fb607d0000325092105200000001
x-ms-lease-status: unlocked
last-modified: Fri, 11 Sep 2020 01:41:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ab24967c-f01e-005b-070d-880176000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 5da02e7a6e3c3250-FRA

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
65 B 13ms
13ms XHR
text/plain 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=669767661&t=pageview&_s=1&dl=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&ul=en-us&de=UTF-8&dt=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1020238450&gjid=693025637&cid=2106507700.1601324599&tid=UA-230639-2&_gid=749919062.1601324599&_r=1&gtm=2wg9g1PWK6RF&z=1285610777

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 28 Sep 2020 20:23:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.komando.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2020092201.js Show response
securepubads.g.doubleclick.net/gpt/ 264 KB
93 KB 1760ms
55ms Script
text/javascript 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

sffe /

Resource Hash

5e1390f7c515a04fbd18d7c3e864de65e7fc473f8a2e5134f74a79e122911dd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Sep 2020 08:40:46 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94816
x-xss-protection: 0
expires: Mon, 28 Sep 2020 20:23:21 GMT

GET
H2 200 org Show response
mrb.upapi.net/ 21 KB
10 KB 37ms
14ms Script
application/javascript 2606:4700:20::ac43:464d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrb.upapi.net/org?o=5714937848528896&upapi=true
Requested by: Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:464d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 394ee880685b17bc2c3e8a5a628c4ddce428531b165836c0b5717c71d76faeb7

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
via: 1.1 google
cf-cache-status: HIT
age: 2387
status: 200
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0577fb60ca00001f39c4acf200000001
server: cloudflare
etag: W/"c1be2d710a898d640eb2197efebe33ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800, must-revalidate
cf-ray: 5da02e7adadf1f39-FRA

GET
H2 200 2818864641552220 Show response
connect.facebook.net/signals/config/ 524 KB
133 KB 70ms
70ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2818864641552220?v=2.9.24&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f0b5290ffd7ebefe5bb9d7cde55f244efb5076db25b9b2a85b9d1b14f7972d25

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: d8EmorTjbjXNvAY8llLh6ksh/nx19ZYwAUAeMf9xuIt9d9pnlb6LIRAY2prm/Rmp1WjV6hHoxaeQ32qZ8/Db9w==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 28 Sep 2020 20:23:19 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
89 B 16ms
15ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-230639-2&cid=2106507700.1601324599&jid=1020238450&gjid=693025637&_gid=749919062.1601324599&_u=YEBAAEAAAAAAAC~&z=1943707084

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 28 Sep 2020 20:23:19 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.komando.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 11.1.118.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 99 KB
32 KB 17ms
17ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.118.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0092/5696.js?444812
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9417079952dbe5d1b1bc0bf209d04bcf97459ce3c271837b4d9c45a48e3ecfa

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 440920
cf-polished: origSize=105320
status: 200
cf-request-id: 0577fb60e10000d6e15980c200000001
last-modified: Mon, 14 Sep 2020 15:45:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
cf-ray: 5da02e7b0d8bd6e1-FRA
cf-bgj: minify

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
295 B 32ms
31ms Image
image/gif 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-230639-2&cid=2106507700.1601324599&jid=1020238450&_u=YEBAAEAAAAAAAC~&z=273238678

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Sep 2020 20:23:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
513 B 47ms
28ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-230639-2&cid=2106507700.1601324599&jid=1020238450&_u=YEBAAEAAAAAAAC~&z=273238678

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Sep 2020 20:23:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 code Show response
mrb.upapi.net/ 710 KB
225 KB 46ms
46ms Script
application/javascript 2606:4700:20::ac43:464d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mrb.upapi.net/code?w=5715376530784256&upapi=true
Requested by: Host: mrb.upapi.net
URL: https://mrb.upapi.net/org?o=5714937848528896&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:464d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52d1fa8a9ebff6670209bdaf47bafa374eb128a7c83a73d372f5538fbaa2e6e1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
via: 1.1 google
cf-cache-status: HIT
age: 1420
status: 200
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0577fb610000001f39c4ad3200000001
server: cloudflare
etag: W/"1e4b92d725f13691728721882c009b60"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800, must-revalidate
cf-ray: 5da02e7b3bbc1f39-FRA

GET
H2 200 /
www.facebook.com/tr/ 44 B
376 B 18ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2818864641552220&ev=PageView&dl=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&rl=&if=false&ts=1601324599619&sw=1600&sh=1200&v=2.9.24&r=stable&ec=0&o=30&fbp=fb.1.1601324599618.1482577881&it=1601324599484&coo=false&rqm=GET

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 28 Sep 2020 20:23:19 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
491 B 1560ms
23ms Image
image/x-icon 216.58.208.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.208.38 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s12-in-f38.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 05:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55073
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 29 Sep 2020 05:05:28 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
626 B 30ms
13ms Image
image/gif 2606:4700:20::ac43:4513
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.421559061240697
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:19 GMT
via: 1.1 a7dcca466407f1871feceef50bc84272.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 5021
x-cache: Hit from cloudfront
status: 200
content-type: image/gif
content-length: 43
cf-request-id: 0577fb615e000005bfdc155200000001
last-modified: Thu, 27 Jul 2017 18:59:05 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=86400
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 5da02e7bcc3005bf-FRA
x-amz-cf-id: zx5or2QQz0UItFDMtwaIOBc4eiC9w6ElSPb05w8jTHIHaP1qWucf7A==

POST
H2 200 /
www.facebook.com/tr/ 0
106 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarytMgfajczgtNM4BKO

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Mon, 28 Sep 2020 20:23:20 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 pubfig.messaging.2.1.2.js Show response
a.pub.network/core/ 196 KB
52 KB 85ms
85ms Script
text/javascript 2606:4700:20::681a:8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6883ce59605b04b6c6782ba17cb02dae671c9228e429ced6c1ab1171a38e12a1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:20 GMT
content-encoding: br
cf-cache-status: HIT
x-guploader-uploadid: ABg5-UzlCZQbHEcuhmKxmG6SCdiALbP0Gf7LFvp1VD5Cq7Xa2dKRhh1rZE7LldyNNB6PESWRgntNy8eiwSF0OfO26tLQV-DwDg
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-type: text/javascript
cf-request-id: 0577fb6428000018e5a333e200000001
last-modified: Thu, 21 May 2020 18:48:40 GMT
server: cloudflare
etag: W/"a191b1edb3810d2c6bbd73bfed144567"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=ZRmSfw==, md5=oZGx7bOBDSxrvXO/7RRFZw==
x-goog-generation: 1590086920350282
cache-control: private, max-age=1800
x-goog-stored-content-length: 200438
cf-ray: 5da02e804a0418e5-FRA
expires: Fri, 24 Sep 2021 21:42:12 GMT

GET
H2 200 pv Show response
backend.upapi.net/ 0
108 B 311ms
254ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://backend.upapi.net/pv?pid=iZlSubgg&br=chrome&sid=kPjLbGiU&w=5715376530784256&cv=14b17a51-v2&r=false&upapi=true
Requested by: Host: mrb.upapi.net
URL: https://mrb.upapi.net/code?w=5715376530784256&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:21 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: https://www.komando.com
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 108 KB
28 KB 1146ms
66ms Script
application/javascript 99.86.240.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.180 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-180.vie50.r.cloudfront.net
Software: Server /
Resource Hash: 02a2079808b1d062ff16a7d19627e9ee4a94f989aa879d9f81333364fa5a8ea0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:13:16 GMT
content-encoding: gzip
server: Server
age: 605
etag: 7332ce399a8e629a25d60312745ef936
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=900
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 8FzKajtx7cr3DmCUx4b2Ti6QVpxnO8s47hQprSgA0ahpaLo6CN-kKg==
via: 1.1 08fee972d33a4bc475aad82a2fc199cc.cloudfront.net (CloudFront)

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST 25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 0
0

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 87ms
39ms XHR
text/plain 3.126.224.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=9MEQZN2deHJrCcpvbkL54Zkc&bidId=5affcbfd761a6c&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.224.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 28 Sep 2020 20:23:21 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

POST prebid
ib.adnxs.com/ut/v3/ 0
0

POST v1
dmx.districtm.io/b/ 0
0

POST auction
tlx.3lift.com/header/ 0
0

GET prebid
ads.yieldmo.com/exchange/ 0
0

POST prebid
ib.adnxs.com/ut/v3/ 0
0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 259 B
2 KB 478ms
157ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=2&alt_size_ids=55%2C221&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=9d62d598-0352-4be6-9f25-e6200f9ffcb4&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.16320557299050686
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 8515bd40d8243dbc1e8e7e1735fbda57340c0e5b4d00b6fb3b4aabd7c486b3cb

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:21 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 239 B
2 KB 598ms
118ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=2&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=56c9a2c0-aad5-44ed-89ec-d702b0cea783&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8243918385990578
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: c52bdd7ff253ce5e7c1ccde55d3292769f342c125b30a1494273ae6e7a10ffbc

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:21 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 239
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
8 KB 25ms
8ms Script
application/javascript 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 403bfa21e733c139da9d7d87c48fa0ebbed91514fbbadf34cbc455294a004389

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:21 GMT
content-encoding: gzip
etag: "M/QWkfLVS4vR+GrkCudkBg=="
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Mon, 05 Oct 2020 20:23:21 GMT

GET
H2 200 bxl.js Show response
hbx.media.net/ 23 KB
9 KB 1127ms
61ms Script
text/javascript 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=www.komando.com&version=&https=1

Requested by

Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

2e2d1788ea05b02d90b012643125e8ea70bdc8b1efafaf16c27b86e1ad97b327

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Mon, 28 Sep 2020 20:23:22 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
status: 200
cache-control: max-age=86400
content-length: 8895
x-mnet-hl2: E
expires: Tue, 29 Sep 2020 20:23:22 GMT

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 4314ms
28ms Script
application/x-javascript 104.111.238.139
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/komando-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-238-139.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:25 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Tue, 29 Sep 2020 20:23:25 GMT

GET
H/1.1 200
OK conf.js Show response
config.anyclip.com/anyclip-widget/config/komandocom/0011r00002HG7NL_1462/ 7 KB
7 KB 130ms
44ms Script
application/javascript 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://config.anyclip.com/anyclip-widget/config/komandocom/0011r00002HG7NL_1462/conf.js?cb=93052
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 633aeda2d57927567b195da28166cf7d5a619539c2a3dc4793a88d62ea9bbe25

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:21 GMT
Content-Encoding: UTF-8
Age: 93486
x-amz-meta-updatedby: yahalom@anyclip.com
Connection: keep-alive
Content-Length: 7047
x-amz-id-2: Aar7JDg+9hvkznvjpQXpianT+NXZn7IptUdfgakVGiWjMMW7BaMpeQrivPK2sSPlcynzdQFbNpE=
Last-Modified: Wed, 16 Sep 2020 11:29:10 GMT
Server: AmazonS3
x-amz-request-id: DY6Q1ZBH8X1M8G0Y
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-version-id: VxplPuldHc.gUbsTH07dwjjGaA1XDphf
Accept-Ranges: bytes
Content-Type: application/javascript;charset=UTF-8
X-LLID: e9f53adb97a2b5bfdea0b2860d12bc6c

GET
H/1.1 200
OK rules.js Show response
player.anyclip.com/anyclip-widget/lre-widget/sps-flow/ 474 B
959 B 44ms
43ms Script
application/javascript 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://player.anyclip.com/anyclip-widget/lre-widget/sps-flow/rules.js
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: bf8a3d71354828a837da5f234fdeab608b2e535b11b4851e89d75b1686686635

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:21 GMT
Content-Encoding: gzip
Age: 57851
x-amz-meta-sha256: bf8a3d71354828a837da5f234fdeab608b2e535b11b4851e89d75b1686686635
Connection: keep-alive
Content-Length: 216
x-amz-id-2: vSLogpMDrNBm2IYWcVta1K5bPOfmlqgU3XyVZfmtf8AdaIbQMGMC1MwXj+7MKU4F9xWaVaMycZc=
Last-Modified: Thu, 30 Apr 2020 15:11:24 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 2B575A414AE4DC7A
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-meta-s3b-last-modified: 20200430T151051Z
x-amz-version-id: Dnob.rNfaHkFPCA9eGou8IS.DrpBU9EH
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: 80f99ea651ade2415314281c7f6c3c44
Expires: Mon, 28 Sep 2020 04:20:10 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
185 B 3324ms
120ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=1&val=vjs&wnx=0&abc=&ty=wlo&v=0&ext=0&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:24 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 3325ms
121ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?dom=www.komando.com&cke=true&lan=en-US&plat=Linux+x86_64&net=-&ver=js3.0.32.1.821&dev=desktop&os=MacOS&bw=Chrome%2C83&ua=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&ty=data&rt=3&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:24 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
BLOB 200
OK 8fc015ef-4ef2-4ee1-8e98-f4f90a3c5a40
https://www.komando.com/ 429 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.komando.com/8fc015ef-4ef2-4ee1-8e98-f4f90a3c5a40
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3d5535fc993e2a02b5523add7738f08a15fabac527da55db4834d64603e97e83

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 429

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 993dd9c705fd43f0ae68f0f6bd7dd6e40e1120a16327b21339f5da90bc238c28

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3-Q050 200 KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b6863771c330f7b6a857dbfee3959d8e8c61c0e34f1e9ba5f6f38268d05573d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:300,400,400i,500,700,700i,900&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:11 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:19:08 GMT
server: sffe
age: 33550
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11012
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:11 GMT

GET
BLOB 200
OK a28d65f8-ab45-460c-81e7-adbfcd8df6e0
https://www.komando.com/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.komando.com/a28d65f8-ab45-460c-81e7-adbfcd8df6e0
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
711 B 1143ms
20ms XHR
application/json 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:22 GMT
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 731.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.5:80
AN-X-Request-Uuid: c244cb7f-7193-49e1-8512-7add580b01d9
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 262 B
2 KB 641ms
144ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=15&alt_size_ids=9%2C10&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=0cbb60c0-0591-42d6-84dc-7269304ade99&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5436955186088914
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 1c4ec986748a3b7e79915edb7ca6c52f4c8953c2443f92eb5fbcd8425d831875

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:22 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 262
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET prebid
ads.yieldmo.com/exchange/ 0
0

POST auction
tlx.3lift.com/header/ 0
0

POST prebid
ib.adnxs.com/ut/v3/ 0
0

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
425 B 1105ms
23ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 28 Sep 2020 20:23:22 GMT
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
cf-ray: 5da02e8e2e740b78-AMS
access-control-allow-headers: Content-Type, Origin
cf-request-id: 0577fb6cd600000b783fb20200000001

POST 25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 0
0

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 29ms
29ms XHR
text/plain 3.126.224.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=NsczxcWw93Nv4keUqcRTu8gR&bidId=41c5efb608b01d9&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.224.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 28 Sep 2020 20:23:21 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 94ms
94ms XHR
text/plain 3.126.224.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=KYVqfjZMQtN1DsZXVKCAPhr2&bidId=42dd740db76cd19&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.224.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 28 Sep 2020 20:23:21 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET
H2 200 rules-p-UeXruRVtZz7w6.js Show response
rules.quantcount.com/ 2 KB
1 KB 71ms
16ms Script
application/x-javascript 2600:9000:206e:1800:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:1800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 19:55:36 GMT
content-encoding: gzip
last-modified: Thu, 07 Dec 2017 17:06:25 GMT
server: AmazonS3
age: 1666
etag: W/"cbc97d16c77ea1fcbbf42d246001e982"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: Trl5R-jn5a2ElBaw0bAr17ElrZiWiLwaFT06C9H6UJI77MjRNkWdsg==
via: 1.1 c3369d9c96b77d67d8462b9636a6d7c2.cloudfront.net (CloudFront)

GET
DATA 200
OK truncated
/ 135 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1632e13bb4b75973ab4e1ae7b45ebbcf3aae9dc050a24048d6875d6e3a466088

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 personalized-content Show response
www.komando.com/wp-json/komando/v1/ 84 B
658 B 287ms
286ms XHR
application/json 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.komando.com/wp-json/komando/v1/personalized-content?_wpnonce=9c1e4e933d&post_ids=null&current_post_id=755764

Requested by

Host: www.komando.com
URL: https://www.komando.com/wp-content/cache/autoptimize/js/autoptimize_31cd2dcd020668663b3824abe7f5215c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

e9e40f737e08ad5b6c7ec3d3ee2232ce91f00b1f4f753c79f5e8e4f74c1c4a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-powered-by: WP Engine
status: 200
cf-request-id: 0577fb692000000629842e5200000001
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
server: cloudflare
x-wp-nonce: 9c1e4e933d
x-wp-doingitwrong: wp_send_json (since 5.5.0; Return a WP_REST_Response or WP_Error object from your callback when using the REST API.)
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-NR-SAMPLE-PERCENT
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-robots-tag: noindex
cf-ray: 5da02e883e3b0629-FRA
link: <https://www.komando.com/wp-json/>; rel="https://api.w.org/"
x-pass-why: custom-cookie

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/komando/ 211 KB
29 KB 415ms
120ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/komando/loader.js
Requested by: Host: www.komando.com
URL: https://www.komando.com/wp-content/cache/autoptimize/js/autoptimize_31cd2dcd020668663b3824abe7f5215c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cd65be12262a2774c87d77fbbeccf6a965c2455bca82031acbe6838db0c489b0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: WO2Dp7boCNaYR8gCSi3VC7dLV3oFvROF
content-encoding: gzip
etag: "e6e662c6f9151d2610c24a62e7195037"
age: 0
x-cache: HIT
status: 200
content-length: 28872
x-amz-id-2: Xu2jQjX1Nslhb2WCzc0bB/kL4kysl+n55E1SdlgXaNOBvRUCd8K4DVBLjiYbvgAemuRVEtZ6YsY=
x-served-by: cache-fra19183-FRA
last-modified: Thu, 24 Sep 2020 13:47:04 GMT
server: AmazonS3
x-timer: S1601324602.937024,VS0,VE99
date: Mon, 28 Sep 2020 20:23:22 GMT
vary: Accept-Encoding
x-amz-request-id: 5A73368F324033D4
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 24
x-cache-hits: 1

GET
H2 200 like.php
www.facebook.com/v4.0/plugins/ Frame 9E77 0
0 60ms
60ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v4.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ca9c7df9036ac%26domain%3Dwww.komando.com%26origin%3Dhttps%253A%252F%252Fwww.komando.com%252Ff33538c18b98568%26relation%3Dparent.parent&container_width=394&href=https%3A%2F%2Fwww.facebook.com%2Fkimkomando&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&width=

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=f342c2f17aa356c185df69d9ce43740e&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /v4.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1ca9c7df9036ac%26domain%3Dwww.komando.com%26origin%3Dhttps%253A%252F%252Fwww.komando.com%252Ff33538c18b98568%26relation%3Dparent.parent&container_width=394&href=https%3A%2F%2Fwww.facebook.com%2Fkimkomando&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&width=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: fr=0oqpu1sqyQe3YVBsB..BfckY3...1.0.BfckY3.
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
strict-transport-security: max-age=15552000; preload
content-encoding: br
timing-allow-origin: *
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary: Accept-Encoding
x-content-type-options: nosniff
facebook-api-version: v4.0
x-xss-protection: 0
content-type: text/html; charset="utf-8"
x-fb-debug: ay7UG1fNUlT2nU1YhW5YAnzzNQZ/hy2G+GsQdbngiajUZgb1t/nn3UMD8MGOLHC33bgbBB8oBghX1q3VLNQJRw==
date: Mon, 28 Sep 2020 20:23:21 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H2 204 event
api.stack-sonar.com/v1/ 0
101 B 552ms
101ms Image
text/plain 23.23.105.3
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.stack-sonar.com/v1/event?ts=1601324599145&_v=1.1.6&_c=stack-connect-wp&_a=d8d92097-4956-4278-a4fb-e4f90a0cbe03&_f=0&_u=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&_r=&_x=1&_l=https%3A%2F%2Fdeals.komando.com%2Fsales%2Fluft-cube-portable-filterless-air-purifier-black-gold%3Futm_source%3Dkomando.com%26utm_medium%3Dreferral%26utm_campaign%3Dluft-cube-portable-filterless-air-purifier-black-gold%26utm_term%3Dscsf-433502%26utm_content%3Da0x1P000004Y7oIQAS%26scsonar%3D1&_p=0&_z=1601324601665.245942462&_y=1601324601665.1386237319&_t=1601324602&_s=send&_e=session-start
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.105.3 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-105-3.compute-1.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Mon, 28 Sep 2020 20:23:22 GMT
cache-control: no-cache, no-store, must-revalidate
server: nginx/1.14.1
vary: Origin

GET
H2 200 widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html
platform.twitter.com/widgets/ Frame AD61 0
0 26ms
26ms Document
text/html 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.komando.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=https%3A%2F%2Fwww.komando.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
last-modified: Tue, 01 Sep 2020 17:58:17 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "9fa476ae827f556d5b037fe43632370d+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Mon, 28 Sep 2020 20:23:21 GMT
x-served-by: cache-bwi5127-BWI, cache-fra19169-FRA
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 5825

GET
H2 200 count.json Show response
api.pinterest.com/v1/urls/ 133 B
379 B 3495ms
159ms Script
application/javascript 2.21.37.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pinterest.com/v1/urls/count.json?callback=WPCOMSharing.update_pinterest_count&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&_=1601324601596

Requested by

Host: www.komando.com
URL: https://www.komando.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.21.37.27 , France, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a2-21-37-27.deploy.static.akamaitechnologies.com

Software

Resource Hash

167eefa83e1aa1374767855f64054dde21c967fc23cd0dfe4217aaa4cb02a7db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:25 GMT
x-content-type-options: nosniff
x-cdn: akamai
age: 0
status: 200
content-type: application/javascript
access-control-allow-origin: *
cache-control: private
x-envoy-upstream-service-time: 2
content-length: 133
x-pinterest-rid: 7632054692503814
expires: Mon, 28 Sep 2020 20:38:25 GMT

GET
H2 200 / Show response
graph.facebook.com/ 244 B
629 B 49ms
34ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&_=1601324601597

Requested by

Host: www.komando.com
URL: https://www.komando.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5cde1be2072eac8a28109762ecc39dedb5b0afdb8c67c68fe8527dbc1826d312

