urlscan.io logo urlscan.io
SecurityTrails logo

philadelphia.cbslocal.com Open in urlscan Pro
192.0.79.33  Public Scan

Go To Rescan Add Verdict Report
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Submission: On September 19 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 88 IPs in 7 countries across 67 domains to perform 360 HTTP transactions. The main IP is 192.0.79.33, located in San Francisco, United States and belongs to AUTOMATTIC - Automattic, Inc, US. The main domain is philadelphia.cbslocal.com.
This is the only time philadelphia.cbslocal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 192.0.79.33 2635 (AUTOMATTIC)
1 192.0.78.19 2635 (AUTOMATTIC)
1 151.101.113.198 54113 (FASTLY)
25 192.0.77.32 2635 (AUTOMATTIC)
2 52.216.32.106 16509 (AMAZON-02)
2 198.232.125.123 54104 (AS-NETDNA)
2 2a00:1450:400... 15169 (GOOGLE)
3 23.53.173.136 20940 (AKAMAI-ASN1)
2 104.16.16.35 13335 (CLOUDFLAR...)
5 2a00:1450:400... 15169 (GOOGLE)
14 34.202.58.138 14618 (AMAZON-AES)
3 52.84.26.47 16509 (AMAZON-02)
1 36 192.0.72.21 2635 (AUTOMATTIC)
9 205.185.208.126 20446 (HIGHWINDS3)
3 192.0.73.2 2635 (AUTOMATTIC)
9 31.24.80.101 56464 (VIBRANT-EU)
4 192.0.76.3 2635 (AUTOMATTIC)
1 52.84.26.236 16509 (AMAZON-02)
1 52.84.31.103 16509 (AMAZON-02)
3 54.72.198.94 16509 (AMAZON-02)
4 66.235.148.64 15224 (OMNITURE)
1 1 66.117.28.86 15224 (OMNITURE)
1 2 23.53.174.58 20940 (AKAMAI-ASN1)
2 21 151.101.114.2 54113 (FASTLY)
1 52.84.29.216 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 52.85.88.108 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 18 172.217.17.130 15169 (GOOGLE)
1 2a03:2880:f01... 32934 (FACEBOOK)
1 2606:2800:234... 15133 (EDGECAST)
2 52.85.93.72 16509 (AMAZON-02)
2 52.85.93.206 16509 (AMAZON-02)
1 6 95.100.248.105 20940 (AKAMAI-ASN1)
33 23.53.175.46 20940 (AKAMAI-ASN1)
3 2400:cb00:204... 13335 (CLOUDFLAR...)
14 2a00:1450:400... 15169 (GOOGLE)
1 34.231.117.225 14618 (AMAZON-AES)
1 95.100.248.112 20940 (AKAMAI-ASN1)
1 52.19.73.66 16509 (AMAZON-02)
2 52.85.89.95 16509 (AMAZON-02)
4 54.231.72.195 16509 (AMAZON-02)
1 95.101.241.152 16625 (AKAMAI-AS)
1 23.53.175.42 20940 (AKAMAI-ASN1)
1 104.16.25.235 13335 (CLOUDFLAR...)
3 151.101.112.249 54113 (FASTLY)
1 178.250.0.67 44788 (ASN-CRITE...)
2 52.20.191.180 14618 (AMAZON-AES)
4 4 185.33.223.206 29990 (ASN-APPNEXUS)
2 52.208.96.211 16509 (AMAZON-02)
4 4 172.217.22.34 15169 (GOOGLE)
2 52.48.66.100 16509 (AMAZON-02)
8 52.212.134.99 16509 (AMAZON-02)
1 2a03:2880:f11... 32934 (FACEBOOK)
1 178.250.0.100 44788 (ASN-CRITE...)
2 2 185.33.223.208 29990 (ASN-APPNEXUS)
1 2 23.53.174.16 20940 (AKAMAI-ASN1)
2 162.217.198.29 33695 (SCALEMATRIX)
2 107.22.197.53 14618 (AMAZON-AES)
8 54.192.54.240 16509 (AMAZON-02)
2 52.208.64.124 16509 (AMAZON-02)
1 74.117.199.102 2762 (ADIFY-1)
3 3 185.29.133.58 30419 (MEDIAMATH...)
3 3 184.72.35.80 16509 (AMAZON-02)
1 1 151.101.112.166 54113 (FASTLY)
2 3 104.155.1.176 15169 (GOOGLE)
2 2 35.156.205.1 16509 (AMAZON-02)
3 3 173.241.240.143 36089 (OPENX-AS1)
1 52.49.102.241 16509 (AMAZON-02)
3 3 184.169.142.67 16509 (AMAZON-02)
2 151.101.114.49 54113 (FASTLY)
1 2 52.73.89.197 14618 (AMAZON-AES)
2 2 52.3.95.241 16509 (AMAZON-02)
1 1 52.2.84.170 16509 (AMAZON-02)
1 34.212.9.224 16509 (AMAZON-02)
2 3 185.57.60.185 201979 (TAPAD-AM1)
1 34.252.181.159 16509 (AMAZON-02)
2 2 95.101.241.61 16625 (AKAMAI-AS)
1 38.106.10.132 174 (COGENT-174)
1 1 54.72.169.137 16509 (AMAZON-02)
1 1 35.156.23.61 16509 (AMAZON-02)
1 95.172.94.11 15570 (Internap ...)
1 52.59.88.2 16509 (AMAZON-02)
1 52.10.154.150 16509 (AMAZON-02)
1 1 8.41.222.241 26120 (RHYTHMONE)
1 52.85.89.63 16509 (AMAZON-02)
3 2a00:1450:401... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 52.51.73.34 16509 (AMAZON-02)
6 2a02:26f0:78:... 20940 (AKAMAI-ASN1)
1 52.84.26.155 16509 (AMAZON-02)
2 2 216.58.210.6 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 23.53.174.233 20940 (AKAMAI-ASN1)
3 52.208.229.32 16509 (AMAZON-02)
2 52.22.138.219 14618 (AMAZON-AES)
1 94.31.29.250 6461 (ZAYO-6461)
1 34.206.181.118 14618 (AMAZON-AES)
1 52.20.69.247 14618 (AMAZON-AES)
18 52.216.128.43 16509 (AMAZON-02)
1 130.211.42.235 15169 (GOOGLE)
2 52.54.205.204 14618 (AMAZON-AES)
1 34.231.142.135 14618 (AMAZON-AES)
1 2 216.52.1.12 30282 (AS-INAPCD...)
360 88
2    192.0.79.33 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: wordpress.com
philadelphia.cbslocal.com
1    192.0.78.19 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
r-login.wordpress.com
1    151.101.113.198 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
mtrx.go.sonobi.com
25    192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: wordpress.com
s1.wp.com
s0.wp.com
2    52.216.32.106 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-website-us-east-1.amazonaws.com
wayne.cbslocal.com
2    198.232.125.123 (Los Angeles, United States)

ASN54104 (AS-NETDNA - netDNA, US)
PTR: 123-125-232-198.static.unitasglobal.net
maxcdn.bootstrapcdn.com
2    2a00:1450:4001:816::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
fonts.googleapis.com
imasdk.googleapis.com
3    23.53.173.136 (Cambridge, United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-53-173-136.deploy.static.akamaitechnologies.com
assets.adobedtm.com
2    104.16.16.35 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)
s7.addthis.com
5    2a00:1450:4001:816::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
apis.google.com
www.google-analytics.com
14    34.202.58.138 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-202-58-138.compute-1.amazonaws.com
services.babator.com
3    52.84.26.47 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-84-26-47.ewr50.r.cloudfront.net
native.sharethrough.com
36    192.0.72.21 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
cbsphilly.files.wordpress.com
9    205.185.208.126 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip126.ssl.hwcdn.net
w3.cdn.anvato.net
3    192.0.73.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
0.gravatar.com
9    31.24.80.101 (United Kingdom)