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
status: 200
x-fb-rev: 1002733620
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 183
pragma: no-cache
x-fb-debug: Vfzm4FPNFPW3pRUMhAKJLd9QvSYDnpnmha5PGjHCrpt7MmSnXqc7W+unk0RAAVtChkgpdfrEH1bU5gOMOvgcEA==
x-fb-trace-id: BdS03A2jB3M
date: Mon, 28 Sep 2020 20:23:21 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AHgwAgiL5MIGnIdY9DJeHpc
cache-control: no-store
facebook-api-version: v3.1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 18ms
17ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=pinterest&r=0.6834771055407307
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:21 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 17ms
16ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.43978828278498505
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:21 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3-Q050 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/ 113 KB
41 KB 27ms
13ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e098e7520dbccfe6cdaa96ce30b3245894b060fdc2d31145e870c81432cff684

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 19:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Sep 2020 19:28:50 GMT
server: sffe
age: 434203
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41075
x-xss-protection: 0
expires: Thu, 23 Sep 2021 19:46:38 GMT

GET
H3-Q050 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/ 119 KB
40 KB 27ms
14ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89cb81b15741129a01edcb8665b1f6172e270197a1335e9f0db3558e6c338a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 19:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Sep 2020 19:28:50 GMT
server: sffe
age: 434203
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41260
x-xss-protection: 0
expires: Thu, 23 Sep 2021 19:46:38 GMT

GET
H2 200 subscribe_embed
www.youtube.com/ Frame 1676 0
0 71ms
51ms Document
text/html 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/subscribe_embed?usegapi=1&channel=kimkomandoshow&layout=default&theme=dark&count=hidden&origin=https%3A%2F%2Fwww.komando.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /subscribe_embed?usegapi=1&channel=kimkomandoshow&layout=default&theme=dark&count=hidden&origin=https%3A%2F%2Fwww.komando.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
expires: Tue, 27 Apr 1971 19:44:06 GMT
content-length: 1606
cache-control: no-cache
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
date: Mon, 28 Sep 2020 20:23:21 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: YSC=pQO0mq0_uVo; path=/; domain=.youtube.com; secure; httponly; samesite=None VISITOR_INFO1_LIVE=aJSFKhZZUQE; path=/; domain=.youtube.com; secure; expires=Sat, 27-Mar-2021 20:23:21 GMT; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Mon, 28-Sep-2020 20:53:21 GMT
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 42ms
42ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A8.8.2&blog=166923932&post=755764&tz=-7&srv=www.komando.com&host=www.komando.com&ref=&fcp=404&rand=0.8521337529104125
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:21 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 update-user-data.html
widget-modal-popup-v2-prod.firebaseapp.com/ Frame 4D33 0
0 599ms
561ms Document
text/html 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://widget-modal-popup-v2-prod.firebaseapp.com/update-user-data.html?domain_id=VAkN2egYB1&uid=d211e91c-c62d-4c0c-a72c-ca705fca7df3&language=en-US&profile=

Requested by

Host: sdk.jeeng.com
URL: https://sdk.jeeng.com/v3.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: widget-modal-popup-v2-prod.firebaseapp.com
:scheme: https
:path: /update-user-data.html?domain_id=VAkN2egYB1&uid=d211e91c-c62d-4c0c-a72c-ca705fca7df3&language=en-US&profile=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
cache-control: max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
etag: "37c821f4e5a356fc27353b7ba6da1863cce689e0753f44bac5e094d0a7d80d4b"
last-modified: Mon, 10 Jun 2019 11:44:02 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Mon, 28 Sep 2020 20:23:22 GMT
x-served-by: cache-ams21046-AMS
x-cache: MISS
x-cache-hits: 0
x-timer: S1601324602.806862,VS0,VE545
vary: x-fh-requested-host, accept-encoding
content-length: 372

GET
H2 200 lokibot-malware.jpg
www.komando.com/wp-content/uploads/2020/09/ 132 KB
132 KB 97ms
96ms Image
image/jpeg 2606:4700::6812:a460
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.komando.com/wp-content/uploads/2020/09/lokibot-malware.jpg
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a460 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5416bb3c019c4a5687c50ecb53535f402e8baaa3d24812d662e8d9cbd2a9d69b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:21 GMT
cf-cache-status: HIT
age: 332490
status: 200
content-length: 135250
cf-request-id: 0577fb69ae00000629842f2200000001
last-modified: Thu, 24 Sep 2020 21:37:14 GMT
server: cloudflare
etag: "5f6d118a-21052"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 5da02e8918d00629-FRA
cf-bgj: h2pri

GET
H2 200 button.e24f3bcdec527b80b9c80e88b62047c3.js Show response
platform.twitter.com/js/ 7 KB
2 KB 22ms
22ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.e24f3bcdec527b80b9c80e88b62047c3.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: da3e524928bcca821af2551eb6f9e9ae2449ceb48642cce4f2dae23383098537

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:21 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 2295
x-served-by: cache-bwi5140-BWI, cache-fra19169-FRA
last-modified: Tue, 01 Sep 2020 17:58:08 GMT
etag: "2288bbd5e30b6dba457d3d615de9e136+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 pixel;r=1335011167;labels=title.Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet;rf=0;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keyl...
pixel.quantserve.com/ 35 B
371 B 10ms
8ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1335011167;labels=title.Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet;rf=0;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F;fpan=1;fpa=P0-2086804669-1601324601784;ns=0;ce=1;qjs=1;qv=4f9b77f5-20200917130726;cm=;gdpr=0;ref=;d=komando.com;je=0;sr=1600x1200x24;enc=n;dst=1;et=1601324601783;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet%2Cdescription.If%20your%20device%20is%20infected%20with%20Lokibot%20malware%252C%20kiss%20your%20credit%20cards%20goodbye%252E%2Curl.https%3A%2F%2Fwww%252Ekomando%252Ecom%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F%2Csite_name.Komando%252Ecom%2Cimage.https%3A%2F%2Fwww%252Ekomando%252Ecom%2Fwp-content%2Fuploads%2F2020%2F09%2Flokibot-malware%252Ejpg%2Cimage%3Awidth.1200%2Cimage%3Aheight.675

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Sep 2020 20:23:21 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
status: 200
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 postmessageRelay
accounts.google.com/o/oauth2/ Frame 1131 0
0 61ms
40ms Document
text/html 2a00:1450:4001:800::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.komando.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HIYD6eY2SaqMvVTJ/GtrQw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.komando.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=204=UChb0o1ExPLLVJFd3WicHdRqYCMcqxwPFWroTtMHE5fgF0cDi-vlr7OZ4-tPVyymH74DgiyX5F_yBhMMdyz9TTnGTXq-cJ4aYOnRPWTVtzJXrrppM69ZmaLvtWHfBNZJIgcbVU8rN-Aov5a00xT0b4Jrb3dfo96U91-oRhcIBjM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 28 Sep 2020 20:23:21 GMT
content-security-policy: script-src 'report-sample' 'nonce-HIYD6eY2SaqMvVTJ/GtrQw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

HEAD
H/1.1 200
OK advertising.js
assets.anyclip.com/anyclip-widget/lre-widget/assets/js/ 0
0 375ms
42ms Fetch
application/javascript 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/js/advertising.js
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:22 GMT
Age: 10935
Connection: keep-alive
Content-Length: 32
x-amz-id-2: NBDpHw5Poq97ZFpOuzI88UZOA4gQQPiyUBELYWPE4j9kIrhmw06ACBPViJMAfSExbXoF/1dk628=
Last-Modified: Mon, 10 Dec 2018 11:26:45 GMT
Server: AmazonS3
x-amz-request-id: 5DE6ADBB9B4BFBDD
Access-Control-Allow-Origin: *
Expires: Mon, 28 Sep 2020 21:21:07 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: yQR7I__mdWlTGiugUbenyyFFuDDzo_a4
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: 926a1fa1ccb9524b066a1648f43edef2
x-amz-meta-s3b-last-modified: 20181210T110233Z

HEAD
H2 200 ima3.js
imasdk.googleapis.com/js/sdkloader/ 0
0 72ms
49ms Fetch
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 28 Sep 2020 20:23:21 GMT

GET
H/1.1 200
OK 362290
vid.springserve.com/vast/ 22 B
0 3871ms
37ms Fetch
application/xml 34.249.58.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/362290
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.58.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-58-234.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:25 GMT
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 22

HEAD
H2 200 loader.js
imasdk.googleapis.com/js/sdkloader/ 0
0 28ms
7ms Fetch
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/loader.js

Requested by

Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 23 Sep 2020 23:32:11 GMT
server: sffe
age: 6
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18664
x-xss-protection: 0
expires: Mon, 28 Sep 2020 20:38:15 GMT

HEAD
H2 200 client.js
s0.2mdn.net/instream/video/ 0
0 71ms
49ms Fetch
text/javascript 2a00:1450:4001:819::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 28 Sep 2020 20:23:21 GMT

HEAD
H2 200 bridge3.377.0_en.html
imasdk.googleapis.com/js/core/ 0
0 31ms
9ms Fetch
text/html 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://imasdk.googleapis.com/js/core/bridge3.377.0_en.html
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

HEAD
H2 400 /
lreprx-server.anyclip.com/ 0
0 550ms
100ms Fetch
text/html 34.202.140.116
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lreprx-server.anyclip.com/?
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.202.140.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-202-140-116.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:22 GMT
x-powered-by: Express
etag: W/"12-aYDwc8aOzxQtGy9nc7j5YT71TdA"
status: 400
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 18

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 2864ms
120ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=464&val=0&wnx=0&abc=&ty=blo&v=0&ext=0&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:24 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 follow_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
platform.twitter.com/widgets/ Frame EB2C 0
0 23ms
22ms Document
text/html 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /widgets/follow_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
last-modified: Tue, 01 Sep 2020 17:58:09 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "ddc15fa67e38644c860f8d9dba000a69+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Mon, 28 Sep 2020 20:23:21 GMT
x-served-by: cache-bwi5147-BWI, cache-fra19169-FRA
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 13677

GET
H2 200 load.js Show response
widget.perfectmarket.com/komando/ 3 KB
1 KB 243ms
195ms Script
application/javascript 151.101.113.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/komando/load.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/komando/loader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.181 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61fbc34f91d8af09b7d8434e27d4f7f12fdfae8311d2d26d0eea187ad16c4dd6

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: zbbQXN6FX1TkmBGibAJpQk24j4NgmgPf
content-encoding: gzip
etag: "831b8a927926b7ec203a2adfe80150fc"
age: 0
x-cache: HIT, MISS
status: 200
content-length: 1097
x-amz-id-2: 20BoGN6HjIVoQ4Q9dAzS9JEH/ve6VST6LRMEGcaCJeAhAgi5MuBzCteGKphy/G9QEAiT2j9gCpw=
x-served-by: cache-lax8633-LAX, cache-hhn4058-HHN
last-modified: Mon, 30 Mar 2020 06:23:42 GMT
server: AmazonS3
x-timer: S1601324602.144650,VS0,VE173
date: Mon, 28 Sep 2020 20:23:22 GMT
vary: Accept-Encoding,,
x-amz-request-id: 690796A74930B50D
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=300
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 1, 0

GET
H2 200 impl.20200924-16-RELEASE.js Show response
cdn.taboola.com/libtrc/ 443 KB
126 KB 22ms
21ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/komando/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b3c7fc0cf7be713a4e97298f59db197355a9bdbd1d55944e6d8a4006f1a01cf6

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: a9hIErR8tUfR5NJzCLK.m8.JA9ROZFL7
content-encoding: gzip
etag: "88a18abc6991654efbee3cb01d168553"
age: 36
x-cache: HIT
status: 200
x-amz-replication-status: COMPLETED
content-length: 128167
x-amz-id-2: RoywnVIDT/mlGYmiueGx9nKKMOQX7ctOfoxEjJCKW9i9fCcX/B5lgmZLkxj5GtGZdUG3cVSkrgw=
x-served-by: cache-fra19183-FRA
last-modified: Thu, 24 Sep 2020 13:17:47 GMT
server: AmazonS3
x-timer: S1601324602.097407,VS0,VE0
date: Mon, 28 Sep 2020 20:23:22 GMT
vary: Accept-Encoding
x-amz-request-id: 4D7817B51949B087
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 22
x-cache-hits: 236

GET
H2 200 vv.20200924-16-RELEASE.js Show response
cdn.taboola.com/libtrc/ 11 KB
4 KB 41ms
41ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/vv.20200924-16-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/komando/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 64bd7529494fcb29ae2245d4d977261083632b107e5e468df0f997e858ebdf84

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: YPJau10pAwyoxZ9fjFZluZSqE7m9iHXn
content-encoding: gzip
etag: "b89fb6f06c6120970015e9f8699f43d5"
age: 110
x-cache: HIT
status: 200
x-amz-replication-status: COMPLETED
content-length: 3858
x-amz-id-2: 9pbS3OekIs7C35KYLU1cCLiOSwWV/FN3sFlUYyNXabwkJVkubu5tsqG0cRsrOaXzM8NPLDn2nnA=
x-served-by: cache-fra19183-FRA
last-modified: Thu, 24 Sep 2020 13:18:53 GMT
server: AmazonS3
x-timer: S1601324602.098100,VS0,VE0
date: Mon, 28 Sep 2020 20:23:22 GMT
vary: Accept-Encoding
x-amz-request-id: 1K5Z2G0NDN5J0V6J
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 22
x-cache-hits: 2

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
383 B 141ms
141ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22kimkomando%22%2C%22widget_creator_screen_name%22%3A%22kimkomando%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22l%3Awithcount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1601324602093%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22219d021%3A1598982042171%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22follow%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Mon, 28 Sep 2020 20:23:22 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 7535f21a836c0efcc56aebcb575aac41
x-transaction: 004b6b710082a6b2
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 json Show response
trc.taboola.com/komando/trc/3/ 28 KB
9 KB 2311ms
2309ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/trc/3/json?tim=22%3A23%3A22.316&lti=deflated&data=%7B%22id%22%3A116%2C%22ii%22%3A%22%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1600955214397%2C%22vi%22%3A1601324602304%2C%22cv%22%3A%2220200924-16-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A4472%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A10%2C%22uim%22%3A%22alternating-thumbnails-rr%3Aabp%3D0%22%2C%22uip%22%3A%22Alternating%20Right%20Rail%20Thumbnails%22%2C%22orig_uip%22%3A%22Alternating%20Right%20Rail%20Thumbnails%22%2C%22cd%22%3A1841.90625%2C%22mw%22%3A320%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A8%2C%22uim%22%3A%22thumbnails-b%3Aabp%3D0%22%2C%22uip%22%3A%22Right%20Rail%20Thumbnails%22%2C%22orig_uip%22%3A%22Right%20Rail%20Thumbnails%22%2C%22cd%22%3A1841.90625%2C%22mw%22%3A320%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2baedd643cd727e26f71bf8c9cd0dbdfaedd71804ce29672363e11d696283c86

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 311
date: Mon, 28 Sep 2020 20:23:22 GMT
content-encoding: gzip
access-control-allow-origin: *
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 200
x-served-by: cache-fra19183-FRA
server: nginx
x-timer: S1601324602.330734,VS0,VE311
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 pmk-202003261.3.js Show response
widget.perfectmarket.com/komando/ 123 KB
33 KB 24ms
24ms Script
application/javascript 151.101.113.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.perfectmarket.com/komando/pmk-202003261.3.js
Requested by: Host: widget.perfectmarket.com
URL: https://widget.perfectmarket.com/komando/load.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.181 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdc6f35981582b0bb0423b70243eac10776c99215aaa26dede1b002555215e99

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: YhuGJjURZcrX1KZYhHO4_Ttv7PP3uqxa
content-encoding: gzip
etag: "b260aa8e83f78718a8ac4ccd94927248"
age: 15775177
x-cache: HIT, HIT
status: 200
content-length: 33475
x-amz-id-2: +VW0umj+V3gU9R6cX+XRiQsT3v6VjNYdH83nGJoW/Y/BNdOq/EENOnjlJHQK5x+CbY0wktAbi8g=
x-served-by: cache-lax8651-LAX, cache-hhn4058-HHN
last-modified: Mon, 30 Mar 2020 06:23:41 GMT
server: AmazonS3
x-timer: S1601324602.342931,VS0,VE1
date: Mon, 28 Sep 2020 20:23:22 GMT
vary: Accept-Encoding,,
x-amz-request-id: 684F1121138BDF42
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 2, 1

GET
H2 200 entities Show response
users.api.jeeng.com/ 236 B
443 B 3497ms
3484ms XHR
application/json 2a02:26f0:eb::214:bef6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://users.api.jeeng.com/entities?url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&domain_id=VAkN2egYB1&read_only=false
Requested by: Host: sdk.jeeng.com
URL: https://sdk.jeeng.com/v3.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:eb::214:bef6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Google Frontend / Express
Resource Hash: a05b6b902fc0110a35204d05a8360b0fcff6bf23859f7fca952444bf6184b248

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:25 GMT
etag: W/"ec-Sgdujy0zDXxAtyqjVjI7pGazUMg"
server: Google Frontend
x-powered-by: Express
status: 200
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 01e2ca9e342e3998c9cf2e11160940de
cache-control: max-age=3600
content-length: 236

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 132 B
514 B 2173ms
2173ms XHR
text/javascript 99.86.240.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&pid=SpfMzrxdMvYyC&cb=0&ws=1600x1200&v=7.54.00&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%221x1%22%2C%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Adhesion%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Leaderboard_1%22%7D%5D&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.180 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-180.vie50.r.cloudfront.net
Software: Server /
Resource Hash: baccc36f4643b5739459f6075bbe88ef37d443e9c6a87e7b9f5c617774732094

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:22 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: VIE50-C1
status: 200
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 137
via: 1.1 08fee972d33a4bc475aad82a2fc199cc.cloudfront.net (CloudFront)
x-amz-cf-id: DCvxBl1zdLynd361iwvjNVyItJCUKVVJ8Eprp7N_QcTR4GH26L1qDw==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 132 B
513 B 2170ms
2170ms XHR
text/javascript 99.86.240.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&pid=SpfMzrxdMvYyC&cb=1&ws=1600x1200&v=7.54.00&t=1000&slots=%5B%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Right_Rail_1%22%7D%5D&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.180 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-180.vie50.r.cloudfront.net
Software: Server /
Resource Hash: 10c289346cba2ae0c51c938075b153e9305663ab39dd652205ba2e401e587ea3

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:22 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: VIE50-C1
status: 200
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 137
via: 1.1 08fee972d33a4bc475aad82a2fc199cc.cloudfront.net (CloudFront)
x-amz-cf-id: uCRSkKBA15qPztPcj4KotGguOEkLLxaeiE78r6rCeu8TZZ9jP5mRFQ==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 132 B
514 B 2169ms
2169ms XHR
text/javascript 99.86.240.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&pid=SpfMzrxdMvYyC&cb=2&ws=1600x1200&v=7.54.00&t=1000&slots=%5B%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Right_Rail_3%22%7D%5D&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.180 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-180.vie50.r.cloudfront.net
Software: Server /
Resource Hash: e77c417c9fc9dcc933e5efb242db4d753ec2f56bc6de6cecf98b840ed43520f8

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:22 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: VIE50-C1
status: 200
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 137
via: 1.1 08fee972d33a4bc475aad82a2fc199cc.cloudfront.net (CloudFront)
x-amz-cf-id: CuqNx6zucqhFq-nK8GSjW-TxNMF6qzfIWyuLAy3LLP9bSGn0saJCoQ==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 132 B
514 B 2168ms
2167ms XHR
text/javascript 99.86.240.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&pid=SpfMzrxdMvYyC&cb=3&ws=1600x1200&v=7.54.00&t=1000&slots=%5B%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F15184186%2FKomando_Right_Rail_4%22%7D%5D&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.180 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-180.vie50.r.cloudfront.net
Software: Server /
Resource Hash: 35bae1b460df6117d998c7eec808fb3b77a0a33e201e525890925acf933f2e5d

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:22 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: VIE50-C1
status: 200
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 137
via: 1.1 08fee972d33a4bc475aad82a2fc199cc.cloudfront.net (CloudFront)
x-amz-cf-id: hYesG5QfHMpiqeFKLwqyYwbI0UvLdNh-uHYD9L1TNBBdyCTi__ORIA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 3190ms
66ms XHR
application/javascript 99.86.240.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.180 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-180.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 07:45:30 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 45476
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Wed, 09 Sep 2020 11:16:19 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 e010e3963cfd47d783f0503a3dbc3b90.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: KfOujQUHQL08gqT3-B2zDRgCnt-ZsdDuc7pDIh08NchIM5sQwkZJlQ==

GET
H2 200 checksync.php
hbx.media.net/ Frame 5962 0
0 43ms
43ms Document
text/html 104.108.144.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hbx.media.net/checksync.php?&vsSync=1&cs=17&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C226%2C10000&usp_status=0&usp_consent=1&https=1&gdpr=1&gdprconsent=2

Requested by

Host: hbx.media.net
URL: https://hbx.media.net/bxl.js?cid=8CUFH1GPH&dn=www.komando.com&version=&https=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.144.24 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-144-24.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

:method: GET
:authority: hbx.media.net
:scheme: https
:path: /checksync.php?&vsSync=1&cs=17&hb=1&cv=37&ndec=1&cid=8CUFH1GPH&prvid=56%2C70%2C77%2C80%2C82%2C97%2C99%2C109%2C111%2C112%2C113%2C139%2C154%2C157%2C159%2C175%2C178%2C186%2C201%2C226%2C10000&usp_status=0&usp_consent=1&https=1&gdpr=1&gdprconsent=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: gdpr_status=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
server: Apache
content-type: text/html; charset=UTF-8
set-cookie: gdpr_status=1; Expires=Thu, 01 Apr 2021 20:23:22 GMT; domain=.media.net; Path=/; sameSite=none; secure=true visitor-id=2443262022243598000V10; Expires=Tue, 28 Sep 2021 20:23:22 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2: E
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=27481
expires: Tue, 29 Sep 2020 04:01:23 GMT
date: Mon, 28 Sep 2020 20:23:22 GMT
content-length: 6817

POST prebid
ib.adnxs.com/ut/v3/ 0
0

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
62 B 28ms
25ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dmx.districtm.io/b/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 28 Sep 2020 20:23:22 GMT
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
cf-ray: 5da02e8e2e710b78-AMS
access-control-allow-headers: Content-Type, Origin
cf-request-id: 0577fb6cd600000b783fb1f200000001

POST auction
tlx.3lift.com/header/ 0
0

GET v1
btlr.sharethrough.com/WYu2BXv1/ 0
0

GET
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
113 B 33ms
32ms XHR
text/plain 3.126.224.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=KYVqfjZMQtN1DsZXVKCAPhr2&bidId=54bd0b30cbb7891&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.224.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-224-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 28 Sep 2020 20:23:22 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
vary: Origin

GET prebid
ads.yieldmo.com/exchange/ 0
0

POST 25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 0
0

POST prebid
ib.adnxs.com/ut/v3/ 0
0

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
890 B 34ms
15ms Script
application/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.komando.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Sep 2020 20:23:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
890 B 34ms
15ms Script
application/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.komando.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Sep 2020 20:23:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 91 KB
15 KB 2681ms
2379ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=123014051809122&correlator=994368032500055&output=ldjh&impl=fifs&eid=21065976%2C21066992%2C21066994%2C21066706&vrg=2020092201&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200928&iu_parts=15184186%2CKomando_Adhesion%2CKomando_Leaderboard_1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=1x1%7C728x90%7C970x90%2C728x90&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D1%26amznp%3D1%26fsbid%3Dtimeout%7Cfsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D1%26amznp%3D1%26fsbid%3Dtimeout&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1601324602&dt=1601324602601&dlt=1601324599046&idt=2235&frm=20&biw=1600&bih=1200&oid=3&adxs=800%2C180&adys=1199%2C944&adks=1494144272%2C2773792623&ucis=1%7C2&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&dssz=76&icsg=2251808571408371&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x-1%7C1263x112&msz=1600x-1%7C1241x90&ga_vid=2106507700.1601324599&ga_sid=1601324603&ga_hid=669767661&fws=516%2C4&ohw=1600%2C1600&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

f222b8651351111e82ef8945a8c517760db1785817eb8b9fde02ae8bdbc8bd49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14818
x-xss-protection: 0
google-lineitem-id: -1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
3798d67ecedc9f68471fbe0d5998de60.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 72ms
38ms Other
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://3798d67ecedc9f68471fbe0d5998de60.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 26ms
6ms Other
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

POST prebid
ib.adnxs.com/ut/v3/ 0
0

POST 25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 0
0

POST prebid
ib.adnxs.com/ut/v3/ 0
0

POST v1
dmx.districtm.io/b/ 0
0

GET v1
btlr.sharethrough.com/WYu2BXv1/ 0
0

GET prebid
ads.yieldmo.com/exchange/ 0
0

POST auction
tlx.3lift.com/header/ 0
0

GET fastlane.json
fastlane.rubiconproject.com/a/api/ 0
0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 431 B
448 B 3279ms
2978ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=123014051809122&correlator=994368032500055&output=ldjh&impl=fifs&adsid=NT&eid=21065976%2C21066992%2C21066994%2C21066706&vrg=2020092201&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200928&iu_parts=15184186%2CKomando_Right_Rail_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C160x600%7C300x250&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D1%26amznp%3D1%26fsbid%3Dtimeout&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1601324602&dt=1601324602696&dlt=1601324599046&idt=2235&frm=20&biw=1600&bih=1200&oid=3&adxs=1080&adys=1106&adks=2252915286&ucis=3&ifi=3&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&dssz=76&icsg=2251808571408371&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=322x626&msz=320x620&ga_vid=2106507700.1601324599&ga_sid=1601324603&ga_hid=669767661&fws=4&ohw=1600&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

3624aee41959dd154ad62a3f1dadac38f28b916bd8ea3455ede2648ef6f27307

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 232
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.komando.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
10 KB 3131ms
2830ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=123014051809122&correlator=994368032500055&output=ldjh&impl=fifs&adsid=NT&eid=21065976%2C21066992%2C21066994%2C21066706&vrg=2020092201&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200928&iu_parts=15184186%2CKomando_Right_Rail_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C160x600%7C300x250&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D1%26amznp%3D1%26fsbid%3Dtimeout&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1601324602&dt=1601324602719&dlt=1601324599046&idt=2235&frm=20&biw=1600&bih=1200&oid=3&adxs=1079&adys=2439&adks=2269316213&ucis=4&ifi=4&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&dssz=76&icsg=2251808571408371&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=320x600&msz=320x600&ga_vid=2106507700.1601324599&ga_sid=1601324603&ga_hid=669767661&fws=4&ohw=1600&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

a9ef96a6e42d0f18408d38c4c7bd5bae4e9e72e8d3cc600cf6b760e37219a47a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10575
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 cb=gapi.loaded_2 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=gapi_iframes_style_bubble/exm=auth,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/ 27 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=gapi_iframes_style_bubble/exm=auth,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/cb=gapi.loaded_2

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca5398fb76a3d11f43a00312ca1f4a0b11cc37d1925d82bcc80c906ffc956ff2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 19:46:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 08 Sep 2020 19:28:50 GMT
server: sffe
age: 434200
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9254
x-xss-protection: 0
expires: Thu, 23 Sep 2021 19:46:42 GMT

GET
H3-Q050 200 subscribe_embed
www.youtube.com/ Frame 7B6B 0
0 83ms
69ms Document
text/html 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCU9HtOaaO-lcitPVVdsq99w&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.rMJI4WR09CY.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA/cb=gapi.loaded_0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /subscribe_embed?action_card=1&channelid=UCU9HtOaaO-lcitPVVdsq99w&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.rMJI4WR09CY.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCPRb_B1g8z3qIwl7l27GWLe47nxIA%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: YSC=pQO0mq0_uVo; VISITOR_INFO1_LIVE=aJSFKhZZUQE
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
content-type: text/html; charset=utf-8
expires: Tue, 27 Apr 1971 19:44:06 GMT
content-length: 326
cache-control: no-cache
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
strict-transport-security: max-age=31536000
date: Mon, 28 Sep 2020 20:23:22 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: GPS=1; path=/; domain=.youtube.com; expires=Mon, 28-Sep-2020 20:53:22 GMT
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 border_3.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 43 B
65 B 29ms
15ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/border_3.gif

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 33544
content-type: image/gif
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:18 GMT

GET
H3-Q050 200 spacer.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 43 B
127 B 27ms
14ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/spacer.gif

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:33 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 33529
content-type: image/gif
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:33 GMT

GET
H3-Q050 200 bubbleSprite_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 318 B
344 B 26ms
14ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:20 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 33542
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 318
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:20 GMT

GET
H3-Q050 200 bubbleDropR_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 116 B
469 B 24ms
13ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:20 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 33542
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:20 GMT

GET
H3-Q050 200 bubbleDropB_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 117 B
193 B 25ms
14ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 33544
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 117
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:18 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 50 KB
12 KB 1090ms
789ms XHR
text/plain 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=123014051809122&correlator=994368032500055&output=ldjh&impl=fifs&adsid=NT&eid=21065976%2C21066992%2C21066994%2C21066706&vrg=2020092201&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200928&iu_parts=15184186%2CKomando_Right_Rail_4&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C160x600%7C300x250&prev_scp=fsrefresh%3Dfalse%26fsrebid%3Dfalse%26amznbid%3D1%26amznp%3D1%26fsbid%3D0&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1601324603&dt=1601324603832&dlt=1601324599046&idt=2235&frm=20&biw=1600&bih=1200&oid=3&adxs=1079&adys=3162&adks=2252560996&ucis=5&ifi=5&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&dssz=77&icsg=2251808571408371&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=320x600&msz=320x600&ga_vid=2106507700.1601324599&ga_sid=1601324603&ga_hid=669767661&fws=4&ohw=1600&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s14-in-f2.1e100.net

Software

cafe /

Resource Hash

8280efada34b3ac1a4c4a6ce816db75de8c5b8d3a353eb70abf35d1ca9b8244a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11857
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.komando.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

Cookie set iu3
aax-eu.amazon-adsystem.com/s/ Frame 4B9E
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t

0
0

190ms
189ms

Document
text/html

52.95.116.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.116.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A9ybcWaE60eypm1XyT5tC5E|t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Server: Server
Date: Mon, 28 Sep 2020 20:23:27 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 203
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie: ad-id=A9ybcWaE60eypm1XyT5tC5E; Domain=.amazon-adsystem.com; Expires=Thu, 01-Apr-2021 20:23:27 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Wed, 01-Oct-2025 20:23:27 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

Redirect headers

Server: Server
Date: Mon, 28 Sep 2020 20:23:27 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=rbd_r1u_cnv_an-db5_sovrn_3lift&dcc=t
Set-Cookie: ad-id=A9ybcWaE60eypm1XyT5tC5E|t; Domain=.amazon-adsystem.com; Expires=Thu, 01-Apr-2021 20:23:27 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: User-Agent

GET
H2

200

rtb-h
match.taboola.com/sg/mediaforcebidder-network/1/ Frame 9634
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=taboola
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=taboola
https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=3835b0c3-58b7-4c22-b114-747b807ecca4
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=3835b0c3-58b7-4c22-b114-747b807ecca4&tbid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&query=taboola_hm%3D3835b0c3-58b7-...

0
137 B

31ms
30ms

Image
text/plain

151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=3835b0c3-58b7-4c22-b114-747b807ecca4&tbid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&query=taboola_hm%3D3835b0c3-58b7-4c22-b114-747b807ecca4&isDirect=0
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:27 GMT
via: 1.1 varnish
server: nginx
x-timer: S1601324608.878064,VS0,VE9
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19183-FRA

Redirect headers

status: 302
tbl-x-upstream: 10.40.0.117:10213
date: Mon, 28 Sep 2020 20:23:27 GMT
server: nginx
x-fastly-to-nlb-rtt: 6815
location: https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=3835b0c3-58b7-4c22-b114-747b807ecca4&tbid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&query=taboola_hm%3D3835b0c3-58b7-4c22-b114-747b807ecca4&isDirect=0

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 9634 0
239 B 3123ms
22ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=16698
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

GET
H2

200

/
am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/ Frame 9634
Redirect Chain

https://px.powerlinks.com/user/identify?sourceId=d4a7a706-ab0f-11e8-a038-127202fb7690&rurl=https%3A%2F%2Fam-sync.taboola.com%2Fsg%2Fpowerlinksdsp-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%24%7BUSER%7D...
https://sync.mathtag.com/sync/img?mt_exid=113&redir=%2F%2Fpx.powerlinks.com%2Fuser%2Fsync%2Fdsps%3FuserId%3D%5BMM_UUID%5D%26sourceId%3Daa4e7548-789b-4df8-a72f-d951a5b206eb%26sync%3D0%26rurl%3Dhttps...
https://px.powerlinks.com/user/sync/dsps?userId=b2b15f72-463f-4000-9d66-35fb126f8a72&sourceId=aa4e7548-789b-4df8-a72f-d951a5b206eb&sync=0&rurl=https%3A%2F%2Fam-sync.taboola.com%2Fsg%2Fpowerlinksdsp...
https://am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=0505CuF7SagFCEHod7RIyy7tvRHjh_cyrxfnl1ulwt0%3D

45 B
271 B

16ms
16ms

Image
image/gif

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=0505CuF7SagFCEHod7RIyy7tvRHjh_cyrxfnl1ulwt0%3D
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
tbl-x-upstream: 10.40.0.111:10213
date: Mon, 28 Sep 2020 20:23:27 GMT
server: nginx
x-fastly-to-nlb-rtt: 6215

Redirect headers

Location: https://am-sync.taboola.com/sg/powerlinksdsp-network/1/rtb-h/?taboola_hm=0505CuF7SagFCEHod7RIyy7tvRHjh_cyrxfnl1ulwt0%3D
Date: Mon, 28 Sep 2020 20:23:27 GMT
Server: nginx
Connection: close
Etag: "0505CuF7SagFCEHod7RIyy7tvRHjh_cyrxfnl1ulwt0="
Content-Length: 0

GET
H2

204

/
am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/ Frame 9634
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562107&ev=1&rurl=https%3A%2F%2Fam-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=%%VGUID%%&orig=trc
https://am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=hh3ZNA6kJ3jD&ev=1&orig=trc&pid=562107

0
217 B

30ms
30ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=hh3ZNA6kJ3jD&ev=1&orig=trc&pid=562107
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
tbl-x-upstream: 10.41.32.34:10213
date: Mon, 28 Sep 2020 20:23:25 GMT
server: nginx
x-fastly-to-nlb-rtt: 4085

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
status: 302
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
location: https://am-sync.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=hh3ZNA6kJ3jD&ev=1&orig=trc&pid=562107
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-577cbfbc5c-ncvxc
expires: -1

GET
H2

204

/
am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/ Frame 9634
Redirect Chain

https://b1sync.zemanta.com/usersync/taboola/?puid={user_id}&cb=https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=__ZUID__&orig=trc
https://stags.bluekai.com/site/23178?id=kjYGYEDot4rSIsPr0DdV&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LB...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6YLNFVZXS3TDFZ2GCYTPN5WGCLTDN5WS643HF55GK3LBNZ2GC4TUMIWW4ZLUO5XXE2ZPGEXXE5DCFVUC6P3FPBRWQYLOM5ST25DBMJXW63DBEZ2GCYTPN5WGCX3INU6WW...
https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=kjYGYEDot4rSIsPr0DdV

0
217 B

20ms
20ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=kjYGYEDot4rSIsPr0DdV
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
tbl-x-upstream: 10.40.0.117:10213
date: Mon, 28 Sep 2020 20:23:26 GMT
server: nginx
x-fastly-to-nlb-rtt: 7509

Redirect headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:26 GMT
P3p: CP="We do not support P3P header."
Location: https://am-sync.taboola.com/sg/zemantartb-network/1/rtb-h/?taboola_hm=kjYGYEDot4rSIsPr0DdV
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 113
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1 200
OK getuidnb
ib.adnxs.com/ Frame 9634 43 B
692 B 39ms
36ms Image
image/gif 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/getuidnb?https://am-sync.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:24 GMT
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 731.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.56:80
AN-X-Request-Uuid: f5c38d2f-66f9-448e-9952-c09646d4f020
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame 9634
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm=&google_sc=&google_tc=
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEMyZD-sdDNCD5zvqBrqKf7Y&google_cver=1

0
204 B

38ms
37ms

Image
text/plain

151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEMyZD-sdDNCD5zvqBrqKf7Y&google_cver=1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 8
date: Mon, 28 Sep 2020 20:23:24 GMT
via: 1.1 varnish
server: nginx
x-timer: S1601324605.936923,VS0,VE8
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19183-FRA

Redirect headers

pragma: no-cache
date: Mon, 28 Sep 2020 20:23:24 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEMyZD-sdDNCD5zvqBrqKf7Y&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 304
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK Pug
simage2.pubmatic.com/AdServer/ Frame 9634 42 B
1003 B 1368ms
23ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMxNjAmdGw9MTI5NjAw&piggybackCookie=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:23 GMT
X-lat: Pug23033:0:293
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 9634
Redirect Chain

https://am-sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba

170 B
223 B

19ms
18ms

Image
image/png

2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Sep 2020 20:23:25 GMT
server: HTTP server (unknown)
content-type: image/png
status: 200
cache-control: no-cache, must-revalidate
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

status: 302
tbl-x-upstream: 10.41.24.10:10213
date: Mon, 28 Sep 2020 20:23:25 GMT
server: nginx
x-fastly-to-nlb-rtt: 2008
location: https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba

GET
H/1.1 200
OK getuidnb
ib.adnxs.com/ Frame 9634 43 B
693 B 21ms
21ms Image
image/gif 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/getuidnb?https://am-sync.taboola.com/sg/nca-appnexus-network/1/rtb-h/?taboola_hm=$UID&orig=trc

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:24 GMT
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 731.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.143:80
AN-X-Request-Uuid: bdcf6e9a-fd65-4c75-821f-90e18627eb44
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame 9634
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=a68a219e-3f25-49b5-bacc-092f68f4c67f

0
201 B

36ms
35ms

Image
text/plain

151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=a68a219e-3f25-49b5-bacc-092f68f4c67f
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Mon, 28 Sep 2020 20:23:28 GMT
via: 1.1 varnish
server: nginx
x-timer: S1601324608.220376,VS0,VE9
x-cache: MISS
status: 200
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19183-FRA

Redirect headers

pragma: no-cache
date: Mon, 28 Sep 2020 20:23:28 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=a68a219e-3f25-49b5-bacc-092f68f4c67f
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 239

GET
H/1.1

204
No Content

merge
ce.lijit.com/ Frame 9634
Redirect Chain

https://ce.lijit.com/merge?pid=42&3pid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&us_privacy=&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=42&3pid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&us_privacy=&gdpr=0&gdpr_consent=&dnr=1

0
433 B

23ms
22ms

Image
text/plain

72.251.249.14
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=42&3pid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:25 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap1ams1
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:25 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=42&3pid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&us_privacy=&gdpr=0&gdpr_consent=&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap1ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 200 rtset
bh.contextweb.com/bh/ Frame 9634 49 B
406 B 293ms
97ms Image
image/gif 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=553204&ev=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
status: 200
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-577cbfbc5c-gp57s
expires: -1

GET
H2

200

rtb-h
sync.taboola.com/sg/storygize-network/1/ Frame 9634
Redirect Chain

https://www.storygize.net/ccm/4b560cdd-91f9-422b-adb7-e9dff26bc3ad?u=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba
https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301

0
226 B

17ms
15ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
tbl-x-upstream: 10.41.24.10:10213
date: Mon, 28 Sep 2020 20:23:26 GMT
server: nginx
x-fastly-to-nlb-rtt: 9189

Redirect headers

Location: https://sync.taboola.com/sg/storygize-network/1/rtb-h?taboola_hm=37cf273d-6031-4a9e-b4c2-17b86d952301
Pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: CP ALL ADM DEV PSAi COM OUR OTRo STP IND ONL
Content-Length: 0
expires: 0

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 9634 43 B
697 B 218ms
51ms Image
image/gif 185.86.138.114
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=107&partneruserid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&gdpr=0&gdpr_consent=
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.86.138.114 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:24 GMT
Cache-Control: no-cache,no-store
Content-Type: image/gif
Transfer-Encoding: chunked
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame 9634 42 B
233 B 1351ms
107ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=281&r=%2F%2Ftrc.taboola.com%2Fsg%2Fadkernelrtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%7BUID%7D
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 Garden City, United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:26 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2 200 put
e1.emxdgt.com/ Frame 9634 43 B
124 B 127ms
23ms Image
image/gif 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d41&uid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:24 GMT
content-length: 43
x-nosync: emp
content-type: image/gif

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame 9634 35 B
380 B 1410ms
104ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=14b8c562-d12b-418b-b680-ad517d5839ec
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-ServerName: Track003-dc3
Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:19 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H/1.1 204
No Content /
cds.taboola.com/ Frame 9634 0
157 B 1289ms
96ms Image
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cds.taboola.com/?uid=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&_r=7470813
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:27 GMT
cache-control: no-store
x-envoy-upstream-service-time: 0
Server: nginx
Connection: close

GET
H2

200

rtb-h
sync-t1.taboola.com/sg/bidswitch-network/1/ Frame 9634
Redirect Chain

https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=taboola&gdpr=0&gdpr_consent=
https://rtb.4finance.com/sync?ssp=bidswitch&bidswitch_ssp_id=taboola&bsw_user_id=1a17ccd8-ffea-4336-8778-73f50a5e3c3e&bsw_param=1a17ccd8-ffea-4336-8778-73f50a5e3c3e
https://rtb.4finance.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=taboola&bsw_user_id=1a17ccd8-ffea-4336-8778-73f50a5e3c3e&bsw_param=1a17ccd8-ffea-4336-8778-73f50a5e3c3e
https://x.bidswitch.net/sync?dsp_id=159&expires=14&user_id=143a1de0-a828-4538-bc85-c07950e97027&ssp=taboola&user_group=&bsw_param=1a17ccd8-ffea-4336-8778-73f50a5e3c3e
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=1a17ccd8-ffea-4336-8778-73f50a5e3c3e

0
225 B

22ms
21ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=1a17ccd8-ffea-4336-8778-73f50a5e3c3e
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
tbl-x-upstream: 10.40.20.9:10213
date: Mon, 28 Sep 2020 20:23:26 GMT
server: nginx
x-fastly-to-nlb-rtt: 8297

Redirect headers

status: 302
date: Mon, 28 Sep 2020 20:23:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: //sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=1a17ccd8-ffea-4336-8778-73f50a5e3c3e
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 204 social
trc.taboola.com/komando/log/3/ 0
202 B 34ms
33ms Image
image/gif 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/social?route=AM:AM:V&lti=deflated&ri=733db1fd014b4f3fdee0db4c8a8728a7&sd=v2_7911bb94b99c956aed54ee9a5cb5749a_f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba_1601324602_1601324602_CNawjgYQ58o9GMCnibPNLiABKAEwoQE4l-oLQJiXEEjF3t0DUP___________wFYAGAAaOKmqpGyrZficA&ui=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601324602304&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%22%2C%22rref%22%3A%22%22%2C%22sref%22%3A%22_sessionPending_%22%2C%22hdl%22%3A%22Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet%22%2C%22sec%22%3A%22security-privacy%22%2C%22aut%22%3A%5B%22James%20Gelinas%22%2C%22Komando.com%22%5D%2C%22img%22%3A%22https%3A%2F%2Fwww.komando.com%2Fwp-content%2Fuploads%2F2020%2F09%2Flokibot-malware.jpg%22%2C%22v%22%3A15%2C%22pw%22%3Afalse%7D%5D%7D&tim=22%3A23%3A24.720&id=7559&llvl=1&cv=20200924-16-RELEASE&
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 11
date: Mon, 28 Sep 2020 20:23:26 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19183-FRA
pragma: no-cache
server: nginx
x-timer: S1601324606.259816,VS0,VE11
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009190410000/ Frame AF78 206 KB
57 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8887246fdae6a5bde33313c306ca108fbb99f4bd5fc82eab0d675a4162105b4f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 99614
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57293
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 16:43:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "40f11599aebc3d57"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 16:43:10 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame AF78 16 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d66a122d9849ec2d6665a9b55df6ac3fef29e50b712588ab729aaab7b6e949a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 98455
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 17:02:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a50d2865a1d0cb41"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 17:02:31 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame AF78 95 KB
29 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e922793ef5dbb2417f3143a2e24b33be1fd6b3ba412df3a31e0173ca46f021c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 99730
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29338
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 16:41:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a163175640c67d70"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 16:41:16 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame AF78 4 KB
2 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be33982ff67c790e285661853e12db59cb0cc76f417f924715f366ee1e269881