ASN56464 (VIBRANT-EU, GB)
philadelphia_cbslocal.us.intellitxt.com
4    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
stats.wp.com
pixel.wp.com
1    52.84.26.236 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-84-26-236.ewr50.r.cloudfront.net
dbg52463.moatads.com
1    52.84.31.103 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-84-31-103.ewr50.r.cloudfront.net
d5i9o0tpq9sa1.cloudfront.net
3    54.72.198.94 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-72-198-94.eu-west-1.compute.amazonaws.com
dpm.demdex.net
4    66.235.148.64 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.d1.sc.omtrdc.net
cbsdigitalmedia.d1.sc.omtrdc.net
1    66.117.28.86 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
cm.everesttech.net
2    23.53.174.58 (Cambridge, United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-53-174-58.deploy.static.akamaitechnologies.com
launch.newsinc.com
21    151.101.114.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
cdn.taboola.com
trc.taboola.com
images.taboola.com
1    52.84.29.216 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-84-29-216.ewr50.r.cloudfront.net
c.amazon-adsystem.com
4    2a00:1450:4001:81f::2002 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
www.googletagservices.com
pagead2.googlesyndication.com
1    52.85.88.108 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-88-108.jfk6.r.cloudfront.net
cdn.yldbt.com
4    2a00:1450:4001:816::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
fonts.gstatic.com
18    172.217.17.130 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: ams15s30-in-f130.1e100.net
securepubads.g.doubleclick.net
1    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net
1    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
platform.twitter.com
2    52.85.93.72 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-93-72.jfk6.r.cloudfront.net
p.cpx.to
2    52.85.93.206 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-93-206.jfk6.r.cloudfront.net
images.intellitxt.com
6    95.100.248.105 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a95-100-248-105.deploy.akamaitechnologies.com
b.scorecardresearch.com
33    23.53.175.46 (Cambridge, United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-53-175-46.deploy.static.akamaitechnologies.com
z.moatads.com
px.moatads.com
3    2400:cb00:2048:1::6819:a322 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)
tru.am
14    2a00:1450:400e:807::2001 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
tpc.googlesyndication.com
1    34.231.117.225 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-231-117-225.compute-1.amazonaws.com
i.yldbt.com
1    95.100.248.112 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a95-100-248-112.deploy.akamaitechnologies.com
edge.quantserve.com
1    52.19.73.66 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-19-73-66.eu-west-1.compute.amazonaws.com
ad.crwdcntrl.net
2    52.85.89.95 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-89-95.jfk6.r.cloudfront.net
d1marr3m5x4iac.cloudfront.net
4    54.231.72.195 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1-w.amazonaws.com
anvato-api-config.s3.amazonaws.com
cbslocal-uploads.s3.amazonaws.com
cbslocal-download.s3.amazonaws.com
1    95.101.241.152 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-241-152.deploy.akamaitechnologies.com
wsidata.weather.com
1    23.53.175.42 (Cambridge, United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-53-175-42.deploy.static.akamaitechnologies.com
api.wunderground.com
1    104.16.25.235 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)
m.addthisedge.com
3    151.101.112.249 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
0914.global.ssl.fastly.net
1    178.250.0.67 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    52.20.191.180 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-20-191-180.compute-1.amazonaws.com
c.newsinc.com
4    185.33.223.206 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
secure.adnxs.com
ib.adnxs.com
2    52.208.96.211 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-208-96-211.eu-west-1.compute.amazonaws.com
s.cpx.to
4    172.217.22.34 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: fra15s16-in-f2.1e100.net
cm.g.doubleclick.net
2    52.48.66.100 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-48-66-100.eu-west-1.compute.amazonaws.com
s.cpx.to
8    52.212.134.99 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-212-134-99.eu-west-1.compute.amazonaws.com
sync.go.sonobi.com
1    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
www.facebook.com
1    178.250.0.100 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: rtax.criteo.com
rtax.criteo.com
2    185.33.223.208 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
ib.adnxs.com
2    23.53.174.16 (Cambridge, United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-53-174-16.deploy.static.akamaitechnologies.com
ssum.casalemedia.com
2    162.217.198.29 (Irvine, United States)

ASN33695 (SCALEMATRIX - ScaleMatrix, US)
PTR: sandiego.ar01.host28.scalematrix.net
ev.cbslocal.com
eventful.com
2    107.22.197.53 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-107-22-197-53.compute-1.amazonaws.com
tkx2-prod.anvato.net
8    54.192.54.240 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-54-240.jfk6.r.cloudfront.net
cdn.babator.com
2    52.208.64.124 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-208-64-124.eu-west-1.compute.amazonaws.com
keymaker.go.sonobi.com
1    74.117.199.102 (San Bruno, United States)

ASN2762 (ADIFY-1 - ADIFY CORPORATION, US)
ad.afy11.net
3    185.29.133.58 (United Kingdom)

ASN30419 (MEDIAMATH-INC - MediaMath Inc, US)
sync.mathtag.com
3    184.72.35.80 (San Jose, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-184-72-35-80.us-west-1.compute.amazonaws.com
match.adsrvr.org
1    151.101.112.166 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
bh.contextweb.com
3    104.155.1.176 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: 176.1.155.104.bc.googleusercontent.com
x.bidswitch.net
2    35.156.205.1 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-156-205-1.eu-central-1.compute.amazonaws.com
p.adsymptotic.com
3    173.241.240.143 (New York, United States)

ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US)
PTR: ox-173-241-240-143.xa.dc.openx.org
us-u.openx.net
1    52.49.102.241 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-49-102-241.eu-west-1.compute.amazonaws.com
apex.go.sonobi.com
3    184.169.142.67 (San Jose, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-184-169-142-67.us-west-1.compute.amazonaws.com
match.adsrvr.org
2    151.101.114.49 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
match.taboola.com
2    52.73.89.197 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-73-89-197.compute-1.amazonaws.com
i.liadm.com
2    52.3.95.241 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-3-95-241.compute-1.amazonaws.com
idsync.rlcdn.com
1    52.2.84.170 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-2-84-170.compute-1.amazonaws.com
e.nexac.com
1    34.212.9.224 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-212-9-224.us-west-2.compute.amazonaws.com
x.dlx.addthis.com
3    185.57.60.185 (Netherlands)

ASN201979 (TAPAD-AM1, NL)
pixel.tapad.com
1    34.252.181.159 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-252-181-159.eu-west-1.compute.amazonaws.com
ml314.com
2    95.101.241.61 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-101-241-61.deploy.akamaitechnologies.com
tags.bluekai.com
1    38.106.10.132 (United States)

ASN174 (COGENT-174 - Cogent Communications, US)
pxl.connexity.net
1    54.72.169.137 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-72-169-137.eu-west-1.compute.amazonaws.com
aa.agkn.com
1    35.156.23.61 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-156-23-61.eu-central-1.compute.amazonaws.com
d.agkn.com
1    95.172.94.11 (United Kingdom)

ASN15570 (Internap European Autonomous System, GB)
PTR: pixel.quantserve.com
pixel.quantserve.com
1    52.59.88.2 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-59-88-2.eu-central-1.compute.amazonaws.com
mms.cbslocal.com
1    52.10.154.150 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-10-154-150.us-west-2.compute.amazonaws.com
www.summerhamster.com
1    8.41.222.241 (United States)