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 98006
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1802
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 17:10:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "beb17f489aa4c72c"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 17:10:00 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame AF78 47 KB
14 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ad474fa92add6794702b5c0858699fcd140b0e4f25439c8292ec815818fd1cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 99284
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14594
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 16:48:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "17bfff787eec95f0"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 16:48:42 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame AF78 7 KB
1 KB 43ms
24ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d0cbfb1ab0f94123834567e32df7ec74a1c210793f797368d41a4b4c2732d4a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Sep 2020 20:14:55 GMT
server: ESF
date: Mon, 28 Sep 2020 20:23:24 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Sep 2020 20:23:24 GMT

GET
H3-Q050 200 11680721748681185850
tpc.googlesyndication.com/daca_images/simgad/ Frame AF78 5 KB
5 KB 29ms
10ms Image
image/jpeg 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/11680721748681185850?w=195&h=102

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a80fa23d5536127b483ded3399381e99210ac0dc61ee6e9d4d90cf3a9ad57cf5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 26 Sep 2020 17:22:55 GMT
x-content-type-options: nosniff
age: 183629
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5316
x-xss-protection: 0
last-modified: Fri, 18 Sep 2020 01:50:31 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Oct 2020 17:22:55 GMT

GET
H3-Q050 200 5430481028009609323
tpc.googlesyndication.com/daca_images/simgad/ Frame AF78 8 KB
9 KB 29ms
15ms Image
image/jpeg 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/5430481028009609323

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a41be3ded7940a43feaa525b9b1c44f29815fdd4cd61cc0910d13356312e98e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 27 Sep 2020 12:28:12 GMT
x-content-type-options: nosniff
age: 114912
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8612
x-xss-protection: 0
last-modified: Sat, 12 Sep 2020 02:21:32 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 12:28:12 GMT

GET
DATA 200
OK truncated
/ Frame AF78 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame AF78 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9396b68277405a18cffb030d6595127067d80eeb3d1b600528f253b144e1fb67

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AF78 2 KB
3 KB 25ms
10ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 33266
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 29 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame AF78 295 B
756 B 24ms
9ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 82586
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 28 Sep 2020 21:26:58 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame AF78 0
0 41ms
41ms Image
text/html 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CdZUkPEZyX8eWKPuQ7_UPoeWvuATCz9anX-yEs4PxC8CNtwEQASDa18U5YJGEk4X8F6ABrPP9uALIAQmpAqQ6gr40jbM-4AIAqAMByAMKqgSbAk_QvxbZtvp3fkEAj2bTQsQCHPGtie6H5I0pUnh5P7M10Kd-AhTlRJrMtep34LWgSomK5r4Xq6OuHYpv3x6B-qmyN1vlAICx-ThVd6bf68gqafSciAtbIXqifuu8LkWSE6k3ay7CQhRwaHg9-lcdk7H6kameD02F8sb0miVHLa8LjpeROz1jyRvLpJMS6HANFAfez-eLvq2_-XwQ6I4DiLV6AIaxNXw87LmqFF0iQZchooHT9Z31tQsOfhIocWnp6tQa_8zKdj_Z7_WLMRmX-U-U-sscmLWOl-hdUDwWGM3seHR6k6iZfmaHn7vQrSwqgI2RYTJeRUq2whp38Hs-wbktkb8JXhEd5v7BoVMPjY3tP_ufqstVCzyqeArABO7g-dXtAuAEAZIFBAgEGAGSBQQIBRgEoAYugAe8jILHAagHjs4bqAfVyRuoB5PYG6gHugaoB_DZG6gH8tkbqAemvhuoB-zVG9gHAPIHBBDS0wHSCAkIgOGAUBABGB3yCBthZHgtc3Vic3luLTk1MzEzNzk5ODIxNzk3NjCACgPICwGyDBRwdWItMzYwNTI1NzM2MDg1MzE4NdgTCg&sigh=rviRU2oMZkQ&template_id=484&tpd=AGWhJmuMWk7vreuhfKkRuT1TCN_1gHSVABMgsQLVqBRT5-sfbA
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s14-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
335 B 821ms
152ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 3e0d9ede781cc77c3e3935c2d5cc7893fd9dd8ef0b95d285e92b03dfe757dcaf

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Mon, 28 Sep 2020 20:23:25 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H3-Q050 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame AF78 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 33550
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:15 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame AF78 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:01 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 33564
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11180
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:01 GMT

POST
H2 204 fullPageRevenue Show response
trc.taboola.com/komando/log/3/ 0
252 B 37ms
36ms XHR
image/gif 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/log/3/fullPageRevenue
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 9
date: Mon, 28 Sep 2020 20:23:25 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19183-FRA
pragma: no-cache
server: nginx
x-timer: S1601324605.178124,VS0,VE9
content-type: image/gif
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009190410000/ Frame 8BA7 206 KB
56 KB 34ms
17ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8887246fdae6a5bde33313c306ca108fbb99f4bd5fc82eab0d675a4162105b4f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 99615
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57293
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 16:43:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "40f11599aebc3d57"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 16:43:10 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame 8BA7 16 KB
7 KB 28ms
13ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d66a122d9849ec2d6665a9b55df6ac3fef29e50b712588ab729aaab7b6e949a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 98454
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 17:02:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a50d2865a1d0cb41"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 17:02:31 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame 8BA7 95 KB
29 KB 29ms
14ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e922793ef5dbb2417f3143a2e24b33be1fd6b3ba412df3a31e0173ca46f021c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 99729
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29338
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 16:41:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a163175640c67d70"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 16:41:16 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame 8BA7 4 KB
2 KB 36ms
19ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be33982ff67c790e285661853e12db59cb0cc76f417f924715f366ee1e269881

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 98005
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1802
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 17:10:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "beb17f489aa4c72c"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 17:10:00 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame 8BA7 47 KB
14 KB 36ms
19ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ad474fa92add6794702b5c0858699fcd140b0e4f25439c8292ec815818fd1cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 99283
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14594
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 16:48:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "17bfff787eec95f0"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 16:48:42 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 8BA7 5 KB
687 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=nl

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Sep 2020 20:04:43 GMT
server: ESF
date: Mon, 28 Sep 2020 20:23:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Sep 2020 20:23:25 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 8BA7 5 KB
733 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Sep 2020 18:23:38 GMT
server: ESF
date: Mon, 28 Sep 2020 20:23:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Sep 2020 20:23:25 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8BA7 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 33267
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 29 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8BA7 295 B
324 B 8ms
7ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 82587
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 28 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame 8BA7 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1bcf723cba02a4faef5788cdc9621455f2888232e08c727c0e96c313ac23ea21

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 8956514477791565387
tpc.googlesyndication.com/daca_images/simgad/ Frame 8BA7 8 KB
8 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/8956514477791565387?sqp=4sqPyQSUAUKRAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhgIrAEQWhgBIAEtAAAAPzCsAThaRQAAgD8&rs=AOga4qlrnVyf7x2zX_yFicM31XS7kkFTEQ

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02ded17bed62b1aa6559c167750030fcbcf7dc6ea7b180bab6ae712a5c7fe0e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 19:30:36 GMT
x-content-type-options: nosniff
last-modified: Fri, 18 Sep 2020 01:50:30 GMT
server: sffe
age: 3169
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7805
x-xss-protection: 0
expires: Mon, 05 Oct 2020 19:30:36 GMT

GET
H3-Q050 200 5430481028009609323
tpc.googlesyndication.com/daca_images/simgad/ Frame 8BA7 4 KB
4 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/5430481028009609323?sqp=4sqPyQR5QncIABIUDc3MzD4VAAAAQB0AAAAAJQAAAAAYACIKDQAAgD8VAACAPypPCFoQAR0AALRCIAEoATAGOANAgMLXL0gAUABYAGBacAJ4AIABAIgBAJABAJ0BAACAP6ABAKgBALABgK3iBLgB____________AcUBLbKdPg&rs=AOga4qnd8i1NgsJxD6soJe3vki1gZAdDbw

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce71363b5a1b172c880a24b3d86ca0fa71449bd12181ddaece00b3c4046c788a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 07:41:45 GMT
x-content-type-options: nosniff
last-modified: Sat, 12 Sep 2020 02:21:32 GMT
server: sffe
age: 564100
status: 200
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4473
x-xss-protection: 0
expires: Tue, 29 Sep 2020 07:41:45 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8BA7 0
0 40ms
39ms Image
text/html 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CC5dGPEZyX9qxNuaN7_UPnuWCwAPCz9anX9XIuLe1DMCNtwEQASDa18U5YJGEk4X8F6ABrPP9uALIAQapAsnyjZFKirM-4AIAqAMByAMKqgSUAk_Q42u90r8gDtszUZ0ViwRsMCfnNun7vYr8V5GCvt_TdrpGBkrrErZSYNBwsS6kZlxVMPXGuztP4uDgMhe6Uz-rwtzyIhn2ict3-OE80L8WgR1ppwLfZiLsCgOC8CIbUU55x7oEj4aPPOv4yayI_iUIfGMd1doj0I_4BLQbScMF6U3G11UtR4cSG2cAuGO2ZFzGCZePXWycMtCmrlykyV_Tn6Cto9XYPcuGc7Dgz2nimBnAxTVFkh4TMAJxVZmLr1Gt0uVlglksVrwaU0ZJ0lHvEyFgXJYU9Nc6qPRmJ_UsIHzRWXY5uxGCWqECrJmda6kviOxQZbD7VlvszqvtXvb4WPsk4tJCUuiVfPgQ_XQLtiy0QcAE7uD51e0C4AQBkgUECAQYAZIFBAgFGASgBjeAB7yMgscBqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcEEJjkBdIICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tOTUzMTM3OTk4MjE3OTc2MIAKA8gLAbIMFHB1Yi0zNjA1MjU3MzYwODUzMTg12BMK&sigh=grIOw6AZPIc&template_id=492&tpd=AGWhJmuoOocW7jMzsd8ZXBVmz7ZuwA3ViDaK9zsCq8u6xj2NSA
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s14-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009190410000/ Frame 4EAB 206 KB
56 KB 22ms
19ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8887246fdae6a5bde33313c306ca108fbb99f4bd5fc82eab0d675a4162105b4f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 99615
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57293
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 16:43:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "40f11599aebc3d57"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 16:43:10 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame 4EAB 16 KB
6 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d66a122d9849ec2d6665a9b55df6ac3fef29e50b712588ab729aaab7b6e949a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 98454
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 17:02:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a50d2865a1d0cb41"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 17:02:31 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame 4EAB 95 KB
29 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e922793ef5dbb2417f3143a2e24b33be1fd6b3ba412df3a31e0173ca46f021c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 99729
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29338
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 16:41:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a163175640c67d70"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 16:41:16 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame 4EAB 4 KB
2 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be33982ff67c790e285661853e12db59cb0cc76f417f924715f366ee1e269881

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 98005
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1802
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 17:10:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "beb17f489aa4c72c"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 17:10:00 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame 4EAB 47 KB
14 KB 24ms
21ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ad474fa92add6794702b5c0858699fcd140b0e4f25439c8292ec815818fd1cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 99283
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14594
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 16:48:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "17bfff787eec95f0"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 16:48:42 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4EAB 2 KB
2 KB 14ms
8ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 33267
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 29 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4EAB 295 B
319 B 14ms
8ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 82587
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 28 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame 4EAB 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 39cd5e453197eafeffea5349d5d39b8b087ee6b8260dfc44b0a27eb87bc655b5

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 17042310382058235462
tpc.googlesyndication.com/simgad/ Frame 4EAB 22 KB
22 KB 12ms
9ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17042310382058235462?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnojY4XZ9oXbPYjlMWFgW81-1DHCA

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b9f78d22e848aad4fbacb03461edd712542c0a1620c40af9808559ca4a5d7a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 14:30:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 23 Sep 2020 12:34:32 GMT
server: sffe
age: 453191
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22444
x-xss-protection: 0
expires: Thu, 23 Sep 2021 14:30:14 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 4EAB 0
0 36ms
16ms Image
text/html 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRcQOMO47EBmXj9vsAJY_WqXXRtkcsN2OPkX4XyFWYijVg6W_HJDdeUNnsbHViJHjA6oGUN
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4EAB 0
0 40ms
38ms Image
text/html 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C0vU1PEZyX92yNuaN7_UPnuWCwAO3vLa0X5iaot2MDPvV9P0IEAEg15WNAmCRhJOF_BegAdiAoMMDyAECqQLJ8o2RSoqzPuACAKgDAcgDCKoEkAJP0IzEWlUmhcrfqYQ9-Ub-11eVhQej-NkSxqTP2JZmQXwhzvuS9kADgiiYccDxjCjrYCTX01_1BiXBwLr0S2BnGTONx0UqiQBEAfsqbhQ1HVICMQ7AVpZAv_ur1D_3znG_nIPIfePK625ANshDjbDnxMtGjaT4f-_9C4PR8eoQcRp6zi2n7gTlRm_CX1L8F_K6HWa7kPexQ2_N2HvDTGY4kxrws9wWV6oIFK7nK7hyV-T06iBhvWI7P4vm6bYq0K1g2_OvxvUjb-JIdOGUeF2-4Mbz2VPvzddMFe_rKctFM_jLQuM4dt33VBzlYmdEPe0pJwzGJ1uEU9E9zmU38y3Wi8SWLbqCmWWenehlsrKNL8AEy5fY3psD4AQBkgUECAQYAZIFBAgFGASgBgKAB5D_3zyoB47OG6gH1ckbqAeT2BuoB7oGqAfw2RuoB_LZG6gHpr4bqAfs1RvYBwHyBwQQuYYn0ggJCIDhgFAQARgdgAoByAsBsgwUcHViLTE1ODE4NzE1Mjc2MjgwNjbYEwI&sigh=qLjY6_oEAQk&tpd=AGWhJmtkMC2Wyl_i_-youY-x5J5cBCfrLiMcVaLUnpjgkWe1fg
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s14-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8BA7 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=nl

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=nl
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:11 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 33554
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:11 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 8BA7 11 KB
11 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=nl

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.komando.com
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=nl
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 11:04:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 33559
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Tue, 28 Sep 2021 11:04:06 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 8BA7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
38ms

Image
text/html

2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Mon, 28 Sep 2020 20:23:25 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 4EAB
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
39ms

Image
text/html

2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Mon, 28 Sep 2020 20:23:25 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
335 B 463ms
137ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 3e0d9ede781cc77c3e3935c2d5cc7893fd9dd8ef0b95d285e92b03dfe757dcaf

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Mon, 28 Sep 2020 20:23:25 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H3-Q050 200 17042310382058235462
tpc.googlesyndication.com/simgad/ Frame 4EAB 22 KB
22 KB 7ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17042310382058235462?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnojY4XZ9oXbPYjlMWFgW81-1DHCA

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b9f78d22e848aad4fbacb03461edd712542c0a1620c40af9808559ca4a5d7a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 23 Sep 2020 14:30:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 23 Sep 2020 12:34:32 GMT
server: sffe
age: 453191
status: 200
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22444
x-xss-protection: 0
expires: Thu, 23 Sep 2021 14:30:14 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4EAB 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 33267
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 29 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4EAB 295 B
319 B 7ms
7ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 82587
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 28 Sep 2020 21:26:58 GMT

POST
H2 204 fullPageRevenue Show response
trc.taboola.com/komando/log/3/ 0
57 B 44ms
44ms XHR
image/gif 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/log/3/fullPageRevenue
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 9
date: Mon, 28 Sep 2020 20:23:25 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19183-FRA
pragma: no-cache
server: nginx
x-timer: S1601324606.550839,VS0,VE9
content-type: image/gif
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601324605699&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fww...
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601324605699&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fw...

0
528 B

26ms
26ms

Image
text/plain

104.111.238.139
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601324605699&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=&cs_ak_ss=1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-238-139.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:26 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1601324605699&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=&cs_ak_ss=1
Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:26 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content b
sb.scorecardresearch.com/ 0
528 B 23ms
22ms Image
text/plain 104.111.238.139
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1601324605699&ns_c=UTF-8&cv=3.5&c8=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&c7=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&c9=
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-238-139.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:26 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 bulk Show response
trc.taboola.com/komando/log/3/ 0
61 B 53ms
52ms XHR
image/gif 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/log/3/bulk?route=AM%3AAM%3AV&lti=deflated&bulkSize=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 26
date: Mon, 28 Sep 2020 20:23:25 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19183-FRA
pragma: no-cache
server: nginx
x-timer: S1601324606.746231,VS0,VE26
content-type: image/gif
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H3-Q050 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012009190410000/ Frame 69EB 206 KB
56 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8887246fdae6a5bde33313c306ca108fbb99f4bd5fc82eab0d675a4162105b4f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 99615
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57293
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 16:43:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "40f11599aebc3d57"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 16:43:10 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame 69EB 16 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d66a122d9849ec2d6665a9b55df6ac3fef29e50b712588ab729aaab7b6e949a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 98454
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 17:02:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a50d2865a1d0cb41"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 17:02:31 GMT

GET
H3-Q050 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame 69EB 95 KB
29 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e922793ef5dbb2417f3143a2e24b33be1fd6b3ba412df3a31e0173ca46f021c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 99729
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29338
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 16:41:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a163175640c67d70"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 16:41:16 GMT

GET
H3-Q050 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame 69EB 4 KB
2 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be33982ff67c790e285661853e12db59cb0cc76f417f924715f366ee1e269881

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 98005
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1802
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 17:10:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "beb17f489aa4c72c"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 17:10:00 GMT

GET
H3-Q050 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012009190410000/v0/ Frame 69EB 47 KB
14 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:818::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012009190410000/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:818::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ad474fa92add6794702b5c0858699fcd140b0e4f25439c8292ec815818fd1cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 99283
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14594
x-xss-protection: 0
server: sffe
date: Sun, 27 Sep 2020 16:48:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "17bfff787eec95f0"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Sep 2021 16:48:42 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 69EB 2 KB
2 KB 12ms
11ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 33267
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 29 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 69EB 295 B
319 B 14ms
12ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 82587
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 28 Sep 2020 21:26:58 GMT

GET
DATA 200
OK truncated
/ Frame 69EB 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fdc4e7018e32dd41910ef282b928b80d6394af42d140872c89872784b95e73d7

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 3868768059720697288
tpc.googlesyndication.com/simgad/ Frame 69EB 123 KB
123 KB 11ms
10ms Image
image/gif 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3868768059720697288

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4691d2d9bbf29b666d996e8cb483e60fa6f3e071f1091a57c2b3ac4413216b24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 04:52:11 GMT
x-content-type-options: nosniff
age: 315074
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125745
x-xss-protection: 0
last-modified: Fri, 18 Sep 2020 02:40:35 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Sep 2021 04:52:11 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 69EB 0
0 14ms
13ms Image
text/html 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR_hDEiAp8EpuoYQYyW_GwPEsu9HWudxatPG5jFmydZzZaycSsYv0asg6IQimKutFwSpnCB
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 69EB 0
0 35ms
35ms Image
text/html 172.217.22.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CvPunPUZyX5b7D6yL7_UP1qWb6Abpwry8X-CEj5yiDMT129zZEBABINrXxTlgkYSThfwXoAGt3IqIA8gBA-ACAKgDAcgDCKoEmgJP0EYag2YeUOftxPnmOOHc-nSmxVWLKstoIn89B2ekAsLdbB9kzdBT4V8fc54NBIbITCBg8njYWkmOEIXmXDCDPUYhHdDh5KkuPqWUDsXjOtFDFQT9oeOSjZNfvu4wK95mUnF8OtkxzfgQCGjzKhGKYrrrtryYd99Ih69j0--4xx_asO6SB02tuwSMBQ0UfOF2l4i2Qd9RQ3mJGIUGhreS6uHBkBF-KQR9friqhQ1zsDz1cMVTS8pn-anlPOgTlm6T4hQYZUzHvDzgux3iOGwzFo02tL4yzi0Aq6d1XlBkWmoHxPhthXfRGhuf7z0_2o7Giu67XYUA3Dp-oloCXibe7FpyTVCZenCtTDnzXqlZ589WDZ9eg397v4zABNTagozoAeAEAZIFBAgEGAGSBQQIBRgEoAYDgAeCpsVqqAeOzhuoB9XJG6gHk9gbqAe6BqgH8NkbqAfy2RuoB6a-G6gH7NUb2AcB8gcDEPAu0ggJCIDhgFAQARgd8ggbYWR4LXN1YnN5bi05NTMxMzc5OTgyMTc5NzYwgAoDyAsBsgwUcHViLTM2MDUyNTczNjA4NTMxODXYEww&sigh=spnR1S3AqyM&tpd=AGWhJmvSNLQbs-VPpIa9_YLFrORXZj-D6jNY97Qz_eSsjbvqEA
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 172.217.22.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s14-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 69EB
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
39ms

Image
text/html

2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Mon, 28 Sep 2020 20:23:25 GMT
x-content-type-options: nosniff
server: safe
status: 302
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
335 B 137ms
137ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 3e0d9ede781cc77c3e3935c2d5cc7893fd9dd8ef0b95d285e92b03dfe757dcaf

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Mon, 28 Sep 2020 20:23:26 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H3-Q050 200 3868768059720697288
tpc.googlesyndication.com/simgad/ Frame 69EB 123 KB
123 KB 7ms
6ms Image
image/gif 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3868768059720697288

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4691d2d9bbf29b666d996e8cb483e60fa6f3e071f1091a57c2b3ac4413216b24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 04:52:11 GMT
x-content-type-options: nosniff
age: 315075
x-dns-prefetch-control: off
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125745
x-xss-protection: 0
last-modified: Fri, 18 Sep 2020 02:40:35 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Sep 2021 04:52:11 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 69EB 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Sep 2020 11:08:58 GMT
x-content-type-options: nosniff
server: cafe
age: 33268
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 29 Sep 2020 11:08:58 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 69EB 295 B
324 B 8ms
7ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Sep 2020 21:26:58 GMT
x-content-type-options: nosniff
server: cafe
age: 82588
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
content-type: image/png
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 28 Sep 2020 21:26:58 GMT