ASN26120 (RHYTHMONE - RhythmOne, LLC, US)
sync.rhythmxchange.com
1    52.85.89.63 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-89-63.jfk6.r.cloudfront.net
d1marr3m5x4iac.cloudfront.net
3    2a00:1450:401b:801::2004 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
www.google.com
2    2a00:1450:4001:81e::2002 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
pagead2.googlesyndication.com
2    52.51.73.34 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-51-73-34.eu-west-1.compute.amazonaws.com
a.teads.tv
6    2a02:26f0:78::5f64:f863 (European Union)

ASN20940 (AKAMAI-ASN1, US)
vodtv.cbslocal.com.edgesuite.net
1    52.84.26.155 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-84-26-155.ewr50.r.cloudfront.net
platform-cdn.sharethrough.com
2    216.58.210.6 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: fra16s07-in-f6.1e100.net
ad.doubleclick.net
2    2a00:1450:4001:816::2006 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
s1.2mdn.net
s0.2mdn.net
1    23.53.174.233 (Cambridge, United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-53-174-233.deploy.static.akamaitechnologies.com
cdn.teads.tv
3    52.208.229.32 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-208-229-32.eu-west-1.compute.amazonaws.com
t.teads.tv
2    52.22.138.219 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-22-138-219.compute-1.amazonaws.com
cbsdigitalmedia.hb.omtrdc.net
1    94.31.29.250 (United Kingdom)

ASN6461 (ZAYO-6461 - Zayo Bandwidth Inc, US)
PTR: 94.31.29.250.IPYX-077437-ZYO.above.net
cdn.connatix.com
1    34.206.181.118 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-206-181-118.compute-1.amazonaws.com
b.sharethrough.com
1    52.20.69.247 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-20-69-247.compute-1.amazonaws.com
api.connatix.com
18    52.216.128.43 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1-w.amazonaws.com
cbslocal-uploads.s3.amazonaws.com
load.s3.amazonaws.com
1    130.211.42.235 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: 235.42.211.130.bc.googleusercontent.com
rt.analytics.anvato.net
2    52.54.205.204 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-54-205-204.compute-1.amazonaws.com
cbsdigitalmedia.hb.omtrdc.net
1    34.231.142.135 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-231-142-135.compute-1.amazonaws.com
cbsdigitalmedia.hb.omtrdc.net
2    216.52.1.12 (United States)

ASN30282 (AS-INAPCDN-OCY - Internap Network Services Corporation, US)
loadus.exelator.com
loadm.exelator.com
Apex Domain
Subdomains		 Transfer
37 wordpress.com
r-login.wordpress.com
cbsphilly.files.wordpress.com
638 KB
34 moatads.com
dbg52463.moatads.com
z.moatads.com
px.moatads.com
262 KB
29 wp.com
s1.wp.com
s0.wp.com
stats.wp.com
pixel.wp.com
502 KB
24 doubleclick.net
securepubads.g.doubleclick.net
cm.g.doubleclick.net
ad.doubleclick.net
175 KB
23 taboola.com
cdn.taboola.com
trc.taboola.com
match.taboola.com
images.taboola.com
226 KB
22 amazonaws.com
anvato-api-config.s3.amazonaws.com
cbslocal-uploads.s3.amazonaws.com
cbslocal-download.s3.amazonaws.com
load.s3.amazonaws.com
2 MB
22 babator.com
services.babator.com
cdn.babator.com
4 MB
18 googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
172 KB
12 anvato.net
w3.cdn.anvato.net
tkx2-prod.anvato.net
rt.analytics.anvato.net
2 MB
12 sonobi.com
mtrx.go.sonobi.com
sync.go.sonobi.com
keymaker.go.sonobi.com
apex.go.sonobi.com
16 KB
11 intellitxt.com
philadelphia_cbslocal.us.intellitxt.com
images.intellitxt.com
40 KB
9 omtrdc.net
cbsdigitalmedia.d1.sc.omtrdc.net
cbsdigitalmedia.hb.omtrdc.net
360 B
6 edgesuite.net
vodtv.cbslocal.com.edgesuite.net
7 MB
6 teads.tv
a.teads.tv
cdn.teads.tv
sync.teads.tv Failed
t.teads.tv
145 KB
6 adsrvr.org
match.adsrvr.org
4 KB
6 adnxs.com
secure.adnxs.com
ib.adnxs.com
5 KB
6 scorecardresearch.com
b.scorecardresearch.com
2 KB
6 cpx.to
p.cpx.to
s.cpx.to
2 KB
6 cbslocal.com
philadelphia.cbslocal.com
wayne.cbslocal.com
my.cbslocal.com Failed
ev.cbslocal.com
mms.cbslocal.com
35 KB
5 sharethrough.com
native.sharethrough.com
platform-cdn.sharethrough.com
b.sharethrough.com
224 KB
5 google.com
apis.google.com
www.google.com
63 KB
4 gstatic.com
fonts.gstatic.com
118 KB
4 newsinc.com
launch.newsinc.com
c.newsinc.com
78 KB
4 cloudfront.net
d5i9o0tpq9sa1.cloudfront.net
d1marr3m5x4iac.cloudfront.net
d3135glefggiep.cloudfront.net Failed
1 KB
3 tapad.com
pixel.tapad.com
1 KB
3 openx.net
us-u.openx.net
1 KB
3 bidswitch.net
x.bidswitch.net
1 KB
3 mathtag.com
sync.mathtag.com
2 KB
3 fastly.net
0914.global.ssl.fastly.net
97 B
3 google-analytics.com
www.google-analytics.com
16 KB
3 tru.am
tru.am
12 KB
3 demdex.net
dpm.demdex.net
fast.cbs-local.demdex.net Failed
529 B
3 gravatar.com
0.gravatar.com
9 KB
3 addthis.com
s7.addthis.com
x.dlx.addthis.com
192 KB
3 adobedtm.com
assets.adobedtm.com
47 KB
2 exelator.com
loadus.exelator.com
loadm.exelator.com
3 KB
2 connatix.com
cdn.connatix.com
u.connatix.com Failed
api.connatix.com
98 KB
2 2mdn.net
s1.2mdn.net
s0.2mdn.net
18 KB
2 agkn.com
aa.agkn.com
d.agkn.com
1 KB
2 bluekai.com
tags.bluekai.com
1 KB
2 rlcdn.com
idsync.rlcdn.com
1 KB
2 liadm.com
i.liadm.com
444 B
2 adsymptotic.com
p.adsymptotic.com
1005 B
2 casalemedia.com
ssum.casalemedia.com
750 B
2 criteo.com
gum.criteo.com
rtax.criteo.com
217 B
2 quantserve.com
edge.quantserve.com
pixel.quantserve.com
5 KB
2 yldbt.com
cdn.yldbt.com
i.yldbt.com
7 KB
2 googletagservices.com
www.googletagservices.com
8 KB
2 googleapis.com
fonts.googleapis.com
imasdk.googleapis.com
68 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com
61 KB
1 summerhamster.com
www.summerhamster.com
43 B
1 connexity.net
pxl.connexity.net
55 B
1 ml314.com
ml314.com
43 B
1 nexac.com
e.nexac.com
315 B
1 contextweb.com
bh.contextweb.com
870 B
1 rhythmxchange.com
sync.rhythmxchange.com Failed
534 B
1 afy11.net
ad.afy11.net
45 B
1 eventful.com
eventful.com
3 KB
1 facebook.com
www.facebook.com
staticxx.facebook.com Failed
66 B
1 addthisedge.com
m.addthisedge.com
525 B
1 wunderground.com
api.wunderground.com
3 KB
1 weather.com
wsidata.weather.com
5 KB
1 crwdcntrl.net
ad.crwdcntrl.net
82 B
1 twitter.com
platform.twitter.com
34 KB
1 facebook.net
connect.facebook.net
62 KB
1 amazon-adsystem.com
c.amazon-adsystem.com
7 KB
1 everesttech.net
cm.everesttech.net
526 B
360 67
Domain Requested by
36 cbsphilly.files.wordpress.com 1 redirects philadelphia.cbslocal.com
27 px.moatads.com philadelphia.cbslocal.com
18 cbslocal-uploads.s3.amazonaws.com w3.cdn.anvato.net
philadelphia.cbslocal.com
18 securepubads.g.doubleclick.net 1 redirects www.googletagservices.com
securepubads.g.doubleclick.net
philadelphia.cbslocal.com
14 tpc.googlesyndication.com securepubads.g.doubleclick.net
philadelphia.cbslocal.com
14 services.babator.com philadelphia.cbslocal.com
services.babator.com
cdn.babator.com
14 s1.wp.com philadelphia.cbslocal.com
s0.wp.com
11 s0.wp.com philadelphia.cbslocal.com
9 philadelphia_cbslocal.us.intellitxt.com philadelphia.cbslocal.com
philadelphia_cbslocal.us.intellitxt.com
images.intellitxt.com
9 w3.cdn.anvato.net philadelphia.cbslocal.com
w3.cdn.anvato.net
8 images.taboola.com philadelphia.cbslocal.com
8 cdn.babator.com services.babator.com
cdn.babator.com
8 sync.go.sonobi.com mtrx.go.sonobi.com
philadelphia.cbslocal.com
8 trc.taboola.com 2 redirects philadelphia.cbslocal.com
cdn.taboola.com
6 vodtv.cbslocal.com.edgesuite.net w3.cdn.anvato.net
6 match.adsrvr.org 6 redirects
6 z.moatads.com philadelphia.cbslocal.com
securepubads.g.doubleclick.net
6 b.scorecardresearch.com 1 redirects philadelphia.cbslocal.com
cdn.taboola.com
5 cbsdigitalmedia.hb.omtrdc.net w3.cdn.anvato.net
5 cdn.taboola.com s0.wp.com
philadelphia.cbslocal.com
cdn.taboola.com
4 pagead2.googlesyndication.com securepubads.g.doubleclick.net
4 cm.g.doubleclick.net 4 redirects
4 s.cpx.to philadelphia.cbslocal.com
4 fonts.gstatic.com philadelphia.cbslocal.com
w3.cdn.anvato.net
4 cbsdigitalmedia.d1.sc.omtrdc.net assets.adobedtm.com
philadelphia.cbslocal.com
3 t.teads.tv philadelphia.cbslocal.com
3 www.google.com securepubads.g.doubleclick.net
philadelphia.cbslocal.com
3 pixel.tapad.com 2 redirects philadelphia.cbslocal.com
3 us-u.openx.net 3 redirects
3 x.bidswitch.net 2 redirects philadelphia.cbslocal.com
3 sync.mathtag.com 3 redirects
3 ib.adnxs.com 3 redirects
3 secure.adnxs.com 3 redirects
3 0914.global.ssl.fastly.net s0.wp.com
philadelphia.cbslocal.com
3 d1marr3m5x4iac.cloudfront.net philadelphia.cbslocal.com
s0.wp.com
3 pixel.wp.com philadelphia.cbslocal.com
3 www.google-analytics.com philadelphia.cbslocal.com
3 tru.am s0.wp.com
tru.am
3 dpm.demdex.net assets.adobedtm.com
philadelphia.cbslocal.com
w3.cdn.anvato.net
3 0.gravatar.com philadelphia.cbslocal.com
s0.wp.com
3 native.sharethrough.com philadelphia.cbslocal.com
securepubads.g.doubleclick.net
s0.wp.com
3 assets.adobedtm.com philadelphia.cbslocal.com
assets.adobedtm.com
2 ad.doubleclick.net 2 redirects
2 a.teads.tv securepubads.g.doubleclick.net
cdn.teads.tv
2 cbslocal-download.s3.amazonaws.com w3.cdn.anvato.net
2 tags.bluekai.com 2 redirects
2 idsync.rlcdn.com 2 redirects
2 i.liadm.com 1 redirects philadelphia.cbslocal.com
2 match.taboola.com philadelphia.cbslocal.com
2 p.adsymptotic.com 2 redirects
2 keymaker.go.sonobi.com mtrx.go.sonobi.com
2 tkx2-prod.anvato.net w3.cdn.anvato.net
2 ssum.casalemedia.com 1 redirects philadelphia.cbslocal.com
2 c.newsinc.com launch.newsinc.com
2 images.intellitxt.com philadelphia_cbslocal.us.intellitxt.com
images.intellitxt.com
2 p.cpx.to philadelphia.cbslocal.com
2 www.googletagservices.com philadelphia.cbslocal.com
a.teads.tv
2 launch.newsinc.com 1 redirects philadelphia.cbslocal.com
2 apis.google.com philadelphia.cbslocal.com
apis.google.com
2 s7.addthis.com philadelphia.cbslocal.com
s7.addthis.com
2 maxcdn.bootstrapcdn.com philadelphia.cbslocal.com
2 wayne.cbslocal.com philadelphia.cbslocal.com
2 philadelphia.cbslocal.com cdn.babator.com
1 load.s3.amazonaws.com
1 loadm.exelator.com 1 redirects
1 loadus.exelator.com s0.wp.com
loadus.exelator.com
1 rt.analytics.anvato.net
1 api.connatix.com cdn.connatix.com
1 b.sharethrough.com philadelphia.cbslocal.com
1 cdn.connatix.com philadelphia.cbslocal.com
1 s0.2mdn.net imasdk.googleapis.com
1 cdn.teads.tv a.teads.tv
1 s1.2mdn.net philadelphia.cbslocal.com
1 platform-cdn.sharethrough.com native.sharethrough.com
1 imasdk.googleapis.com w3.cdn.anvato.net
imasdk.googleapis.com
1 www.summerhamster.com philadelphia.cbslocal.com
1 mms.cbslocal.com s0.wp.com
1 pixel.quantserve.com philadelphia.cbslocal.com
1 d.agkn.com 1 redirects
1 aa.agkn.com 1 redirects
1 pxl.connexity.net philadelphia.cbslocal.com
1 ml314.com philadelphia.cbslocal.com
1 x.dlx.addthis.com philadelphia.cbslocal.com
1 e.nexac.com 1 redirects
1 apex.go.sonobi.com mtrx.go.sonobi.com
1 bh.contextweb.com 1 redirects
1 sync.rhythmxchange.com philadelphia.cbslocal.com
1 ad.afy11.net philadelphia.cbslocal.com
1 eventful.com d1marr3m5x4iac.cloudfront.net
1 ev.cbslocal.com philadelphia.cbslocal.com
1 rtax.criteo.com philadelphia.cbslocal.com
1 www.facebook.com philadelphia.cbslocal.com
1 gum.criteo.com native.sharethrough.com
1 m.addthisedge.com s7.addthis.com
1 api.wunderground.com s0.wp.com
1 wsidata.weather.com s0.wp.com
1 anvato-api-config.s3.amazonaws.com w3.cdn.anvato.net
1 ad.crwdcntrl.net launch.newsinc.com
1 edge.quantserve.com launch.newsinc.com
1 i.yldbt.com cdn.yldbt.com
1 platform.twitter.com s1.wp.com
platform.twitter.com
1 connect.facebook.net philadelphia.cbslocal.com
1 cdn.yldbt.com philadelphia.cbslocal.com
1 c.amazon-adsystem.com philadelphia.cbslocal.com
1 cm.everesttech.net 1 redirects
1 d5i9o0tpq9sa1.cloudfront.net philadelphia.cbslocal.com
1 dbg52463.moatads.com philadelphia.cbslocal.com
1 stats.wp.com philadelphia.cbslocal.com
1 fonts.googleapis.com philadelphia.cbslocal.com
1 mtrx.go.sonobi.com philadelphia.cbslocal.com
1 r-login.wordpress.com philadelphia.cbslocal.com
0 u.connatix.com Failed cdn.connatix.com
0 sync.teads.tv Failed philadelphia.cbslocal.com
0 d3135glefggiep.cloudfront.net Failed w3.cdn.anvato.net
0 staticxx.facebook.com Failed philadelphia.cbslocal.com
connect.facebook.net
0 my.cbslocal.com Failed s0.wp.com
0 fast.cbs-local.demdex.net Failed assets.adobedtm.com
360 117
Subject Issuer Validity Valid
*.wordpress.com
Go Daddy Secure Certificate Authority - G2		 2015-09-06 -
2018-10-14		 3 years crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2017-01-04 -
2019-02-04		 2 years crt.sh
*.wp.com
Go Daddy Secure Certificate Authority - G2		 2015-04-22 -
2018-05-11		 3 years crt.sh
*.googleapis.com
Google Internet Authority G2		 2017-09-13 -
2017-12-06		 3 months crt.sh
*.google.com
Google Internet Authority G2		 2017-09-13 -
2017-12-06		 3 months crt.sh
*.babator.com
Go Daddy Secure Certificate Authority - G2		 2016-10-10 -
2017-11-17		 a year crt.sh
*.files.wordpress.com
Go Daddy Secure Certificate Authority - G2		 2016-01-16 -
2019-02-23		 3 years crt.sh
*.g.doubleclick.net
Google Internet Authority G2		 2017-09-13 -
2017-12-06		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2016-12-09 -
2018-01-25		 a year crt.sh
moatads.com
Symantec Class 3 ECC 256 bit SSL CA - G2		 2017-05-12 -
2018-05-12		 a year crt.sh
*.google-analytics.com
Google Internet Authority G2		 2017-09-13 -
2017-12-06		 3 months crt.sh
*.cloudfront.net
Symantec Class 3 Secure Server CA - G4		 2016-10-26 -
2017-12-17		 a year crt.sh
www.weather.com
Symantec Class 3 ECC 256 bit SSL CA - G2		 2017-08-13 -
2018-08-13		 a year crt.sh
s.cpx.to
COMODO RSA Domain Validation Secure Server CA		 2015-02-10 -
2020-02-09		 5 years crt.sh
*.anvato.net
Go Daddy Secure Certificate Authority - G2		 2016-03-16 -
2018-03-16		 2 years crt.sh
*.afy11.net
Go Daddy Secure Certificate Authority - G2		 2016-09-06 -
2019-09-06		 3 years crt.sh
*.bidswitch.net
COMODO RSA Domain Validation Secure Server CA		 2017-03-14 -
2018-04-13		 a year crt.sh
*.liadm.com
Amazon		 2016-12-09 -
2018-01-09		 a year crt.sh
g2.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2017-09-11 -
2018-01-27		 5 months crt.sh
p.cpx.to
COMODO RSA Domain Validation Secure Server CA		 2015-02-10 -
2020-02-09		 5 years crt.sh
tpc.googlesyndication.com
Google Internet Authority G2		 2017-09-13 -
2017-12-06		 3 months crt.sh
*.doubleclick.net
Google Internet Authority G2		 2017-09-13 -
2017-12-06		 3 months crt.sh
*.exelator.com
Go Daddy Secure Certificate Authority - G2		 2017-05-25 -
2019-06-25		 2 years crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2016-07-29 -
2017-11-29		 a year crt.sh