POST
H2 204 fullPageRevenue Show response
trc.taboola.com/komando/log/3/ 0
203 B 31ms
30ms XHR
image/gif 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/komando/log/3/fullPageRevenue
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20200924-16-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 9
date: Mon, 28 Sep 2020 20:23:26 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19183-FRA
pragma: no-cache
server: nginx
x-timer: S1601324606.083905,VS0,VE9
content-type: image/gif
access-control-allow-origin: https://www.komando.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
335 B 132ms
131ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 3e0d9ede781cc77c3e3935c2d5cc7893fd9dd8ef0b95d285e92b03dfe757dcaf

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Mon, 28 Sep 2020 20:23:26 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 8BA7 42 B
268 B 41ms
40ms Image
image/gif 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssw8bpLH3oCQ6o0rWsS1kCYTrBSjv7cTr_o73RGQLb_IL4GIm-pXo8xeFk6SGkKIHymlOC5f6G0vgY3k16BZNtU6exi4smQ8I5JRgvSVSxiAmORhHX9XtSewuGk-g&sai=AMfl-YT9CTmFLQmi7pt7UM65N_-10PePC8y1z4h7ap2jrfpuUc5eeoRK-bRTCWJW8f02NKBaEcOMiAR1LNyIXUB8x-Av4S6-CZTFia8ILPV9EcYjv1SbB4p8JuVQHUZiZZpk&sig=Cg0ArKJSzLmwsT2e-aTlEAE&cid=CAASPeRo0MzIt-ZiV4FadsVeob38X47VCTuWgsQ_VC3An0KhLMJqCDjLI5bMtoEEL6qF251mFAyDo6rZZis-MM8&id=ampim&o=436,1110&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=122&tls=1122&g=100&h=100&tt=1122&r=v&avms=ampa&adk=1494144272

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Sep 2020 20:23:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 4EAB 42 B
107 B 49ms
48ms Image
image/gif 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuU7oVPRa4ROBiNMamrdOrCgz9xSL6kXxy-EgcdhZ10d-C65ZWroD-sLw-8Lsbc99IyfRYwCepgQ2PqpUGixWuKTHtXWOc72zMAXwwwvd2tMqzKmmwJDV0h5R3wY1Bp2Rlrchsm72CC86c4qsCxCPU1&sai=AMfl-YQQrXGX5wuwZhR5G86rcXt4kq89VW2NTK1N2oYyhXGRdtblPbF4buVe4a8-0q6Oo9fSbymTL4wIOMJwU3ULszDSNOXjEnyVqH9r0pslbQ8ql2bWA16C4uk1mUa0oCgP&sig=Cg0ArKJSzNjOfv33xOo6EAE&cid=CAASPeRokvbJuSyTX4yxJz2D1mNJPuPe5yC0vM5BB21pNH2OzyLIlJu88pJ6UMtYcz3lasulUt9cWmB8AoTfFRA&id=ampim&o=436,944&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=116&tls=1116&g=100&h=100&tt=1116&r=v&avms=ampa&adk=2773792623

Requested by

Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Sep 2020 20:23:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 9464 0
0 323ms
26ms Document
text/html 104.111.215.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.51 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-51.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: "5e7a2cb3-cefd"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17037
Cache-Control: max-age=86402
Expires: Tue, 29 Sep 2020 20:23:30 GMT
Date: Mon, 28 Sep 2020 20:23:28 GMT
Connection: keep-alive

GET
H2

200

sync
eb2.3lift.com/ Frame E6D3
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

24ms
23ms

Document
text/html

3.120.60.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.60.93 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-60-93.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=15147478412889358506
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:28 GMT
content-type: text/html; charset=utf-8
content-length: 468
set-cookie: sync=CgoIgQIQktmJs80uCgoIoQEQktmJs80uCgoI4gEQktmJs80uCgoI5gEQktmJs80uCgoI1gEQktmJs80uCgoIhwIQktmJs80uCgkIOhCS2YmzzS4KCQgLEJLZibPNLgoJCF8QktmJs80uCgkIHxCS2YmzzS4=; Max-Age=7776000; Expires=Sun, 27 Dec 2020 20:23:28 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=15147478412889358506; Max-Age=7776000; Expires=Sun, 27 Dec 2020 20:23:28 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Mon, 28 Sep 2020 20:23:28 GMT
content-length: 0
set-cookie: tluid=11372335163840660611; Max-Age=7776000; Expires=Sun, 27 Dec 2020 20:23:28 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame C1D5 0
0 370ms
33ms Document
text/html 104.111.215.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.51 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-51.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: "5e7a2cb3-cefd"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17037
Cache-Control: max-age=86402
Expires: Tue, 29 Sep 2020 20:23:30 GMT
Date: Mon, 28 Sep 2020 20:23:28 GMT
Connection: keep-alive

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame D3EB 0
0 400ms
30ms Document
text/html 104.111.215.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.51 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-51.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: "5e7a2cb3-cefd"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17037
Cache-Control: max-age=86402
Expires: Tue, 29 Sep 2020 20:23:30 GMT
Date: Mon, 28 Sep 2020 20:23:28 GMT
Connection: keep-alive

GET
H2

200

sync
eb2.3lift.com/ Frame AFE0
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

23ms
22ms

Document
text/html

3.120.60.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.60.93 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-60-93.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=15147478412889358506
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:28 GMT
content-type: text/html; charset=utf-8
content-length: 468
set-cookie: sync=CgoIgQIQn9mJs80uCgoIoQEQn9mJs80uCgoI4gEQn9mJs80uCgoI5gEQn9mJs80uCgoI1gEQn9mJs80uCgoIhwIQn9mJs80uCgkIOhCf2YmzzS4KCQgLEJ_ZibPNLgoJCF8Qn9mJs80uCgkIHxCf2YmzzS4=; Max-Age=7776000; Expires=Sun, 27 Dec 2020 20:23:28 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=15147478412889358506; Max-Age=7776000; Expires=Sun, 27 Dec 2020 20:23:28 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Mon, 28 Sep 2020 20:23:28 GMT
content-length: 0
set-cookie: tluid=13168555722255044582; Max-Age=7776000; Expires=Sun, 27 Dec 2020 20:23:28 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame 5DE0 0
0 23ms
21ms Document
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 204
date: Mon, 28 Sep 2020 20:23:28 GMT
set-cookie: __cfduid=d4c286156f67a1689067b3a6f5ba3793c1601324608; expires=Wed, 28-Oct-20 20:23:28 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin
access-control-allow-methods: GET, HEAD, POST, OPTIONS
cf-request-id: 0577fb844800000b783f8a2200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 5da02eb3ae4e0b78-AMS

GET
H2

200

sync
eb2.3lift.com/ Frame 4EFD
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

24ms
23ms

Document
text/html

3.120.60.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.60.93 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-60-93.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=15147478412889358506
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:28 GMT
content-type: text/html; charset=utf-8
content-length: 468
set-cookie: sync=CgoIgQIQntmJs80uCgoIoQEQntmJs80uCgoI4gEQntmJs80uCgoI5gEQntmJs80uCgoI1gEQntmJs80uCgoIhwIQntmJs80uCgkIOhCe2YmzzS4KCQgLEJ7ZibPNLgoJCF8QntmJs80uCgkIHxCe2YmzzS4=; Max-Age=7776000; Expires=Sun, 27 Dec 2020 20:23:28 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=15147478412889358506; Max-Age=7776000; Expires=Sun, 27 Dec 2020 20:23:28 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Mon, 28 Sep 2020 20:23:28 GMT
content-length: 0
set-cookie: tluid=13885719014952493904; Max-Age=7776000; Expires=Sun, 27 Dec 2020 20:23:28 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame C909 0
0 421ms
28ms Document
text/html 104.111.215.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.51 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-51.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: "5e7a2cb3-cefd"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17037
Cache-Control: max-age=86402
Expires: Tue, 29 Sep 2020 20:23:30 GMT
Date: Mon, 28 Sep 2020 20:23:28 GMT
Connection: keep-alive

GET
H2

200

sync
eb2.3lift.com/ Frame 65B3
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

24ms
24ms

Document
text/html

3.120.60.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.60.93 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-60-93.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=15147478412889358506
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:28 GMT
content-type: text/html; charset=utf-8
content-length: 468
set-cookie: sync=CgoIgQIQntmJs80uCgoIoQEQntmJs80uCgoI4gEQntmJs80uCgoI5gEQntmJs80uCgoI1gEQntmJs80uCgoIhwIQntmJs80uCgkIOhCe2YmzzS4KCQgLEJ7ZibPNLgoJCF8QntmJs80uCgkIHxCe2YmzzS4=; Max-Age=7776000; Expires=Sun, 27 Dec 2020 20:23:28 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=15147478412889358506; Max-Age=7776000; Expires=Sun, 27 Dec 2020 20:23:28 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Mon, 28 Sep 2020 20:23:28 GMT
content-length: 0
set-cookie: tluid=15147478412889358506; Max-Age=7776000; Expires=Sun, 27 Dec 2020 20:23:28 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame 96A6 0
0 28ms
28ms Document
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 204
date: Mon, 28 Sep 2020 20:23:28 GMT
set-cookie: __cfduid=d4c286156f67a1689067b3a6f5ba3793c1601324608; expires=Wed, 28-Oct-20 20:23:28 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin
access-control-allow-methods: GET, HEAD, POST, OPTIONS
cf-request-id: 0577fb844e00000b783f8a3200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 5da02eb3be6a0b78-AMS

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 46F1 0
0 43ms
42ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=0&gdpr_consent=
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rsid=1|GN74NFAAofzfRDO61scyIVzmvJ5aKbHTjjBrIpefbksb8dj5YjiPXMXyZb6CieTOKRivvDW4XDDGGCjSXyf/K1KrngFWuVYFyhx5P5iRRkN5zGTGXOMAbP+vG/+NWVuQHr2e+hR/OCifyZBuO/1WxvUs; ses2=; vis2=151312^1; khaos=KFMZBMOW-11-G5IN; ses15=; vis15=151312^1; audit=1|hLZGFuTafB1MrD2/KJ5LzjyTC4TA8CrxnFDxBw2LxCMoXRcXjMKs9gdH5eKT/1kkmG7zb8n75T2p09IPATRuekwJXg+Hr/0A; pux=1512%3D94173%262231%3D94173%262249%3D94173%262307%3D94173%26goog%3D94173%26idl%3D94173%262249-DV360-Hosted%3D94173%26brx%3D94173%26
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 24 Sep 2020 16:43:28 GMT
Content-Encoding: gzip
Content-Length: 9446
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=60995
Expires: Tue, 29 Sep 2020 13:20:03 GMT
Date: Mon, 28 Sep 2020 20:23:28 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame C6C3 0
0 24ms
23ms Document
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 204
date: Mon, 28 Sep 2020 20:23:28 GMT
set-cookie: __cfduid=d4c286156f67a1689067b3a6f5ba3793c1601324608; expires=Wed, 28-Oct-20 20:23:28 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin
access-control-allow-methods: GET, HEAD, POST, OPTIONS
cf-request-id: 0577fb845100000b783f8a4200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 5da02eb3be790b78-AMS

GET
H2 204 index.html
cdn.districtm.io/ids/ Frame 86C2 0
0 23ms
23ms Document
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-3.26.12.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 204
date: Mon, 28 Sep 2020 20:23:28 GMT
set-cookie: __cfduid=d4c286156f67a1689067b3a6f5ba3793c1601324608; expires=Wed, 28-Oct-20 20:23:28 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin
access-control-allow-methods: GET, HEAD, POST, OPTIONS
cf-request-id: 0577fb845800000b783f8a5200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 5da02eb3ce870b78-AMS

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 40ms
26ms XHR
application/json 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020092201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df159001a0a1435516d4e08113d1809e5ebae43c5fc6ef7e602c99ea001dd154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Sep 2020 20:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6537
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1600730918364481"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5975
x-xss-protection: 0
expires: Mon, 28 Sep 2020 20:23:29 GMT

GET
H2 204 social
trc.taboola.com/komando/log/3/ 0
203 B 31ms
30ms Image
image/gif 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/social?route=AM:AM:V&lti=deflated&ri=733db1fd014b4f3fdee0db4c8a8728a7&sd=v2_7911bb94b99c956aed54ee9a5cb5749a_f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba_1601324602_1601324602_CNawjgYQ58o9GMCnibPNLiABKAEwoQE4l-oLQJiXEEjF3t0DUP___________wFYAGAAaOKmqpGyrZficA&ui=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601324602304&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22like%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-share%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-link%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22widget%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A1%2C%22m%22%3A%22stp%22%7D%2C%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%22%2C%22rref%22%3A%22%22%2C%22sref%22%3A%22%22%2C%22hdl%22%3A%22Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet%22%2C%22sec%22%3A%22security-privacy%22%2C%22aut%22%3A%5B%22James%20Gelinas%22%2C%22Komando.com%22%5D%2C%22img%22%3A%22https%3A%2F%2Fwww.komando.com%2Fwp-content%2Fuploads%2F2020%2F09%2Flokibot-malware.jpg%22%2C%22v%22%3A15%2C%22pw%22%3Afalse%7D%5D%7D&tim=22%3A23%3A29.696&id=5406&llvl=1&cv=20200924-16-RELEASE&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Mon, 28 Sep 2020 20:23:29 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19183-FRA
pragma: no-cache
server: nginx
x-timer: S1601324610.707844,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/216/ Frame 177F 0
0 6ms
6ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/216/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/216/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4674
date: Mon, 28 Sep 2020 19:25:32 GMT
expires: Tue, 28 Sep 2021 19:25:32 GMT
last-modified: Mon, 21 Sep 2020 21:29:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3477
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
163 B 40ms
39ms Image
image/gif 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=216&t=2&li=gpt_2020092201&jk=123014051809122&bg=!FhWlFQ1YKHrtdkJLoDkCAAAAWFIAAAAPCgDfvMwmfvOZO2BKJALA5u9VtaNiqsmR2z7vamQpWvmJJUn6QEqPHeogp0zxGoeL326xbGvTFKJzOLOy5p3okODHmGi97AT9fxsHoIUC4D_xd-ANKx3Ksm9OyEfXgm1Lm-iTI7oFJCcaxkI8F2Dtx6gYIGQMmduh7QWI3Ezo3JGUVyGxtDKoHHTXfTZAFJkr6wmq7geEcP54_AiZWyG7TQrFfBTgiKQ_c6rnLK8SaNKPRdkDJ4KFLwQx8Yr4cSRTlPDhCUl2ihc2c39rYgAHYqW9iJ7KDP54hnZ94qiXGBaloJkBqDf3LFbBW23fyZHeHbrvN35xstMSHMh9zrYXCk_J-_z7X50dwBwks-3o8OIA52Dg9i5kfj_5_WhcMrX1E2lPU663BpNiBy0rPHYK47yhhZ-nH90rEHqIGtBMroMhrA8kB6YXrgR9hEiJon8e1Ut3SEYRC00Ey3dHKKN4WwwDjR5MWQnClpdKDY6rJZ6yyGYUxahg80KQyoBl9DKYp99nOTOYOsB3GTi_ARArE6xW0gZq8HzNlWSk-nUdpWDMUgE6l6pDeYozwY7K8u5I2FD0jUasqEmRK53RLUxtuNOT5HtZQrw7S6u96cWWsbM7yAb2gEgSxle55rZgJ-Qp84kQG6TOpB_LEFwia3NNGHMNnJSIGQ8OnqyOH6Jd8am5G7tf-tFSTFb02SJ86SC7CQwBrpGD5yzHses15GWyHiQj7tJcG175JiRBSH-_BBJSSWQg8EsqPe3iXloK_nH2flbA0rhbYZoSvFeZV8ZWlC4KDWGKenq6g9N87QNGR7KykVNkiYoys_DC8kIMZca2tKR1intTSw-eDTYiVBiJ8n3x0XxN6BztMd7qzPc

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Sep 2020 20:23:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 296 KB
102 KB 59ms
46ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7db90d988f2d569ee665c1666e383f3ccb226e4532320946bb42d09702c6ed8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104172
x-xss-protection: 0
expires: Mon, 28 Sep 2020 20:23:29 GMT

GET
H2 204 social
trc.taboola.com/komando/log/3/ 0
65 B 30ms
30ms Image
image/gif 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/social?route=AM:AM:V&lti=deflated&ri=733db1fd014b4f3fdee0db4c8a8728a7&sd=v2_7911bb94b99c956aed54ee9a5cb5749a_f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba_1601324602_1601324602_CNawjgYQ58o9GMCnibPNLiABKAEwoQE4l-oLQJiXEEjF3t0DUP___________wFYAGAAaOKmqpGyrZficA&ui=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601324602304&st=social-visible&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-share%22%2C%22nm%22%3A%22facebook%22%2C%22c%22%3A1%2C%22ln%22%3A%22below-fold%22%2C%22lx%22%3A618%2C%22ly%22%3A867%2C%22m%22%3A%22stp%22%2C%22v%22%3A3%7D%5D%7D&tim=22%3A23%3A29.944&id=743&llvl=1&cv=20200924-16-RELEASE&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Mon, 28 Sep 2020 20:23:29 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19183-FRA
pragma: no-cache
server: nginx
x-timer: S1601324610.956219,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 social
trc.taboola.com/komando/log/3/ 0
56 B 30ms
30ms Image
image/gif 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/komando/log/3/social?route=AM:AM:V&lti=deflated&ri=733db1fd014b4f3fdee0db4c8a8728a7&sd=v2_7911bb94b99c956aed54ee9a5cb5749a_f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba_1601324602_1601324602_CNawjgYQ58o9GMCnibPNLiABKAEwoQE4l-oLQJiXEEjF3t0DUP___________wFYAGAAaOKmqpGyrZficA&ui=f7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba&pi=/security-privacy/lokibot-keylogger-spreading/755764&wi=-2111035155969354227&pt=text&vi=1601324602304&st=social-visible&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22w%22%2C%22tp%22%3A%22custom-link%22%2C%22nm%22%3A%22twitter%22%2C%22c%22%3A1%2C%22ln%22%3A%22below-fold%22%2C%22lx%22%3A586%2C%22ly%22%3A867%2C%22m%22%3A%22stp%22%2C%22v%22%3A3%7D%5D%7D&tim=22%3A23%3A29.951&id=2755&llvl=1&cv=20200924-16-RELEASE&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Mon, 28 Sep 2020 20:23:29 GMT
via: 1.1 varnish
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
status: 204
x-served-by: cache-fra19183-FRA
pragma: no-cache
server: nginx
x-timer: S1601324610.962473,VS0,VE9
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
335 B 135ms
135ms XHR
text/plain 35.226.36.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig.messaging.2.1.2.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 3e0d9ede781cc77c3e3935c2d5cc7893fd9dd8ef0b95d285e92b03dfe757dcaf

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.komando.com
Date: Mon, 28 Sep 2020 20:23:30 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 100ms
99ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=8615&val=ima&wnx=0&abc=&ty=ami&v=0&ext=0&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

OPTIONS
H2 200 playlist
trafficmanager.anyclip.com/trafficmanager/api/v2/player/ Frame 0
0 306ms
100ms Other
text/plain 34.228.106.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trafficmanager.anyclip.com/trafficmanager/api/v2/player/playlist?
Protocol: H2
Server: 34.228.106.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.komando.com
Sec-Fetch-Mode: cors

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:30 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
allow: HEAD,POST,GET,OPTIONS

POST
H2 200 playlist Show response
trafficmanager.anyclip.com/trafficmanager/api/v2/player/ 16 KB
3 KB 132ms
132ms Fetch
application/json 34.228.106.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trafficmanager.anyclip.com/trafficmanager/api/v2/player/playlist?
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.106.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 0c6afde5246ef8c887f2cedff2e5a01e36aca1ce00dbeba5d7f8dc8b2686c615

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/no-referrer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
content-encoding: gzip
status: 200
vary: accept-encoding
access-control-allow-methods: GET,POST
content-type: application/json
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 104ms
104ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=8628&val=0&wnx=0&abc=&ty=prq&v=0&ext=0&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H3-Q050 200 bridge3.411.1_en.html
imasdk.googleapis.com/js/core/ Frame 40F5 0
0 6ms
6ms Document
text/html 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.411.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 193074
date: Tue, 22 Sep 2020 18:42:18 GMT
expires: Wed, 22 Sep 2021 18:42:18 GMT
last-modified: Tue, 22 Sep 2020 18:32:46 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 524472
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 client.js Show response
s0.2mdn.net/instream/video/ 26 KB
11 KB 59ms
46ms Script
text/javascript 2a00:1450:4001:819::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10523
x-xss-protection: 0
expires: Mon, 28 Sep 2020 20:23:30 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 100ms
99ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9069&val=%7B%22userAgent%22%3A%7B%22allow%22%3Atrue%2C%22software%22%3A%7B%22nameCode%22%3A%22chrome%22%2C%22ver%22%3A%2283%22%7D%2C%22os%22%3A%7B%22nameCode%22%3A%22macos%22%2C%22ver%22%3A%22Mojave%22%7D%2C%22hw%22%3A%7B%22type%22%3A%22computer%22%2C%22subType%22%3Anull%7D%7D%7D&wnx=0&abc=&ty=prs&v=0&ext=0&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK play-big.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 650 B
1 KB 177ms
40ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/play-big.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 3cc9389c9cfdbc0fb7c282c3026c3cd9c11894913f4cf60cf9d1140a1415ad0a

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Content-Encoding: gzip
Age: 9826
Connection: keep-alive
Content-Length: 400
x-amz-id-2: 0dc/gRLqfDQxcYDeGKtGmw51KvAIAQC/978w51z+oLFQmz/kdQSpa/ksuHJwndkDOckr+gsWYRg=
Last-Modified: Tue, 06 Aug 2019 13:18:15 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: E83DC4A31D0E9DA2
Access-Control-Allow-Origin: *
Expires: Mon, 28 Sep 2020 21:39:44 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: P54LBC7dA7.CKZKZL0usNEXn5r08cUmk
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 46b7f91a2199fa62a70ce048dfd7a4a8
x-amz-meta-s3b-last-modified: 20190806T131201Z