This page contains 21 frames:

Primary Page: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Frame ID: 825.1
Requests: 256 HTTP requests in this frame

Frame: http://fast.cbs-local.demdex.net/dest5.html?d_nsid=0
Frame ID: 825.3
Requests: 1 HTTP requests in this frame

Frame: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/anvhtml5.css
Frame ID: 825.4
Requests: 68 HTTP requests in this frame

Frame: https://my.cbslocal.com/mycbslocal/pages/Login.aspx
Frame ID: 825.5
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/twitter_cookies.html?namespace=twttr%3Acookies&origin=http%3A%2F%2Fphiladelphia.cbslocal.com
Frame ID: 825.6
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/5oivrH7Newv.js?version=42
Frame ID: 825.7
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/5oivrH7Newv.js?version=42
Frame ID: 825.8
Requests: 1 HTTP requests in this frame

Frame: http://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=cd8a9580-44cd-4702-a0ad-0783408161d5&tbid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
Frame ID: 825.9
Requests: 10 HTTP requests in this frame

Frame: http://trc.taboola.com/cbslocaltv-philadelphia/log/3/available
Frame ID: 825.11
Requests: 1 HTTP requests in this frame

Frame: http://d3135glefggiep.cloudfront.net/anvtp.html?pinstance=p0&tsoffset=1505832022750
Frame ID: 825.20
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20170913/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 825.12
Requests: 8 HTTP requests in this frame

Frame: http://native.sharethrough.com/assets/sfp-iframe-buster.js
Frame ID: 825.13
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20170913/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 825.14
Requests: 8 HTTP requests in this frame

Frame: http://a.teads.tv/page/12955/tag
Frame ID: 825.16
Requests: 5 HTTP requests in this frame

Frame: data://truncated
Frame ID: 825.19
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20170913/r20110914/client/ext/m_window_focus_non_hydra.js
Frame ID: 825.15
Requests: 8 HTTP requests in this frame

Frame: http://sync.teads.tv/iframe/redirect
Frame ID: 825.22
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: 825.23
Requests: 5 HTTP requests in this frame

Frame: http://imasdk.googleapis.com/js/core/bridge3.179.0_en.html
Frame ID: 825.24
Requests: 1 HTTP requests in this frame

Frame: https://u.connatix.com/iframes%5C44720f84-21ae-4882-bf37-0450bb4a1f13.html
Frame ID: 825.25
Requests: 1 HTTP requests in this frame