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 101ms
100ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9115&val=&wnx=0&abc=&ty=cuc&v=0&ext=0&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 101ms
100ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9115&val=0&wnx=0&abc=&ty=wre&v=0&ext=0&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK anyclip-logo.png
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 1 KB
2 KB 160ms
46ms Image
image/png 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/anyclip-logo.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: a9face165b5af8cc8cd1aef61858dc946c4296ee34ef63790747394d4f25c38b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Age: 2624
Connection: keep-alive
Content-Length: 1316
x-amz-id-2: gMEgWbrwBtCb8rsLdk6FpC5XWROKmfN5gtsa4/OuNj+257QCxn3+UTbTsmpiDniHY4I7XuzGWVM=
Last-Modified: Thu, 20 Dec 2018 13:30:18 GMT
Server: AmazonS3
x-amz-request-id: F4AB1589F240DC73
Access-Control-Allow-Origin: *
Expires: Mon, 28 Sep 2020 23:39:46 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: OklAUkiF01qvm0z5Jbxqbgl4N5mndRTg
Accept-Ranges: bytes
Content-Type: image/png
X-LLID: 7d3ea4b6547968dc7aa262fa18b14a97
x-amz-meta-s3b-last-modified: 20180812T120014Z

GET
H/1.1 200
OK venturebeat-close-btn.svg
anyclip-player.s3.amazonaws.com/anyclip-widget/lre-widget/assets/lre_theme/ 802 B
1 KB 432ms
134ms Image
image/svg+xml 52.217.67.164
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anyclip-player.s3.amazonaws.com/anyclip-widget/lre-widget/assets/lre_theme/venturebeat-close-btn.svg
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.67.164 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0fbdde14de3aa39d2b3ef4a34deef57b0a4905a2464f7b257b600bd696e6b6c4

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-meta-cb-modifiedtime: Wed, 01 Apr 2020 19:12:29 GMT
Date: Mon, 28 Sep 2020 20:23:31 GMT
Last-Modified: Wed, 01 Apr 2020 19:17:30 GMT
Server: AmazonS3
x-amz-request-id: 13E25380DA2C5E8E
ETag: "3908f3e1f2497918401dab39cfb9727b"
x-amz-version-id: 6LuYe03Jb9Jy8U.xUPb4addAqbVIp5tw
Accept-Ranges: bytes
Content-Type: image/svg+xml
Content-Length: 802
x-amz-id-2: UPB+Mtrtd9pDzlLZ0BFqwuGPr0/dxj279ru55PGvG5Dhrh6CiJcU4r39/2CMez6QlkQHJPC2ds0=

GET
H/1.1 200
OK 1600689719929_480x270_thumbnail.jpg
cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/ 14 KB
15 KB 150ms
60ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/1600689719929_480x270_thumbnail.jpg?wid=0011r00002HG7NL_1462
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: bcdf7b6ec5fe23c3049d66b4a6f1881cb1a6dfbbbd52088c60b4f0b6c538f36d

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Last-Modified: Mon, 21 Sep 2020 12:02:00 GMT
Server: AmazonS3
Age: 44370
x-amz-id-2: Y7A0zFA2ota/379OEKfR4pC5ix2G/AosSdDDzsQoJGATXb/cbcF8Io87clM7gCTA6oH+tRYYZy8=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 14817
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: DDA5D21089D6FCA3
X-LLID: 0752c78f6ad6df046c8e43b9cf90a2ca

GET
H/1.1 200
OK scroll-right.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 645 B
1 KB 147ms
40ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/scroll-right.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 6c73cf3d94d29e498f66facb6891a9be80ef4f5caee6c9b09e6128b167b3c966

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Content-Encoding: gzip
Age: 1023
Connection: keep-alive
Content-Length: 403
x-amz-id-2: b9E5m+qXQcmmebyWu+vwVWHPP4C8fRwcFpjiMc1XXVNtZPiKezwHSgcsXxlbF1jjWeVA5Of5Tpw=
Last-Modified: Thu, 09 Aug 2018 13:37:36 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 44988C07DA3ADAFA
Access-Control-Allow-Origin: *
Expires: Tue, 29 Sep 2020 00:06:27 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: LWFiUmbBDbZYtKTcsVUC4L21DxkdHU5h
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 60d5b9dd84c3dd94d0d46217353e9674
x-amz-meta-s3b-last-modified: 20180710T071342Z

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 102ms
99ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9126&val=0&wnx=0&abc=&ty=pll&v=0&ext=0&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK 1600689719880_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/ 8 KB
8 KB 125ms
43ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/1600689719880_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 39cb24159c965e9896b3b1d3ecf5e29e88bdd771bc50a0d3c417d8ce2875236b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Last-Modified: Mon, 21 Sep 2020 12:02:00 GMT
Server: AmazonS3
Age: 84042
x-amz-id-2: 4mnG1QZgKT75BOtD/W5L67KbE4/ybPFKRKe67pTxedQdiA0+fqmmkRdWL61VXby+8g+v8vWC000=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 7769
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 83FB68FB573AD895
X-LLID: ec8111eff7d3ab2ec35b7c1e9f75936f

GET
H/1.1 200
OK 1600655131888_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSuesPjHXgLKT6SHgGH/ 12 KB
12 KB 123ms
41ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSuesPjHXgLKT6SHgGH/1600655131888_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 8bdab1eac9d2b05029f47b7436dfacc93b2cc5f89f4b8dff900c98c9a0774ebd

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Last-Modified: Mon, 21 Sep 2020 02:25:32 GMT
Server: AmazonS3
Age: 71553
x-amz-id-2: nmaCs2pd+i1+7NBrkr3+VZB7Ju5CpojTNBf6xYLrcWYaP2C9rBF3II43A5gRiLw82ZUbI3mZHcI=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 12300
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: F554B11C857A616F
X-LLID: 4d661a4449219bed4f7739b34c323f9e

GET
H/1.1 200
OK 1600711422645_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSx1Ykg_m-VE7xV7Na_/ 18 KB
18 KB 363ms
280ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSx1Ykg_m-VE7xV7Na_/1600711422645_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 776bc870aebdc54c7bfac7b59b26cd7fd79f7119ba5c14094ef8da5545ce237b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Last-Modified: Mon, 21 Sep 2020 18:03:43 GMT
Server: AmazonS3
x-amz-request-id: 3825662F6EB31021
x-amz-id-2: DijXmex14r4Njo42c7yCZCubuOh0eWi0o476ozWWKgbzV26831oa64No1RqhL8BTf7jbdCaDaH0=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18088
X-LLID: 20b336923f5290d5dc17de37b88cc245

GET
H/1.1 200
OK 1600859101229_248x140_thumbnail.jpg
cdn5.anyclip.com/AXS6oxpBWFtAUqhf4Fii/ 25 KB
26 KB 126ms
44ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXS6oxpBWFtAUqhf4Fii/1600859101229_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 2cecc971cba1f2e7b8891f65ae30fa0fb7dd9972a8342ff3bed23e4ba38cb978

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Last-Modified: Wed, 23 Sep 2020 11:05:02 GMT
Server: AmazonS3
Age: 47464
x-amz-id-2: Qq8ee7aQ3Tb3xVs4QypE0ZpMPVW0LxMj/2iHE8J8g5se0JR2y0y39UOU831XJi7xGJukcLRfYkA=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 25901
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: BE506F031D0B1FCA
X-LLID: ecb17fb8c38c7aad10e02c7d869761e3

GET
H/1.1 200
OK 1600430448089_248x140_thumbnail.jpg
cdn5.anyclip.com/AXShFhuR8FeKAZ26JZ_N/ 7 KB
7 KB 136ms
52ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXShFhuR8FeKAZ26JZ_N/1600430448089_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: f00dd1db7de0e8916241284a33f65ff7a044c45ed2a7c1ee969f084cf6b0d63b

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Last-Modified: Fri, 18 Sep 2020 12:00:49 GMT
Server: AmazonS3
Age: 44370
x-amz-id-2: DjCoKN4XU5/sbWD9DXOgqLccexMp7a6U+tGlyRMFSxM5SKHxIXr2Iwtbzqeibmz2h9W7nHSb1gY=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 6938
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: BF420773E445FEE5
X-LLID: 29ff8ccac983789d93ff55912039c3d6

GET
H/1.1 200
OK 1600046742822_248x140_thumbnail.jpg
cdn5.anyclip.com/AXSKN2lyd5xZlIas6-Ym/ 25 KB
25 KB 42ms
41ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXSKN2lyd5xZlIas6-Ym/1600046742822_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 772f30f80abc4903d2b32118044a9c210abb95bdf422f8e22c9923fe18a1611f

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Last-Modified: Mon, 14 Sep 2020 01:25:43 GMT
Server: AmazonS3
Age: 202756
x-amz-id-2: nCaEc5mduUykzcfrl+XQBnFeGAUbuPiCoyhPTaJFybUHaHyKpjl7HghnNsdyxTDZCcpIIk9t/Xc=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 25538
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 1VFMFP0VBW3X3X7G
X-LLID: c0dc36500c1bc8def0886384da017147

GET
H/1.1 200
OK 1600998430064_248x140_thumbnail.jpg
cdn5.anyclip.com/AXTC74K7XILWDb6N3pBE/ 19 KB
20 KB 47ms
46ms Image
image/jpeg 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn5.anyclip.com/AXTC74K7XILWDb6N3pBE/1600998430064_248x140_thumbnail.jpg?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 16752f9d504a1dccd7a58686a4771ab1c4bbd2296256307676f25f12dc761fb4

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Last-Modified: Fri, 25 Sep 2020 01:47:11 GMT
Server: AmazonS3
Age: 21509
x-amz-id-2: DTx3Vi30cag/3ZBja0uGiEGZPNnBBMqeFRvJwBrPCKXkw/rg2vUUVtfx6WE/O4jI09SdNHwc42o=
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 19952
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: 62E7A6075DF9DC7A
X-LLID: b578fa76b10e4806b17153c348cd2e76

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 102ms
100ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9146&val=375&wnx=0&abc=&ty=psw&v=0&ext=0&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 102ms
100ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=9146&val=211&wnx=0&abc=&ty=psh&v=0&ext=0&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK 1600689646679_subtitles.vtt Show response
cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/ 2 KB
2 KB 205ms
124ms XHR
application/octet-stream 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/1600689646679_subtitles.vtt
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 90dd355c112d81a2acb4e3647df6d4a7cf473b52e46cc8ddb81e950b81330075

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Last-Modified: Mon, 21 Sep 2020 12:00:47 GMT
Server: AmazonS3
Age: 44370
x-amz-id-2: BDmWV7ZNjU/jPw4sYDnYILTJVgSycEjC7CxoXZs5LPua8wPx2/z8iguTiitl86Aw5kaWI179Joc=
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=86400
Content-Length: 1896
Connection: keep-alive
Accept-Ranges: bytes
x-amz-request-id: DKDWDN2R7S7P5M2J
X-LLID: 751ea39112640f6051f87e7873630ad3

GET
H/1.1 200
OK watch.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 364 B
981 B 155ms
42ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/watch.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 67386f7f6c11079518c59fdca44b5a6c5b17f4b8cda8ead4e993f3b2dfda0e5d

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Content-Encoding: gzip
Age: 7658
x-amz-meta-sha256: 67386f7f6c11079518c59fdca44b5a6c5b17f4b8cda8ead4e993f3b2dfda0e5d
Connection: keep-alive
Content-Length: 245
x-amz-id-2: awpXwKBN5K15YJVCN7r4q49vyd7FxR1ED5evbFmjveMNPpvJAT7IPbI8ug7J/p8H6rLrW7I9thg=
Last-Modified: Tue, 04 Aug 2020 10:39:53 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: C0ED9BD01C9D243B
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=14400
x-amz-meta-s3b-last-modified: 20200804T103752Z
x-amz-version-id: jJ7plitpaP9q57Aey2ETnqu6JQKZQWu3
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 9d6717157a964394042c98f8a38fcfd2
Expires: Mon, 28 Sep 2020 22:15:52 GMT

GET
H/1.1 200
OK like.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 401 B
1023 B 166ms
44ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/like.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 453e9cc6fc295196d8914da9858a388ce58a1dcb9b033aab9037aa2badbbc0d9

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Content-Encoding: gzip
Age: 7661
x-amz-meta-sha256: 453e9cc6fc295196d8914da9858a388ce58a1dcb9b033aab9037aa2badbbc0d9
Connection: keep-alive
Content-Length: 287
x-amz-id-2: G4nyHcFvoFm1g4jbQcVlWxZhYWQLd46sdN5EJGlHDMMQpqEDfOQJXSFcV8Wf9XtRGUIIchNooDw=
Last-Modified: Tue, 04 Aug 2020 10:39:58 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: C7F84F926ED2649F
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=14400
x-amz-meta-s3b-last-modified: 20200804T103803Z
x-amz-version-id: AgMuGLHw2p4hvvpUt5__8K6ZhGhprdTJ
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 7c44060658d2c1021da14b8eee9b16f5
Expires: Mon, 28 Sep 2020 22:15:49 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 102ms
102ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=9154&val=&wnx=1&abc=&ty=pli&v=0&ext=0&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 206
Partial Content 1600689865945_480x270_video.mp4
cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/ 3 MB
0 42ms
42ms Media
video/mp4 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn5.anyclip.com/AXSwiVIbHXgLKT6SIAIU/1600689865945_480x270_video.mp4?wid=0011r00002HG7NL_1462
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Last-Modified: Mon, 21 Sep 2020 12:04:26 GMT
Server: AmazonS3
Age: 44370
x-amz-id-2: BgpIqs+JoUCJHc7WNrS+rqEvN+PaqQtCZYecFst+AWifQ8iAAR8/Z8lM9u67MJL69zQL7PeDGTs=
Content-Type: video/mp4
Content-Range: bytes 0-5171122/5171123
Cache-Control: public,max-age=86400
x-amz-request-id: 297E3DE9BD5BF6D2
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 5171123
X-LLID: 63bc5db02e21c3757ae58a27392c3bf5

OPTIONS
H2 200 action
trafficmanager.anyclip.com/trafficmanager/api/videos/video/ Frame 0
0 102ms
101ms Other
text/plain 34.228.106.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trafficmanager.anyclip.com/trafficmanager/api/videos/video/action
Protocol: H2
Server: 34.228.106.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.komando.com
Sec-Fetch-Mode: cors

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:30 GMT
content-type: text/plain
content-length: 13
access-control-allow-origin: https://www.komando.com
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type
allow: POST,OPTIONS

POST
H2 200 action
trafficmanager.anyclip.com/trafficmanager/api/videos/video/ 0
0 101ms
100ms Fetch 34.228.106.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trafficmanager.anyclip.com/trafficmanager/api/videos/video/action
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/anyclip-widget/lre-widget/prod/v1/src/lre.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.228.106.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/no-referrer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:30 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.komando.com
access-control-allow-headers: Content-Type
content-length: 0
access-control-allow-methods: GET,POST

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 100ms
100ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=9166&val=&wnx=1&abc=&ty=cla&v=1&ext=1&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 101ms
100ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=9167&val=&wnx=1&abc=&ty=cmp&v=1&ext=1&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK pause.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 758 B
1 KB 150ms
40ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/pause.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: d544eae637d61ee786c0a45bb0a7f250f9280bcd2ea1576655a761f1d397b8df

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Content-Encoding: gzip
Age: 6841
Connection: keep-alive
Content-Length: 426
x-amz-id-2: 9fCWMv5ujJlsj25Q74mKAzStB9+OMU3BnDerPk+AmawjrBqB4x7X1vMRzsp+SonPSLwBvJWTMaE=
Last-Modified: Thu, 09 Aug 2018 13:37:34 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: FD36B69EAE016B14
Access-Control-Allow-Origin: *
Expires: Mon, 28 Sep 2020 22:29:29 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: COllNS2vUDfTYhxXvQJ57jWZVnnMficH
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: f8a8fa2018ce8be1574b68b6ede953b9
x-amz-meta-s3b-last-modified: 20180704T113405Z

GET
H/1.1 200
OK volume-off.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 901 B
1 KB 44ms
40ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/volume-off.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 2bf4b5202559dbe01d8188a3adb26d68755a69064f233ef63f284b08efaed6ad

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Content-Encoding: gzip
Age: 6807
Connection: keep-alive
Content-Length: 521
x-amz-id-2: V0dGex4dPSSpC6gDNXvMMHxevLu3MadVMPKKIr0X4B/t6Ll4ZlbyIeHaLkkQwl148jM9TDaMhsk=
Last-Modified: Sun, 12 Aug 2018 11:52:27 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: B4EA300CC808B7F1
Access-Control-Allow-Origin: *
Expires: Mon, 28 Sep 2020 22:30:03 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: LD1v9d__0LhgJzdvbwPuMTNvxNdup1gK
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: a504bc2762de283f26a96084ef286945
x-amz-meta-s3b-last-modified: 20180812T115113Z

GET
H/1.1 200
OK cc-hidden.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 909 B
1 KB 86ms
40ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/cc-hidden.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 2391cc30306861b59fcdb16b83a8f427ee342e5f5d6e8299a91d586687e8bef2

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Content-Encoding: gzip
Age: 9227
Connection: keep-alive
Content-Length: 458
x-amz-id-2: S5pbvcZBJCNwS+PddPhewV26PhaEg4PkWfnfqpBFxSBIIFLe8ibaZpxd5WzObSX2KFz36yDDIIk=
Last-Modified: Wed, 13 Nov 2019 11:51:46 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: EFBDEEB50D42AF68
Access-Control-Allow-Origin: *
Expires: Mon, 28 Sep 2020 21:49:43 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: y.QX4vCTrlpSO9kX_WB6RqB1CKq9apE_
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: ef09f44c5ae4c5b041a9736d7af2b01e
x-amz-meta-s3b-last-modified: 20191113T095137Z

GET
H/1.1 200
OK fullscreen.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 1 KB
1 KB 97ms
40ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/fullscreen.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 0b7b74a139779fba8e1d17d597aa7cbffa27bd33d2b5c43d8039264c2a627412

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Content-Encoding: gzip
Age: 6617
Connection: keep-alive
Content-Length: 524
x-amz-id-2: isOXxnkauLsCbh0mrFwmwF6FZFzYYmY4IZQp0nPHRTVDirF1O9ohoPcgT4/F9RxSqyUlSG+vc88=
Last-Modified: Thu, 09 Aug 2018 13:37:33 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 77EA1CBD3650D186
Access-Control-Allow-Origin: *
Expires: Mon, 28 Sep 2020 22:33:13 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: U03j5muVk7AbvhQemSaiRqevJSRY_Dma
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: 42b7a862af5bfaa6af9271dcafdd1175
x-amz-meta-s3b-last-modified: 20180704T113429Z

GET
H/1.1 200
OK next.svg
assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/ 729 B
1 KB 66ms
40ms Image
image/svg+xml 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.anyclip.com/anyclip-widget/lre-widget/assets/lre_theme/next.svg?hash=7118c982a1
Requested by: Host: www.komando.com
URL: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 55775baf70d2f1d40bac3a60de82e8e42b7e34687802f73671f25f2f60fdc6d4

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Content-Encoding: gzip
Age: 6844
Connection: keep-alive
Content-Length: 461
x-amz-id-2: qEIpNH/S3HJjJaFuNnL8QhCSDLZVrY9Cek4mmJQXoKP4yqC6qhJciBk9pkvPRYrZDAAcN7+V1kc=
Last-Modified: Thu, 09 Aug 2018 13:37:34 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: F43D35930CFC9F34
Access-Control-Allow-Origin: *
Expires: Mon, 28 Sep 2020 22:29:26 GMT
Cache-Control: public,max-age=14400
x-amz-version-id: 9oEyfyolAdum9dgyt9Cw6qZIm50OH1cD
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-LLID: eb5dc39a6ab3e3feb5c5b8a396b6f300
x-amz-meta-s3b-last-modified: 20180704T113415Z

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308

Request headers

Origin: https://www.komando.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 102ms
101ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=9295&val=ad%3Dhttps%253A%252F%252Fvid.springserve.com%252Fvast%252F587900%253Fima%253D1%2526w%253D375%2526h%253D211%2526url%253Dhttps%25253A%25252F%25252Fwww.komando.com%25252Fsecurity-privacy%25252Flokibot-keylogger-spreading%25252F755764%25252F%2526cb%253D827951392%2526widgetid%253D0011r00002HG7NL_1462%2526lob%253D%2526clipid%253Difmfg53jkzewescym5gewvbwkneucskv%2526key_custom1%253D%255Ew%253D0011r00002HG7NL_1462%255Ec%253Difmfg53jkzewescym5gewvbwkneucskv%255Ei%253D1%255Eab%253D%255Ev%253D1%255Ep%253Dkomandocom%2526key_custom2%253D%255Ed%253Dwww.komando.com%255Eu%253D%255Edv%253D1%255Eco%253DNL%255Epl%253Da%2526gdpr%253D%2526consent%253D%2526viewability%253D1%2526schain%253D1.0%252C1%2521anyclip.com%252C0011r00002HG7NLAA1%252C1%252C%252C%252C%252C%2526us_privacy%253D%26rqcm%3D1%26m%3D1%26ast%3D-1%26smb%3D1%26sid%3D7M4cLAMijLMWtrAz3458UaWqoXVa9xN6%26imaw%3D0%26amd%3D1&wnx=1&abc=&ty=arq&v=1&ext=1&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a&anx=1&arx=1&crt=0&s=0&aty=vid&tty=ac&rol=mid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:30 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H3-Q050 200 loader.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 3F72 51 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/loader.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff372adc4cf4262bb789e8cd8c4d390bd6f2ff1e99ec9ebb9e3de24cd679ea5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 23 Sep 2020 23:32:11 GMT
server: sffe
age: 16
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18664
x-xss-protection: 0
expires: Mon, 28 Sep 2020 20:38:15 GMT

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 100ms
99ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=9651&val=&wnx=1&abc=&ty=alo&v=1&ext=1&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a&anx=1&arx=1&crt=171&s=0&aty=vid&tty=ac&rol=mid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:31 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK lreprx.js Show response
player.anyclip.com/lreprx/js/v1/src/ Frame 3F72 37 KB
11 KB 41ms
41ms Script
application/javascript 178.79.227.9
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://player.anyclip.com/lreprx/js/v1/src/lreprx.js?ad_tag=https%3A%2F%2Fvid.springserve.com%2Fvast%2F587900%3Fima%3D1%26w%3D375%26h%3D211%26url%3Dhttps%253A%252F%252Fwww.komando.com%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26cb%3D827951392%26widgetid%3D0011r00002HG7NL_1462%26lob%3D%26clipid%3Difmfg53jkzewescym5gewvbwkneucskv%26key_custom1%3D%5Ew%3D0011r00002HG7NL_1462%5Ec%3Difmfg53jkzewescym5gewvbwkneucskv%5Ei%3D1%5Eab%3D%5Ev%3D1%5Ep%3Dkomandocom%26key_custom2%3D%5Ed%3Dwww.komando.com%5Eu%3D%5Edv%3D1%5Eco%3DNL%5Epl%3Da%26gdpr%3D%26consent%3D%26viewability%3D1%26schain%3D1.0%2C1!anyclip.com%2C0011r00002HG7NLAA1%2C1%2C%2C%2C%2C%26us_privacy%3D&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&imaw=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/loader.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.9 , Italy, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-9.vie.llnw.net
Software: AmazonS3 /
Resource Hash: 786d190bd0c55665bcf263abf1513e0d3325bffaaa2668910f9ce9dcb7d7d074