Frame: https://loadus.exelator.com/load//net.php?n=PGltZyB3aWR0aD0iMSIgYWx0PSJFeGVsYXRlRGF0YSIgc3JjPSJodHRwczovL3N5bmMubWF0aHRhZy5jb20vc3luYy9pbWc%2FbXRfZXhpZD0xMDAwOCZyZWRpcj1odHRwcyUzQSUyRiUyRmxvYWRtLmV4ZWxhdG9yLmNvbSUyRmxvYWQlMkYlM0ZwJTNEMjA0JTI2ZyUzRDEwMSUyNmolM0QwJTI2YnVpZD1bTU1fVVVJRF0iIGhlaWdodD0iMSI%2BPC9pbWc%2BPGltZyB3aWR0aD0iMSIgYWx0PSJFeGVsYXRlRGF0YSIgc3JjPSJodHRwczovL21hdGNoLmFkc3J2ci5vcmcvdHJhY2svY21mL2dlbmVyaWM%2FdHRkX3BpZD1leGVsYXRlIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgd2lkdGg9IjEiIGFsdD0iRXhlbGF0ZURhdGEiIHNyYz0iaHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWV4ZWxhdGUmZ29vZ2xlX2NtJmdvb2dsZV9zYyIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHdpZHRoPSIxIiBhbHQ9IkV4ZWxhdGVEYXRhIiBzcmM9Imh0dHBzOi8vc3luYy50aWRhbHR2LmNvbS9HZW5lcmljVXNlclN5bmMuYXNoeD9kcGlkPTQiIGhlaWdodD0iMSI%2BPC9pbWc%2BPGltZyB3aWR0aD0iMSIgYWx0PSJFeGVsYXRlRGF0YSIgc3JjPSJodHRwczovL21hdGNoLnJ1bmRzcC5jb20vbWF0Y2guZ2lmP3BhcnRuZXI9bmllbHNlbiZpZD0zMmFkZDI2NzEyZjUyNjdiNzUwYmNkN2Q0MDRiZDkwOSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=9dd239f3554381ae97d55ffd665c4f4f
Frame ID: 825.26
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i