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:31 GMT
Content-Encoding: gzip
Age: 125716
Connection: keep-alive
Content-Length: 10788
x-amz-id-2: Ce7pvbl12ANmn7878GeHq3YeLcm+AUJZX1+xNzo8wgincMABp9uK3Q5Ut3fDFBZ77qqvoS4mslU=
Last-Modified: Sun, 14 Jun 2020 07:48:29 GMT
Server: AmazonS3
Vary: Accept-Encoding
x-amz-request-id: 1VER1Q9R1H7SDZ5T
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=60
x-amz-version-id: uZ98hYWXQewWJy5EjjmUBgYIi4NzLtdR
Accept-Ranges: bytes
Content-Type: application/javascript
X-LLID: 07d21d0ad050cef65b96409badec3036
Expires: Sun, 27 Sep 2020 09:29:15 GMT

GET
H/1.1 200
OK 587900 Show response
vid.springserve.com/vast/ Frame 3F72 3 KB
2 KB 134ms
34ms Fetch
application/xml 34.249.58.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.springserve.com/vast/587900?ima=1&w=375&h=211&url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&cb=827951392&widgetid=0011r00002HG7NL_1462&lob=&clipid=ifmfg53jkzewescym5gewvbwkneucskv&key_custom1=^w=0011r00002HG7NL_1462^c=ifmfg53jkzewescym5gewvbwkneucskv^i=1^ab=^v=1^p=komandocom&key_custom2=^d=www.komando.com^u=^dv=1^co=NL^pl=a&gdpr=&consent=&viewability=1&schain=1.0,1!anyclip.com,0011r00002HG7NLAA1,1,,,,&us_privacy=
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/lreprx/js/v1/src/lreprx.js?ad_tag=https%3A%2F%2Fvid.springserve.com%2Fvast%2F587900%3Fima%3D1%26w%3D375%26h%3D211%26url%3Dhttps%253A%252F%252Fwww.komando.com%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26cb%3D827951392%26widgetid%3D0011r00002HG7NL_1462%26lob%3D%26clipid%3Difmfg53jkzewescym5gewvbwkneucskv%26key_custom1%3D%5Ew%3D0011r00002HG7NL_1462%5Ec%3Difmfg53jkzewescym5gewvbwkneucskv%5Ei%3D1%5Eab%3D%5Ev%3D1%5Ep%3Dkomandocom%26key_custom2%3D%5Ed%3Dwww.komando.com%5Eu%3D%5Edv%3D1%5Eco%3DNL%5Epl%3Da%26gdpr%3D%26consent%3D%26viewability%3D1%26schain%3D1.0%2C1!anyclip.com%2C0011r00002HG7NLAA1%2C1%2C%2C%2C%2C%26us_privacy%3D&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&imaw=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.58.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-58-234.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 81e6c87636a663c4a41f849c88b600fbed51d9595692bbd50dd7d3fcdcd0e970

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/client
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 28 Sep 2020 20:23:31 GMT
Content-Encoding: gzip
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1346

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 100ms
100ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=9714&val=1.1.5_147_prod&wnx=1&abc=&ty=xlo&v=1&ext=1&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:31 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vpaid_0c3b2922.js Show response
vpaid.springserve.com/production/ Frame 3F72 466 KB
97 KB 34ms
9ms Script
application/javascript 2001:4de0:ac18::1:a:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_0c3b2922.js
Requested by: Host: player.anyclip.com
URL: https://player.anyclip.com/lreprx/js/v1/src/lreprx.js?ad_tag=https%3A%2F%2Fvid.springserve.com%2Fvast%2F587900%3Fima%3D1%26w%3D375%26h%3D211%26url%3Dhttps%253A%252F%252Fwww.komando.com%252Fsecurity-privacy%252Flokibot-keylogger-spreading%252F755764%252F%26cb%3D827951392%26widgetid%3D0011r00002HG7NL_1462%26lob%3D%26clipid%3Difmfg53jkzewescym5gewvbwkneucskv%26key_custom1%3D%5Ew%3D0011r00002HG7NL_1462%5Ec%3Difmfg53jkzewescym5gewvbwkneucskv%5Ei%3D1%5Eab%3D%5Ev%3D1%5Ep%3Dkomandocom%26key_custom2%3D%5Ed%3Dwww.komando.com%5Eu%3D%5Edv%3D1%5Eco%3DNL%5Epl%3Da%26gdpr%3D%26consent%3D%26viewability%3D1%26schain%3D1.0%2C1!anyclip.com%2C0011r00002HG7NLAA1%2C1%2C%2C%2C%2C%26us_privacy%3D&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&imaw=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7c9a5ba4f480cd0682d3d8948ebc4332e4c21df143b9fd654a3e642d190e0266

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:31 GMT
content-encoding: gzip
last-modified: Mon, 28 Sep 2020 15:24:40 GMT
server: AmazonS3
x-amz-request-id: 8M5S7NCP8G2TAXDM
etag: "652cad3db271d44c06637e0bc7931c58"
x-hw: 1601324611.dop056.fr8.t,1601324611.cds269.fr8.hn,1601324611.cds144.fr8.c
content-type: application/javascript
status: 200
cache-control: max-age=2611929
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98587
x-amz-id-2: yBvc+M91rOQNjPrY8neAw2e3WCN8Iaj1v+kGAbDCd5Q2Ig7ma6oYyOlQO7YJ5MwKiewOJUPoicQ=

GET
DATA 200
OK truncated
/ 704 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9444735efef35f26725c4e3cc87b7c77970103af8999e71d427d0dbe0fe85a95

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 3F72 19 B
712 B 126ms
126ms XHR
application/json 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_0c3b2922.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:31 GMT
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 731.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.43:80
AN-X-Request-Uuid: abe98863-2e13-4e6f-85a0-831e9241fd8c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ Frame 3F72 46 B
356 B 165ms
119ms Script
text/javascript 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?fn=indexResponsea9a8ebf877&v=8.8&s=486388&r=%7B%22id%22%3A%22a9a8ebf877%22%2C%22site%22%3A%7B%22page%22%3A%22komando.com%22%2C%22ref%22%3A%22komando.com%22%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%220%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%2C%22video%2Fwebm%22%2C%22video%2Fogg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A200%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22w%22%3A375%2C%22h%22%3A211%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22playbackmethod%22%3A%5B3%5D%2C%22startdelay%22%3A0%7D%2C%22ext%22%3A%7B%22sid%22%3A%22pr_1_1_s%22%2C%22custom%22%3A%22videoPlayback%22%7D%2C%22bidfloor%22%3A0.75%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22anyclip.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%220011r00002HG7NLAA1%22%7D%5D%2C%22complete%22%3A1%7D%7D%7D%7D
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_0c3b2922.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8c37ae2200920054feed3fadab84fae9d954ce1882f8c21381eb0002d21a301f

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Sep 2020 20:23:31 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 58
Expires: Mon, 28 Sep 2020 20:23:31 GMT

POST
H2 204 ortb Show response
bid.contextweb.com/header/ Frame 3F72 0
502 B 324ms
111ms XHR
text/plain 198.148.27.134
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/ortb?src=prebid
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_0c3b2922.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.148.27.134 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 28 Sep 2020 20:23:31 GMT
server: envoy
status: 204
cwdl: 22/4211
access-control-allow-origin: https://www.komando.com
access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-credentials: true
x-envoy-upstream-service-time: 8
cw-server: bid-deployment-8694d784f8-rb6jj

POST
H/1.1 204
No Content / Show response
hb.emxdgt.com/ Frame 3F72 0
307 B 147ms
32ms XHR
text/html 18.196.104.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=&ts=1601324611375&src=pbjs
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_0c3b2922.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.104.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 28 Sep 2020 20:23:30 GMT
Content-Type: text/html
Access-Control-Allow-Origin: https://www.komando.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Access-Control-Allow-Headers: security, Content-Type
Content-Length: 0

POST
H/1.1 204
No Content 282887 Show response
search.spotxchange.com/openrtb/2.3/dados/ Frame 3F72 0
1 KB 104ms
45ms XHR
application/json 185.94.180.124
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/282887
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_0c3b2922.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.124 , Netherlands, ASN35220 (SPOTX-AMS, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

X-spotx-Exception-RESULT: exception
Date: Mon, 28 Sep 2020 20:23:31 GMT
X-SpotX-Timing-Transform: 0.003223
X-spotx-Exception-Message: SpotMarket execution was halted.
X-SpotX-Timing-Page-Mux: 0.000394
X-spotx-Exception-0-RESULT: failure
X-SpotX-Timing-Page-Require: 0.000393
X-spotx-Exception-0-ID: MARKET_HALTED
Connection: keep-alive
X-spotx-Exception-0-Message: Halting market due to GDPR regulations and DPA not being signed by publisher
X-SpotX-Timing-Page-Cookie: 0.000014
X-SpotX-Timing-Page: 0.026027
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.005029
X-fe: 047
Last-Modified: Mon, 28 Sep 2020 20:23:31 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.012957
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.komando.com
X-SpotX-Timing-Page-Misc: 0.003968
X-SpotX-Timing-Page-Exception: 0.000033
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000017
X-spotx-Exception-ID: SPOTMARKET.HALTED
Access-Control-Allow-Headers
X-SpotX-Timing-SpotMarket: 0.012957
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 3F72 296 KB
102 KB 101ms
101ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_0c3b2922.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7db90d988f2d569ee665c1666e383f3ccb226e4532320946bb42d09702c6ed8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104172
x-xss-protection: 0
expires: Mon, 28 Sep 2020 20:23:31 GMT

GET
H3-Q050 200 bridge3.411.1_en.html
imasdk.googleapis.com/js/core/ Frame D03C 0
0 6ms
6ms Document
text/html 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.411.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.411.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 193074
date: Tue, 22 Sep 2020 18:42:18 GMT
expires: Wed, 22 Sep 2021 18:42:18 GMT
last-modified: Tue, 22 Sep 2020 18:32:46 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 524473
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 3F72 26 KB
10 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:819::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10523
x-xss-protection: 0
expires: Mon, 28 Sep 2020 20:23:31 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3F72 109 B
868 B 36ms
22ms Script
application/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.komando.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Sep 2020 20:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

POST
H2 200 i Show response
vid-io-dub.springserve.com/vd/ Frame 3F72 0
117 B 110ms
37ms XHR
text/plain 52.212.58.206
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io-dub.springserve.com/vd/i?suuid=a9a8ebf8&ps_id=587900&batch=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_0c3b2922.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.58.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Mon, 28 Sep 2020 20:23:32 GMT
access-control-allow-credentials: true
server: nginx
access-control-allow-origin: https://www.komando.com
content-length: 0

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 105ms
105ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=ifmfg53jkzewescym5gewvbwkneucskv&inx=0&rt=10909&val=An+unexpected+error+occurred+within+the+VPAID+creative.+Refer+to+the+inner+error+for+more+info.+%7C%7C+Error%3A+NO_FILL&wnx=1&abc=&ty=aer&v=1&ext=1&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a&anx=1&arx=1&crt=1429&s=0&aty=vid&tty=ac&rol=mid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:32 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

GET
H2 200 vmp.gif
pixel.anyclip.com/ 35 B
184 B 101ms
100ms Image
image/gif 52.72.80.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.anyclip.com/vmp.gif?cid=&inx=&rt=14631&val=1&wnx=0&abc=&ty=crf&v=1&ext=1&ta=1&lnx=0&sid=7M4cLAMijLMWtrAz3458UaWqoXVa9xN6&pid=komandocom&wid=0011r00002HG7NL_1462&pt=a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.80.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-80-38.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 28 Sep 2020 20:23:36 GMT
last-modified: Sun, 03 May 2020 21:32:40 GMT
server: nginx/1.16.1
etag: "5eaf3878-23"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 35

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.hb.ad.cpe.dotomi.com
URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: dmx.districtm.io
URL: https://dmx.districtm.io/b/v1

Domain: tlx.3lift.com
URL: https://tlx.3lift.com/header/auction?lib=prebid&v=3.26.0&referrer=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tmax=1200&gdpr=false

Domain: ads.yieldmo.com
URL: https://ads.yieldmo.com/exchange/prebid?p=%5B%7B%22placement_id%22%3A%22Komando_Adhesion%22%2C%22callback_id%22%3A%22153f19d17f19509%22%2C%22sizes%22%3A%5B%5B1%2C1%5D%2C%5B728%2C90%5D%2C%5B970%2C90%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%2C%7B%22placement_id%22%3A%22Komando_Leaderboard_1%22%2C%22callback_id%22%3A%22164bbe195e131aa%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%5D&page_url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&bust=1601324601370&pr=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&scrd=1&dnt=false&e=0&description=If%20your%20device%20is%20infected%20with%20Lokibot%20malware%2C%20kiss%20your%20credit%20cards%20goodbye.%20This%20keylogger%20can%20capture%20everything%20you%20type.&title=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3Afalse%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=4700c320-9cb4-4b96-8d60-118596e0da77&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: ads.yieldmo.com
URL: https://ads.yieldmo.com/exchange/prebid?p=%5B%7B%22placement_id%22%3A%22Komando_Right_Rail_1%22%2C%22callback_id%22%3A%22282f9bd14532af2%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B160%2C600%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%5D&page_url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&bust=1601324601483&pr=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&scrd=1&dnt=false&e=0&description=If%20your%20device%20is%20infected%20with%20Lokibot%20malware%2C%20kiss%20your%20credit%20cards%20goodbye.%20This%20keylogger%20can%20capture%20everything%20you%20type.&title=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3Afalse%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=4700c320-9cb4-4b96-8d60-118596e0da77&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D

Domain: tlx.3lift.com
URL: https://tlx.3lift.com/header/auction?lib=prebid&v=3.26.0&referrer=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tmax=1200&gdpr=false

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: web.hb.ad.cpe.dotomi.com
URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: tlx.3lift.com
URL: https://tlx.3lift.com/header/auction?lib=prebid&v=3.26.0&referrer=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tmax=1200&gdpr=false

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=NsczxcWw93Nv4keUqcRTu8gR&bidId=534a2f8d7ff2667&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D

Domain: ads.yieldmo.com
URL: https://ads.yieldmo.com/exchange/prebid?p=%5B%7B%22placement_id%22%3A%22Komando_Right_Rail_3%22%2C%22callback_id%22%3A%2256a2ab262c4db2b%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B160%2C600%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%5D&page_url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&bust=1601324602569&pr=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&scrd=1&dnt=false&e=0&description=If%20your%20device%20is%20infected%20with%20Lokibot%20malware%2C%20kiss%20your%20credit%20cards%20goodbye.%20This%20keylogger%20can%20capture%20everything%20you%20type.&title=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3Afalse%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=4700c320-9cb4-4b96-8d60-118596e0da77&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D

Domain: web.hb.ad.cpe.dotomi.com
URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=15&alt_size_ids=9%2C10&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=859642ba-6f9d-41a5-a80c-3016f4c6eb6f&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.29222677012873177

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: web.hb.ad.cpe.dotomi.com
URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: dmx.districtm.io
URL: https://dmx.districtm.io/b/v1

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=NsczxcWw93Nv4keUqcRTu8gR&bidId=72f1af95ab252f2&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D

Domain: btlr.sharethrough.com
URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=KYVqfjZMQtN1DsZXVKCAPhr2&bidId=7326609db8a5&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=3.26.0&strVersion=3.2.1&secure=true&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D

Domain: ads.yieldmo.com
URL: https://ads.yieldmo.com/exchange/prebid?p=%5B%7B%22placement_id%22%3A%22Komando_Right_Rail_4%22%2C%22callback_id%22%3A%2275cc2c5ecf811c2%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B160%2C600%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222449337810381906140%22%7D%5D&page_url=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&bust=1601324602631&pr=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&scrd=1&dnt=false&e=0&description=If%20your%20device%20is%20infected%20with%20Lokibot%20malware%2C%20kiss%20your%20credit%20cards%20goodbye.%20This%20keylogger%20can%20capture%20everything%20you%20type.&title=Lokibot%20keylogger%20infections%20are%20growing%20across%20the%20internet&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3Afalse%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=4700c320-9cb4-4b96-8d60-118596e0da77&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.io%22%2C%22sid%22%3A%22253%22%2C%22hp%22%3A1%7D%5D%7D

Domain: tlx.3lift.com
URL: https://tlx.3lift.com/header/auction?lib=prebid&v=3.26.0&referrer=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tmax=1200&gdpr=false

Domain: fastlane.rubiconproject.com
URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=730248&size_id=15&alt_size_ids=9%2C10&gdpr=0&rp_schain=1.0,1!freestar.io,253,1,,,&rf=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&tk_flint=pbjs_lite_v3.26.0&x_source.tid=b8274bd6-9866-4dfb-807f-19f6c7ba7eb0&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9778356951217919

Verdicts & Comments Add Verdict or Comment

307 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lijit.com/	1970-01-19 21:34:20	Name: _ljtrtb_10 Value: 1875819620754586194
.lijit.com/	1970-01-19 21:34:20	Name: _ljtrtb_86 Value: TtNqMvfH5I5m1M3KGBdh
.lijit.com/	1970-01-19 21:34:20	Name: _ljtrtb_66 Value: 530593448669
.lijit.com/	1970-01-19 21:34:20	Name: ljt_reader Value: fbadc8023ccd61e129c6166a
.rubiconproject.com/	1970-01-19 12:49:19	Name: vis15 Value: 151312^1
.rubiconproject.com/	1970-01-19 12:49:19	Name: ses15 Value:
eus.rubiconproject.com/	1970-01-19 14:58:20	Name: pux Value: 1512%3D94173%262231%3D94173%262249%3D94173%262307%3D94173%26goog%3D94173%26idl%3D94173%262249-DV360-Hosted%3D94173%26brx%3D94173%26
.rubiconproject.com/	1970-01-19 12:49:19	Name: vis2 Value: 151312^1
.3lift.com/	1970-01-19 14:58:20	Name: tluid Value: 15147478412889358506
.3lift.com/sync	1970-01-19 14:58:20	Name: sync Value: CgoIgQIQntmJs80uCgoIoQEQntmJs80uCgoI4gEQntmJs80uCgoI5gEQntmJs80uCgoI1gEQntmJs80uCgoIhwIQntmJs80uCgkIOhCe2YmzzS4KCQgLEJ7ZibPNLgoJCF8QntmJs80uCgkIHxCe2YmzzS4=
.media.net/	1970-01-19 21:34:20	Name: visitor-id Value: 2443262022243598000V10
.amazon-adsystem.com/	1970-01-19 17:15:08	Name: ad-id Value: A9ybcWaE60eypm1XyT5tC5E
.media.net/	1970-01-19 17:15:08	Name: gdpr_status Value: 1
.google.com/	1970-01-19 17:12:15	Name: NID Value: 204=UChb0o1ExPLLVJFd3WicHdRqYCMcqxwPFWroTtMHE5fgF0cDi-vlr7OZ4-tPVyymH74DgiyX5F_yBhMMdyz9TTnGTXq-cJ4aYOnRPWTVtzJXrrppM69ZmaLvtWHfBNZJIgcbVU8rN-Aov5a00xT0b4Jrb3dfo96U91-oRhcIBjM
.lijit.com/	1970-01-19 21:34:20	Name: ljtrtbexp Value: eJyrVjIzU7IyNDMwMjU2MTKw0FGyMEbjo8kbGqDxjZD5tQCT7xAj
.www.komando.com/	1970-01-19 13:31:56	Name: __cfduid Value: d17390bbd7da59f973086fcf499b70dfe1601324598
.youtube.com/	1970-01-19 17:07:56	Name: VISITOR_INFO1_LIVE Value: aJSFKhZZUQE
www.komando.com/	1970-01-23 06:43:14	Name: k3FormInserters Value: %7B%2215940519701%22%3A%222020-10-05%2019%3A43%3A17%22%2C%22generalExpiration%22%3A%222020-10-01%2019%3A43%3A17%22%7D
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: pQO0mq0_uVo
.facebook.com/	1970-01-19 14:58:20	Name: fr Value: 0oqpu1sqyQe3YVBsB..BfckY3...1.0.BfckY3.
.komando.com/	1970-01-19 22:13:13	Name: __qca Value: P0-2086804669-1601324601784
.komando.com/	1970-01-19 21:34:20	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Mon+Sep+28+2020+22%3A23%3A21+GMT%2B0200+(Central+European+Summer+Time)&version=6.6.0&hosts=&landingPath=https%3A%2F%2Fwww.komando.com%2Fsecurity-privacy%2Flokibot-keylogger-spreading%2F755764%2F&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
www.komando.com/	1970-01-19 12:48:46	Name: _tb_t_ppg Value: https%3A//www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
.rubiconproject.com/	1970-01-19 21:34:20	Name: audit Value: 1\|hLZGFuTafB1MrD2/KJ5LzjyTC4TA8CrxnFDxBw2LxCMoXRcXjMKs9gdH5eKT/1kkmG7zb8n75T2p09IPATRuekwJXg+Hr/0A
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: 1\|GN74NFAAofzfRDO61scyIVzmvJ5aKbHTjjBrIpefbksb8dj5YjiPXMXyZb6CieTOKRivvDW4XDDGGCjSXyf/K1KrngFWuVYFyhx5P5iRRkN5zGTGXOMAbP+vG/+NWVuQHr2e+hR/OCifyZBuO/1WxvUs
.komando.com/	1970-01-19 12:50:11	Name: _scs Value: 1601324601665.1386237319
.komando.com/	1970-01-20 06:19:56	Name: __gads Value: ID=32337df4be5faae1-221afcc9e7b8001f:T=1601324604:S=ALNI_MYcSr-4GFAQTzGrsk2PtRpzAQ4gOQ
www.komando.com/security-privacy/lokibot-keylogger-spreading/755764	1969-12-31 23:59:59	Name: fsbotchecked Value: true
.komando.com/	1970-01-19 12:48:44	Name: _gat_UA-230639-2 Value: 1
.komando.com/	1970-01-20 06:19:56	Name: _scp Value: 1601324601665.245942462
.amazon-adsystem.com/	1970-01-21 08:42:30	Name: ad-privacy Value: 0
.komando.com/	1970-01-19 14:58:20	Name: _fbp Value: fb.1.1601324599618.1482577881
.rubiconproject.com/	1970-01-19 12:49:19	Name: ses2 Value:
.komando.com/	1970-01-20 06:19:56	Name: _ga Value: GA1.2.2106507700.1601324599
.komando.com/	1970-01-19 12:50:10	Name: _gid Value: GA1.2.749919062.1601324599
www.komando.com/	1970-01-19 12:48:46	Name: fssts Value: false
.rubiconproject.com/	1970-01-19 21:34:20	Name: khaos Value: KFMZBMOW-11-G5IN
www.komando.com/	1970-01-26 20:00:44	Name: _fsuid Value: 4a709b9a-d652-4a58-ab0e-71e0ac01049b
www.komando.com/	1970-01-23 06:43:14	Name: k3ModalInserters Value: %7B%2215940546631%22%3A%222020-10-05%2019%3A43%3A17%22%2C%22generalExpiration%22%3A%222020-10-01%2019%3A43%3A17%22%7D
.lijit.com/	1970-01-19 21:34:20	Name: ljtrtb Value: eJyrVjIzU7JSMjU2MLU0NjGxMDOzVNJRsgCJhZT4FfqWpXmYeprmGvoae7s7pWQo1QIAGakMag%3D%3D
www.komando.com/	1970-01-19 12:48:46	Name: _fssid Value: 7ea4fdda-9ba5-476a-b89a-93f973e025ee
www.komando.com/	1970-01-19 21:34:20	Name: trc_cookie_storage Value: taboola%2520global%253Auser-id%3Df7dfe8da-2a23-4e38-bd6b-88d9cc6028e6-tuct66bcbba
www.komando.com/	1970-01-19 12:48:46	Name: _tb_sess_r Value:
www.komando.com/	1970-01-19 13:31:56	Name: _fsloc Value: ?i=NL&c=Amsterdam