Page Statistics

360
Requests

53 %
HTTPS

13 %
IPv6

67
Domains

117
Subdomains

88
IPs

7
Countries

17948 kB
Transfer

26323 kB
Size

40
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • http://apis.google.com/js/plusone.js?ver=1.0.0 HTTP 307
  • https://apis.google.com/js/plusone.js?ver=1.0.0
Request Chain 37
  • http://cm.everesttech.net/cm/dd?d_uuid=90184013968691222523261840264850251765 HTTP 302
  • http://dpm.demdex.net/ibs:dpid=411&dpuuid=WcEsVQAAAcDbdxet
Request Chain 39
  • http://launch.newsinc.com/js/embed.js HTTP 307
  • http://launch.newsinc.com/207/js/embed.js
Request Chain 46
  • http://cbsphilly.files.wordpress.com/2011/03/phill-bg.jpg HTTP 301
  • https://cbsphilly.files.wordpress.com/2011/03/phill-bg.jpg
Request Chain 63
  • http://connect.facebook.net/en_US/sdk.js?_=1505832021793 HTTP 307
  • https://connect.facebook.net/en_US/sdk.js?_=1505832021793
Request Chain 69
  • http://b.scorecardresearch.com/b?c1=8&c2=6000002&c3=70000&c4=&c5=&c6=&c15=&cv=1.3&cj=1&rn=20170919144022 HTTP 302
  • http://b.scorecardresearch.com/b2?c1=8&c2=6000002&c3=70000&c4=&c5=&c6=&c15=&cv=1.3&cj=1&rn=20170919144022
Request Chain 73
  • http://www.google-analytics.com/ga.js HTTP 307
  • https://www.google-analytics.com/ga.js
Request Chain 86
  • http://www.google-analytics.com/r/__utm.gif?utmwv=5.6.9&utms=1&utmn=1968628252&utmhn=philadelphia.cbslocal.com&utme=8(User%20Type)9(Guest)11(2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%20%C2%AB%20CBS%20Philly&utmhid=1755070634&utmr=-&utmp=%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&utmht=1505832022631&utmac=UA-2438645-53&utmcc=__utma%3D116927303.784117593.1505832023.1505832023.1505832023.1%3B%2B__utmz%3D116927303.1505832023.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1951616096&utmredir=1&utmu=DQAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
  • https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.9&utms=1&utmn=1968628252&utmhn=philadelphia.cbslocal.com&utme=8(User%20Type)9(Guest)11(2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%20%C2%AB%20CBS%20Philly&utmhid=1755070634&utmr=-&utmp=%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&utmht=1505832022631&utmac=UA-2438645-53&utmcc=__utma%3D116927303.784117593.1505832023.1505832023.1505832023.1%3B%2B__utmz%3D116927303.1505832023.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1951616096&utmredir=1&utmu=DQAAAAAAAAAAAAAAAAAAAAAE~
Request Chain 87
  • http://www.google-analytics.com/r/__utm.gif?utmwv=5.6.9&utms=2&utmn=480251593&utmhn=philadelphia.cbslocal.com&utme=8(User%20Type)9(Guest)11(2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%20%C2%AB%20CBS%20Philly&utmhid=1755070634&utmr=-&utmp=%2Fcategory%2Fnews%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F%3Fcat%3Dnews%3Bcat%3Dtalkers%3B&utmht=1505832022634&utmac=UA-17434257-35&utmcc=__utma%3D116927303.784117593.1505832023.1505832023.1505832023.1%3B%2B__utmz%3D116927303.1505832023.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=14500098&utmredir=1&utmmt=1&utmu=DQCAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
  • https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.9&utms=2&utmn=480251593&utmhn=philadelphia.cbslocal.com&utme=8(User%20Type)9(Guest)11(2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%20%C2%AB%20CBS%20Philly&utmhid=1755070634&utmr=-&utmp=%2Fcategory%2Fnews%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F%3Fcat%3Dnews%3Bcat%3Dtalkers%3B&utmht=1505832022634&utmac=UA-17434257-35&utmcc=__utma%3D116927303.784117593.1505832023.1505832023.1505832023.1%3B%2B__utmz%3D116927303.1505832023.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=14500098&utmredir=1&utmmt=1&utmu=DQCAAAAAAAAAAAAAAAAAAAAE~
Request Chain 138
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fca.png%3Fpid%3D11327%26ref%3D%26hn_ver%3D5%26fid%3Dde275265-407c-4347-8f49-182e22f5dc73%26adnxs_uid%3D%24UID HTTP 302
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fca.png%253Fpid%253D11327%2526ref%253D%2526hn_ver%253D5%2526fid%253Dde275265-407c-4347-8f49-182e22f5dc73%2526adnxs_uid%253D%2524UID HTTP 302
  • https://s.cpx.to/ca.png?pid=11327&ref=&hn_ver=5&fid=de275265-407c-4347-8f49-182e22f5dc73&adnxs_uid=5160562550509235139
Request Chain 139
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&pid=11327&ref=&hn_ver=5&fid=de275265-407c-4347-8f49-182e22f5dc73 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&pid=11327&ref=&hn_ver=5&fid=de275265-407c-4347-8f49-182e22f5dc73&google_tc= HTTP 302
  • https://s.cpx.to/ca.png?pid=11327&ref=&hn_ver=5&fid=de275265-407c-4347-8f49-182e22f5dc73&google_gid=CAESEFLNWCfLu53iUf8I2bWVyjA&google_cver=1
Request Chain 148
  • http://ib.adnxs.com/getuid?http%3A%2F%2Fphiladelphia_cbslocal.us.intellitxt.com%2Fcsync%2F0%2Fappnexus%2F%24UID HTTP 302
  • http://philadelphia_cbslocal.us.intellitxt.com/csync/0/appnexus/5160562550509235139
Request Chain 149
  • http://ssum.casalemedia.com/usermatchredir?s=184543&cb=http%3A%2F%2Fphiladelphia_cbslocal.us.intellitxt.com%2Fcsync%2F0%2Findex%2F__UID__ HTTP 302
  • http://ssum.casalemedia.com/usermatchredir?s=184543&cb=http%3A%2F%2Fphiladelphia_cbslocal.us.intellitxt.com%2Fcsync%2F0%2Findex%2F__UID__&C=1
Request Chain 155
  • http://staticxx.facebook.com/connect/xd_arbiter/r/5oivrH7Newv.js?version=42 HTTP 307
  • https://staticxx.facebook.com/connect/xd_arbiter/r/5oivrH7Newv.js?version=42
Request Chain 163
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]&mm_bnc&mm_bct HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=b40e59c1-2c57-4900-8d2a-3127b054b143
Request Chain 165
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=cd8a9580-44cd-4702-a0ad-0783408161d5
Request Chain 166
  • https://bh.contextweb.com/bh/rtset?do=add&pid=561191&ev=77c5a8b0-9d48-11e7-bc0f-025d685f3aca&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=uNZi2FmPsIQn
Request Chain 167
  • https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=sonobi HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=12688&_psign=d3e6987fb7f3833d4f283fc40823ac50&bidswitch_ssp_id=sonobi&_redirect=http%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D126%26user_id%3D%24%7BUUID%7D%26expires%3D14%26ssp%3D%24%7BSSP%7D HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=12688&_psign=d3e6987fb7f3833d4f283fc40823ac50&bidswitch_ssp_id=sonobi&_redirect=http%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D126%26user_id%3D%24%7BUUID%7D%26expires%3D14%26ssp%3D%24%7BSSP%7D&_expected_cookie=186b5838209665b40a7ff824b8632f73 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=126&user_id=186b5838209665b40a7ff824b8632f73&expires=14&ssp=sonobi
Request Chain 168
  • https://us-u.openx.net/w/1.0/cm?id=1be30a61-c15d-465d-b6e5-82da40df8212&r=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dopenx%26nuid%3D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&id=1be30a61-c15d-465d-b6e5-82da40df8212&r=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dopenx%26nuid%3D HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=openx&nuid=fceb615a-84be-4039-ac8f-adcb7c3f5d2f
Request Chain 171
  • http://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
  • http://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
  • http://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=cd8a9580-44cd-4702-a0ad-0783408161d5 HTTP 302
  • http://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=cd8a9580-44cd-4702-a0ad-0783408161d5&tbid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
Request Chain 172
  • https://i.liadm.com/s/32441?bidder_id=88068&bidder_uuid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6 HTTP 303
  • https://i.liadm.com/s/32441?bidder_id=88068&bidder_uuid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6&_li_chk=true&previous_uuid=df6528fe3d0d4e889c812f7006fd2b79
Request Chain 173
  • http://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
  • http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEDec3OHuaZXne95wQfcs860&google_cver=1
Request Chain 174
  • http://idsync.rlcdn.com/382399.gif?partner_uid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6 HTTP 302
  • http://idsync.rlcdn.com/382399.gif?partner_uid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6&redirect=1 HTTP 302
  • http://e.nexac.com/e/liveramp_sync.xgi?na_exid=619c9b69e2fd4331e4c2644c7bba87fef38e0328dce43c3177a29793a2398c823b87cd2c0007efc4 HTTP 302
  • http://x.dlx.addthis.com/e/liveramp_sync.xgi?na_exid=619c9b69e2fd4331e4c2644c7bba87fef38e0328dce43c3177a29793a2398c823b87cd2c0007efc4
Request Chain 175
  • http://ib.adnxs.com/getuid?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID HTTP 302
  • https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=5160562550509235139 HTTP 302
  • https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=5160562550509235139&tbid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
Request Chain 176
  • http://pixel.tapad.com/idsync/ex/receive?partner_id=2227&partner_device_id=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6 HTTP 302
  • http://pixel.tapad.com/idsync/ex/receive/check?partner_id=2227&partner_device_id=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6 HTTP 302
  • http://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=%252C HTTP 302
  • http://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=%252C HTTP 302
  • http://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=cd8a9580-44cd-4702-a0ad-0783408161d5&ttd_puid=%2C
Request Chain 178
  • http://tags.bluekai.com/site/35702?id=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6&redir=%2F%2Ftrc.taboola.com%2Fsg%2Fbluekai%2F1%2Fcm%3Ftaboola_hm%3D%24_BK_UUID HTTP 302
  • http://tags.bluekai.com/site/35702?dt=0&r=577013989&sig=2128339607&bkca=KJy+iLWvy09xHndslMjDlHGX8aJYGwuzLfigqSDJQMcdlp6DjGRly8x6JE4bvt1s0TA9sxtx1hq/GFRF4d1MW4uEm6Uu0PNSE3PB0i0il7MGAVg5TLONkIPTu2Ot8ZXLxkg1rfnndhDIDZjk1B04RP64Xydmcu5k HTTP 302
  • http://trc.taboola.com/sg/bluekai/1/cm?taboola_hm=rUkIHQ99999CoXaj
Request Chain 180
  • http://aa.agkn.com/adscores/g.pixel?sid=9212237748&puid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6 HTTP 302
  • http://d.agkn.com/pixel/8463/?che=1505832023&sk=164450102453000305531&puid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6&l0=http://trc.taboola.com/sg/neustar/1/cm?taboola_hm=164450102453000305531 HTTP 302
  • http://trc.taboola.com/sg/neustar/1/cm?taboola_hm=164450102453000305531
Request Chain 196
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=b40e59c1-2c57-4900-8d2a-3127b054b143
Request Chain 197
  • https://us-u.openx.net/w/1.0/cm?id=1be30a61-c15d-465d-b6e5-82da40df8212&r=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dopenx%26nuid%3D HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=openx&nuid=fceb615a-84be-4039-ac8f-adcb7c3f5d2f
Request Chain 198
  • https://sync.rhythmxchange.com/usersync2/sonobi HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT
Request Chain 272
  • https://ad.doubleclick.net/ddm/ad/N7196.1139838.CBSPHILLY.COM/B10891752.145450728;sz=1x1;ord=816895268;dc_lat=;dc_rdid=;tag_for_child_directed_treatment= HTTP 302
  • https://ad.doubleclick.net/ddm/ad/N7196.1139838.CBSPHILLY.COM/B10891752.145450728;dc_pre=CNCWmre9sdYCFYQSGwodJNkFYw;sz=1x1;ord=816895268;dc_lat=;dc_rdid=;tag_for_child_directed_treatment= HTTP 302
  • https://s1.2mdn.net/viewad/3409133/1x1image.jpg
Request Chain 273
  • https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstKcn1F4w4Yt7dAR9fPifRcXWhJIKdrUv-DF-PQqp-zxYuIISJxqL2g_BuA7Ef4bv7XABYw5NlpAgrmWpq53RIAhYwjbM3QY-tFMLNXLZuKJHEcQHzI3NS2CL5jkcHm87fjS1gY6uY9kqmknXETc-x1oCEHidsJ4fvev0Z7Xuoc93CTUY3RjCcsa3Dj-vuDCxHZPAR7uZ4fK7jkQZjT93FcKwMl26E1G6Xxzdfch9DKoLeyeytjosP18KPl9DrKDD6OvyFmqJ8y94qR&sig=Cg0ArKJSzLditYhmSZ92EAE&urlfix=1&adurl=https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKCrgLdZEAEYATII_x-mCKxcFhQ HTTP 302
  • https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKCrgLdZEAEYATII_x-mCKxcFhQ
Request Chain 288
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fca.png%3Fpid%3D11847%26ref%3D%26hn_ver%3D5%26fid%3D1ad47ad0-dea2-46d9-9ed3-7c04e0796649%26adnxs_uid%3D%24UID HTTP 302
  • https://s.cpx.to/ca.png?pid=11847&ref=&hn_ver=5&fid=1ad47ad0-dea2-46d9-9ed3-7c04e0796649&adnxs_uid=5160562550509235139
Request Chain 289
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&pid=11847&ref=&hn_ver=5&fid=1ad47ad0-dea2-46d9-9ed3-7c04e0796649 HTTP 302
  • https://s.cpx.to/ca.png?pid=11847&ref=&hn_ver=5&fid=1ad47ad0-dea2-46d9-9ed3-7c04e0796649&google_gid=CAESEFLNWCfLu53iUf8I2bWVyjA&google_cver=1
Request Chain 290
  • http://sync.teads.tv/iframe?pid=33484&userId=6eab444a-9673-463a-8810-f0e262ae58e1&1505832024483 HTTP 302
  • http://sync.teads.tv/iframe/redirect
Request Chain 383
  • https://ib.adnxs.com/getuidnb?https://loadm.exelator.com/load/?p=204&g=014&bi=$UID&j=0 HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=014&bi=5160562550509235139&j=0 HTTP 302
  • https://load.s3.amazonaws.com/pixel.gif