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 1) Message: Video gallery initializing
console-api	info	URL: https://a.pub.network/komando-com/pubfig.min.js(Line 1) Message: %cPubfig background: #00C389; color: #fff; border-radius: 3px; padding: 3px pubfig.messaging.js - Init ========== LOADING MESSAGING ==========
console-api	warning	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020092201.js(Line 6) Message: Invalid GPT fixed size specification: []
console-api	log	URL: https://sdk.jeeng.com/v3.js(Line 2) Message: %c2020-09-28T20:23:21.617Z %c[INFO] %cJeeng: %cupdateServiceWorker: Force Popup. Stopping. color:DimGrey color:LimeGreen color:Black; font-weight: bold :
console-api	info	URL: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009190410000 https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009190410000 https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
console-api	info	URL: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009190410000 https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/
console-api	log	URL: https://sdk.jeeng.com/v3.js(Line 2) Message: %c2020-09-28T20:23:25.916Z %c[INFO] %cJeeng: %cProfiler: No user visits data to send... Stopping. color:DimGrey color:LimeGreen color:Black; font-weight: bold :
console-api	log	URL: https://sdk.jeeng.com/v3.js(Line 2) Message: %c2020-09-28T20:23:25.916Z %c[INFO] %cJeeng: %cProfiler: No Channels subscriptions yet. Stopping. color:DimGrey color:LimeGreen color:Black; font-weight: bold :
console-api	log	URL: https://sdk.jeeng.com/v3.js(Line 2) Message: %c2020-09-28T20:23:25.917Z %c[INFO] %cJeeng: %cWidgets.browserNotificationModal: No push support. color:DimGrey color:LimeGreen color:Black; font-weight: bold :
console-api	info	URL: https://cdn.ampproject.org/rtv/012009190410000/amp4ads-v0.js(Line 420) Message: Powered by AMP ⚡ HTML – Version 2009190410000 https://www.komando.com/security-privacy/lokibot-keylogger-spreading/755764/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3798d67ecedc9f68471fbe0d5998de60.safeframe.googlesyndication.com
a.pub.network
aax-eu.amazon-adsystem.com
accounts.google.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.yieldmo.com
adservice.google.com
adservice.google.de
am-sync.taboola.com
anyclip-player.s3.amazonaws.com
api.pinterest.com
api.stack-sonar.com
apis.google.com
as-sec.casalemedia.com
assets.anyclip.com
b1sync.zemanta.com
backend.upapi.net
bh.contextweb.com
bid.contextweb.com
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c.pub.network
cdn.ampproject.org
cdn.districtm.io
cdn.taboola.com
cdn5.anyclip.com
cds.taboola.com
ce.lijit.com
cm.g.doubleclick.net
config.anyclip.com
connect.facebook.net
cookie-cdn.cookiepro.com
d.pub.network
dmx.districtm.io
dsp.adkernel.com
e1.emxdgt.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-io.videoplayerhub.com
googleads.g.doubleclick.net
graph.facebook.com
hb.emxdgt.com
hbx.media.net
ib.adnxs.com
imasdk.googleapis.com
lreprx-server.anyclip.com
match.adsrvr.org
match.taboola.com
mrb.upapi.net
pagead2.googlesyndication.com
pixel.anyclip.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.wp.com
platform.twitter.com
player.anyclip.com
px.powerlinks.com
rtb-csync.smartadserver.com
rtb.4finance.com
rtb.mfadsrvr.com
rules.quantcount.com
s0.2mdn.net
sb.scorecardresearch.com
script.crazyegg.com
sdk.jeeng.com
search.spotxchange.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
ssl.gstatic.com
stags.bluekai.com
stats.g.doubleclick.net
stats.wp.com
sync-t1.taboola.com
sync.mathtag.com
sync.taboola.com
syndication.twitter.com
tlx.3lift.com
tpc.googlesyndication.com
trafficmanager.anyclip.com
trc.taboola.com
users.api.jeeng.com
vid-io-dub.springserve.com
vid.springserve.com
vpaid.springserve.com
web.hb.ad.cpe.dotomi.com
widget-modal-popup-v2-prod.firebaseapp.com
widget.perfectmarket.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.komando.com
www.stack-sonar.com
www.storygize.net
www.youtube.com
x.bidswitch.net
ads.yieldmo.com
btlr.sharethrough.com
dmx.districtm.io
fastlane.rubiconproject.com
ib.adnxs.com
tlx.3lift.com
web.hb.ad.cpe.dotomi.com
104.108.144.24
104.111.215.135
104.111.215.51
104.111.230.142
104.111.238.139
104.16.190.66
104.244.42.136
13.225.73.46
130.211.23.194
141.226.224.32
141.226.228.48
151.101.113.181
151.101.12.157
151.101.13.44
151.101.65.195
172.217.18.162
172.217.22.2
174.137.133.49
178.79.227.9
18.195.155.181
18.195.193.185
18.196.104.43
18.196.65.140
184.30.210.81
185.29.135.234
185.33.220.244
185.64.190.80
185.86.138.114
185.94.180.124
192.0.76.3
192.132.33.46
198.148.27.134
198.148.27.139
2.21.37.27
2001:4de0:ac18::1:a:2a
216.58.208.38
23.23.105.3
2600:9000:206e:1800:6:44e3:f8c0:93a1
2606:4700:20::681a:832
2606:4700:20::681a:8b
2606:4700:20::ac43:4513
2606:4700:20::ac43:464d
2606:4700::6812:778
2606:4700::6812:a460
2606:4700::6813:9408
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:800::200d
2a00:1450:4001:801::2001
2a00:1450:4001:802::2003
2a00:1450:4001:802::200a
2a00:1450:4001:802::200e
2a00:1450:4001:809::2001
2a00:1450:4001:80b::200a
2a00:1450:4001:816::2002
2a00:1450:4001:818::2001
2a00:1450:4001:818::2003
2a00:1450:4001:819::2006
2a00:1450:4001:81a::2008
2a00:1450:4001:81b::2003
2a00:1450:4001:820::200e
2a00:1450:4001:824::2004
2a00:1450:400c:c0c::9a
2a02:26f0:eb::214:bef6
2a03:2880:f01c:800e:face:b00c:0:2
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.120.60.93
3.126.224.165
34.202.140.116
34.228.106.195
34.249.58.234
35.162.238.70
35.188.71.214
35.206.141.96
35.226.36.58
40.113.136.100
52.212.58.206
52.217.67.164
52.72.80.38
52.95.116.38
63.34.98.13
69.173.144.140
69.173.144.165
70.42.32.31
72.251.249.14
99.86.240.180
02a2079808b1d062ff16a7d19627e9ee4a94f989aa879d9f81333364fa5a8ea0
02ded17bed62b1aa6559c167750030fcbcf7dc6ea7b180bab6ae712a5c7fe0e5
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
0b7b74a139779fba8e1d17d597aa7cbffa27bd33d2b5c43d8039264c2a627412
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c6afde5246ef8c887f2cedff2e5a01e36aca1ce00dbeba5d7f8dc8b2686c615
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0fbdde14de3aa39d2b3ef4a34deef57b0a4905a2464f7b257b600bd696e6b6c4
10c289346cba2ae0c51c938075b153e9305663ab39dd652205ba2e401e587ea3
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
126b0db475dac8550795ad28030ebfacde3d381588872e38c9828dc9458e3292
1632e13bb4b75973ab4e1ae7b45ebbcf3aae9dc050a24048d6875d6e3a466088
16752f9d504a1dccd7a58686a4771ab1c4bbd2296256307676f25f12dc761fb4
167eefa83e1aa1374767855f64054dde21c967fc23cd0dfe4217aaa4cb02a7db
1b6863771c330f7b6a857dbfee3959d8e8c61c0e34f1e9ba5f6f38268d05573d
1bcf723cba02a4faef5788cdc9621455f2888232e08c727c0e96c313ac23ea21
1c4ec986748a3b7e79915edb7ca6c52f4c8953c2443f92eb5fbcd8425d831875
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1fcdc54759ab0ead6a9c0f35707e01926c8c4e13c6ce7ad59477a81a9e4acd47
209c5a3d5663e93da5f73f50923b757791f11078e28ec10f6138d65d9b00b1a9
232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45
2391cc30306861b59fcdb16b83a8f427ee342e5f5d6e8299a91d586687e8bef2
27f7565f1db12d6ddab49a8b795d6a804067be98fcea51ecfb5ca71f7906389a
29468b66389df59555ae33050768a903311d689837e6aa6e8e33511869282b93
2baedd643cd727e26f71bf8c9cd0dbdfaedd71804ce29672363e11d696283c86
2bf4b5202559dbe01d8188a3adb26d68755a69064f233ef63f284b08efaed6ad
2cecc971cba1f2e7b8891f65ae30fa0fb7dd9972a8342ff3bed23e4ba38cb978
2e2d1788ea05b02d90b012643125e8ea70bdc8b1efafaf16c27b86e1ad97b327
2fb500f34c1e92bea56bab8e0e5ccd68f794b9a514e5302a2f7e07723938d91b
35bae1b460df6117d998c7eec808fb3b77a0a33e201e525890925acf933f2e5d
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3624aee41959dd154ad62a3f1dadac38f28b916bd8ea3455ede2648ef6f27307
394ee880685b17bc2c3e8a5a628c4ddce428531b165836c0b5717c71d76faeb7
396197a350c5f917f454cb764fa31f624d64f8fbac73445c4d2862bad7ca22bf
39cb24159c965e9896b3b1d3ecf5e29e88bdd771bc50a0d3c417d8ce2875236b
39cd5e453197eafeffea5349d5d39b8b087ee6b8260dfc44b0a27eb87bc655b5
3b9f78d22e848aad4fbacb03461edd712542c0a1620c40af9808559ca4a5d7a6
3cc9389c9cfdbc0fb7c282c3026c3cd9c11894913f4cf60cf9d1140a1415ad0a
3d5535fc993e2a02b5523add7738f08a15fabac527da55db4834d64603e97e83
3e0d9ede781cc77c3e3935c2d5cc7893fd9dd8ef0b95d285e92b03dfe757dcaf
403bfa21e733c139da9d7d87c48fa0ebbed91514fbbadf34cbc455294a004389
453e9cc6fc295196d8914da9858a388ce58a1dcb9b033aab9037aa2badbbc0d9
4691d2d9bbf29b666d996e8cb483e60fa6f3e071f1091a57c2b3ac4413216b24
46fe925aebeb82c977cf241c08c4708f57641674f6f4065796cc4b454649b6ae
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
51885f3f46c7317c00dc6b36ae543d48f1b3d1c3768381c9f7c8fb47e38214f1
51f2ad17b8ea1c4150f2901e1d648f4606a158cd8b15b3276a2df74e56cec904
5216fcdc6d278ba8cce42f910754b33365608bcba89401423816cc2b7b28f161
52d1fa8a9ebff6670209bdaf47bafa374eb128a7c83a73d372f5538fbaa2e6e1
5416bb3c019c4a5687c50ecb53535f402e8baaa3d24812d662e8d9cbd2a9d69b
55775baf70d2f1d40bac3a60de82e8e42b7e34687802f73671f25f2f60fdc6d4
55e35a1415438685f71fe809dfb0e94ff9d3b994dd8d8ae8f7206bb878d59a84
56ce45cb99da8ae45d74bf123b740ec2c74c82e7599030e2e9b0904aecff36ea
5cde1be2072eac8a28109762ecc39dedb5b0afdb8c67c68fe8527dbc1826d312
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5e1390f7c515a04fbd18d7c3e864de65e7fc473f8a2e5134f74a79e122911dd7
5fefa6bc00a2fca4d3ca705862d42dfdbb8f69124b2f0cc0896d3c7c2c05890a
6053864e7b55bc74a16194f9e8e3abdf839595d95f8938c9db3a94196855d37e
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61fbc34f91d8af09b7d8434e27d4f7f12fdfae8311d2d26d0eea187ad16c4dd6
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
633aeda2d57927567b195da28166cf7d5a619539c2a3dc4793a88d62ea9bbe25
64bd7529494fcb29ae2245d4d977261083632b107e5e468df0f997e858ebdf84
67386f7f6c11079518c59fdca44b5a6c5b17f4b8cda8ead4e993f3b2dfda0e5d
6883ce59605b04b6c6782ba17cb02dae671c9228e429ced6c1ab1171a38e12a1
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c73cf3d94d29e498f66facb6891a9be80ef4f5caee6c9b09e6128b167b3c966
6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1
6e922793ef5dbb2417f3143a2e24b33be1fd6b3ba412df3a31e0173ca46f021c
6f1091622c90672124acea6aa3bd3c22761a88f486f7fc2c2d679765d81b8bc1
76acf8c85fbf30f66baaf8a77b45a8c55239360611284cbd426bafeaf12806ba
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
772f30f80abc4903d2b32118044a9c210abb95bdf422f8e22c9923fe18a1611f
776bc870aebdc54c7bfac7b59b26cd7fd79f7119ba5c14094ef8da5545ce237b
777a900b48ed2b99b8a4ba93c8a314ee3caeba5ab77e866c8e5ef494f188c1f9
786d190bd0c55665bcf263abf1513e0d3325bffaaa2668910f9ce9dcb7d7d074
7ad474fa92add6794702b5c0858699fcd140b0e4f25439c8292ec815818fd1cb
7c9a5ba4f480cd0682d3d8948ebc4332e4c21df143b9fd654a3e642d190e0266
7f3f58c2fd4529fffc91067658a9689ffc59257d6e329de3f156539fdc9d44c3
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80325753dfda513353d6498662f2c01a3d9d588f73a048082e1dafb59399fd94
81e6c87636a663c4a41f849c88b600fbed51d9595692bbd50dd7d3fcdcd0e970
8280efada34b3ac1a4c4a6ce816db75de8c5b8d3a353eb70abf35d1ca9b8244a
82eb45a4b3636bf0f88a983199c0830c5e5b64c53ec73684889b69ffeb0be421
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8515bd40d8243dbc1e8e7e1735fbda57340c0e5b4d00b6fb3b4aabd7c486b3cb
8887246fdae6a5bde33313c306ca108fbb99f4bd5fc82eab0d675a4162105b4f
89cb81b15741129a01edcb8665b1f6172e270197a1335e9f0db3558e6c338a60
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b88ddfa92e4cb2646d5c7e19274939caa3495dcb33c307f1bbaec31b1d9691a
8bdab1eac9d2b05029f47b7436dfacc93b2cc5f89f4b8dff900c98c9a0774ebd
8c37ae2200920054feed3fadab84fae9d954ce1882f8c21381eb0002d21a301f
90dd355c112d81a2acb4e3647df6d4a7cf473b52e46cc8ddb81e950b81330075
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9396b68277405a18cffb030d6595127067d80eeb3d1b600528f253b144e1fb67
9444735efef35f26725c4e3cc87b7c77970103af8999e71d427d0dbe0fe85a95
96ed609b415be6ee67eadb8d2de7ce64d13de9c928bce8e1373bec97e233e74c
984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4
993dd9c705fd43f0ae68f0f6bd7dd6e40e1120a16327b21339f5da90bc238c28
9af6550ca2c42a37009bae2158dca11ca60287039f406a7cc4b6b1df1185ecfd
9d66a122d9849ec2d6665a9b55df6ac3fef29e50b712588ab729aaab7b6e949a
a05b6b902fc0110a35204d05a8360b0fcff6bf23859f7fca952444bf6184b248
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a41be3ded7940a43feaa525b9b1c44f29815fdd4cd61cc0910d13356312e98e7
a59455402cb06fdade0b4c6ca2c44f2f627a085fb354b911531235c4c4f538a3
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9
a791e9bd4e929f0f5db01e6c8bbfbfc3aea7265a8ff98535822f27bb1d63e0d2
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
a80fa23d5536127b483ded3399381e99210ac0dc61ee6e9d4d90cf3a9ad57cf5
a9ef96a6e42d0f18408d38c4c7bd5bae4e9e72e8d3cc600cf6b760e37219a47a
a9face165b5af8cc8cd1aef61858dc946c4296ee34ef63790747394d4f25c38b
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae407e415a45b6c720d8d61fef8c28756883d0f546a64e7a2969d6174c669951
aeb08680a67ab108b80d0d5eca97457046c90c4d885d817aac059ed5b47b5fbc
aef991b2e0b693a95d41986576dd3901ea7ac03b379501b1caba966058753308
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3c7fc0cf7be713a4e97298f59db197355a9bdbd1d55944e6d8a4006f1a01cf6
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b7db90d988f2d569ee665c1666e383f3ccb226e4532320946bb42d09702c6ed8
b94c0c588c960ee9b1b4fdc774c776f770059745e5219ecc28c1cbe5f633ba84
baccc36f4643b5739459f6075bbe88ef37d443e9c6a87e7b9f5c617774732094
bcdf7b6ec5fe23c3049d66b4a6f1881cb1a6dfbbbd52088c60b4f0b6c538f36d
bdc6f35981582b0bb0423b70243eac10776c99215aaa26dede1b002555215e99
be33982ff67c790e285661853e12db59cb0cc76f417f924715f366ee1e269881
bf8a3d71354828a837da5f234fdeab608b2e535b11b4851e89d75b1686686635
c4a7b4babd8d76af2ddc0840bda733cd5a0b409895bb74d5302ff1155c9b32bc
c52bdd7ff253ce5e7c1ccde55d3292769f342c125b30a1494273ae6e7a10ffbc
c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374
ca5398fb76a3d11f43a00312ca1f4a0b11cc37d1925d82bcc80c906ffc956ff2
cd65be12262a2774c87d77fbbeccf6a965c2455bca82031acbe6838db0c489b0
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
ce71363b5a1b172c880a24b3d86ca0fa71449bd12181ddaece00b3c4046c788a
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d0cbfb1ab0f94123834567e32df7ec74a1c210793f797368d41a4b4c2732d4a0
d3a596f4c7ac754b8f88aadb4987603e4b56a82b074e14d1a60b2f2cc7429e9d
d544eae637d61ee786c0a45bb0a7f250f9280bcd2ea1576655a761f1d397b8df
d9417079952dbe5d1b1bc0bf209d04bcf97459ce3c271837b4d9c45a48e3ecfa
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9d704f0b7a23f56e6ba623424e2ab48dcd02522940f8c2302fed24aa211e7e5
da3e524928bcca821af2551eb6f9e9ae2449ceb48642cce4f2dae23383098537
db03313b117d5687f500d3a57cf5a279c0e9c92cf8b2182b5ec74257257537c3
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df159001a0a1435516d4e08113d1809e5ebae43c5fc6ef7e602c99ea001dd154
e098e7520dbccfe6cdaa96ce30b3245894b060fdc2d31145e870c81432cff684
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a66d01f6e756434873901b4c7c7fd74d0a2c08710e8e2bec2113f97dcff2d6
e77c417c9fc9dcc933e5efb242db4d753ec2f56bc6de6cecf98b840ed43520f8
e9e40f737e08ad5b6c7ec3d3ee2232ce91f00b1f4f753c79f5e8e4f74c1c4a60
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f00dd1db7de0e8916241284a33f65ff7a044c45ed2a7c1ee969f084cf6b0d63b
f0b5290ffd7ebefe5bb9d7cde55f244efb5076db25b9b2a85b9d1b14f7972d25
f222b8651351111e82ef8945a8c517760db1785817eb8b9fde02ae8bdbc8bd49
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
fdc4e7018e32dd41910ef282b928b80d6394af42d140872c89872784b95e73d7
ff372adc4cf4262bb789e8cd8c4d390bd6f2ff1e99ec9ebb9e3de24cd679ea5d

www.komando.com Open in urlscan Pro 2606:4700::6812:a460 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

323 Requests

91 %HTTPS

35 %IPv6

62 Domains

105 Subdomains

77 IPs

9 Countries

3610 kBTransfer

14438 kBSize

44 Cookies

31 Outgoing links

Redirected requests

323 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.komando.com Open in urlscan Pro
2606:4700::6812:a460 Public Scan

Screenshot
Live screenshot

Full Image

323
Requests

91 %
HTTPS

35 %
IPv6

62
Domains

105
Subdomains

77
IPs

9
Countries

3610 kB
Transfer

14438 kB
Size

44
Cookies

323 HTTP transactions
17 data transactions