360 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/ 		105 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
192.0.79.33 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
bd903d5296d114c5ab5ae885efc6894d071762e526a88033cddf211b7134cc71

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

X-Pingback
http://philadelphia.cbslocal.com/xmlrpc.php
X-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Date
Tue, 19 Sep 2017 14:40:21 GMT
Content-Encoding
gzip
Last-Modified
Tue, 19 Sep 2017 14:37:48 GMT
Server
nginx
Vary
Accept-Encoding, Cookie
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
X-nc
HIT dfw 159
Cache-Control
max-age=300, must-revalidate
Transfer-Encoding
chunked
X-nananana
Batcache
X-ac
4.fra _dfw
Link
<http://wp.me/p11qnw-3SvM>; rel=shortlink
remote-login.php
r-login.wordpress.com/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://r-login.wordpress.com/remote-login.php?action=js&host=philadelphia.cbslocal.com&id=15116066&t=1505831868&back=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.78.19 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

status
200
date
Tue, 19 Sep 2017 14:40:21 GMT
server
nginx
content-length
0
vary
Cookie
content-type
text/javascript
morpheus.cbslocal.3566.js
mtrx.go.sonobi.com/ 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mtrx.go.sonobi.com/morpheus.cbslocal.3566.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.113.198 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
51fe1cce811705c84c2ef697bed69b048e97450789bd9bf9e53d1270e6747750

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:21 GMT
Content-Encoding
gzip
Age
48
X-Cache
HIT
x-amz-meta-surrogate-key
7f621a278b
Last-Modified
Mon, 19 Jun 2017 15:49:04 GMT
Connection
keep-alive
x-amz-request-id
D3EFD258BCC69E29
x-amz-id-2
bhpWYUW1zLje2S/agdF3niwZDGEy4zgJf95nzHPzqhBsX1mGcL20Q45C27ZFbvXK+2TcnSBfeEo=
X-Served-By
cache-hhn1549-HHN
Accept-Ranges
bytes
x-amz-meta-configid
1190
Server
AmazonS3
X-Timer
S1505832021.475489,VS0,VE1
x-amz-meta-versionnumber
3.11.1
ETag
"9ae4364105cda16f45918323b8c8fd7e"
Vary
Accept-Encoding
x-amz-version-id
HnHepiyyXdyQU976EkhqaR1Swkud.LJc
Via
1.1 varnish
Cache-Control
max-age=3600
x-amz-meta-buildnumber
1227
Content-Length
14373
Content-Type
application/javascript
X-Cache-Hits
1
/
s1.wp.com/_static/ 		143 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s1.wp.com/_static/??-eJy1kk1OAzEMhS9EaoqKgAXiLJ7ETDPj/BA7HfX2pEMrqNikSKyiZ/t9eXICSzY2RaWooHsKJHDwGewghpNFhsx19FEgJFe5dSVZj2wCOY9gRWDxbiQ153ouKST1KW5a7w5upaOTFdrOPsAkMH1UKkd4J2wThf241yuxCf6PadYhEzDiSGXNdVUxjmTWlPvgPlquzXHm1DBE9GzYx/l/0hE3FfX3IkM1Fxb7uZEm0ox2NqvqC3O6LmPRSEWgJEXFgcl8fYZ+RHMN5EwRucn6/eppYWOxpCrEJ7G5iD6Q6JGpP+7Plb6F1+3j/e5p+7x7eJk+ASa9O5A=?cssminify=yes
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
78dc634e82386865c401dc0e10134edf08c8a9f5092743ad2e9fa9a40c0ed402

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
last-modified
Wed, 06 Sep 2017 17:35:45 GMT
server
nginx
etag
W/"59b031f1-23dd2"
vary
Accept-Encoding
content-type
text/css;charset=utf-8
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Thu, 06 Sep 2018 17:36:00 GMT
cbslocal_custom_global.css
wayne.cbslocal.com/cbs-local-custom-css/global/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://wayne.cbslocal.com/cbs-local-custom-css/global/cbslocal_custom_global.css?ver=1.0.0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.216.32.106 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-website-us-east-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
8effcb8fa6d9ead4cf7d6b9565716b6a5ba807af7fed8780d8ff0a4deed26b97

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Last-Modified
Fri, 25 Aug 2017 19:00:53 GMT
Server
AmazonS3
x-amz-request-id
5FA5DCA96379E78B
ETag
"c544395d012cd8ea51009fa405239892"
Content-Type
text/css
x-amz-version-id
85kMfFf7.JiLP8tC1yNEPvgnGxR3CjLG
x-amz-meta-version-id
gmR9tf.saE_c2aJlh0bcKHs3MDumx3ia
Content-Length
5039
x-amz-id-2
0J1YMU3TJ5F11lA/MjcOtetdtOLSSuOZ/J6JAc3ALtFUsvko5m78DRTu0S9/Io0B52cVAdaLCQw=
/
s0.wp.com/_static/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??-eJyFkOEKwjAMhF/IGIdM8Yf4LF0btmrTlaV1Pr6ZZSAI8084rvnuSnBOYMeYKWbMAzEJPn1C2wmE0ZqAPtpQnNpWBM2UvQ20V73Df2QKpfdRkEdXgr4KKw6zdz3lT9q38RPJBdYAO06kPieTlw0m5w0FbYybWA2uH68aMr02EU6ntWiRg7EP2axIug1dlyYSAZ3sC0O9xsLd+Nq0h7Zpj5fz8f4GB0SHwA==?cssminify=yes
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
d525aa743ce7f3b30d0c7fffa0951e9a7cabbe5262a329d6527a83ccfaa7ddbe

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
last-modified
Mon, 11 Sep 2017 18:19:39 GMT
server
nginx
etag
W/"59b6d3bb-2ac5"
vary
Accept-Encoding
content-type
text/css;charset=utf-8
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Tue, 11 Sep 2018 18:19:42 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=4.3.0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
198.232.125.123 Los Angeles, United States, ASN54104 (AS-NETDNA - netDNA, US),
Reverse DNS
123-125-232-198.static.unitasglobal.net
Software
NetDNA-cache/2.2 /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:21 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Jan 2015 19:53:38 GMT
Server
NetDNA-cache/2.2
Connection
keep-alive
ETag
W/"04425bbdc6243fc6e54bf8984fe50330"
Vary
Accept-Encoding
X-Cache
HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=31104000
Transfer-Encoding
chunked
X-Hello-Human
Say hello back! @getBootstrapCDN on Twitter
Expires
Fri, 14 Sep 2018 14:40:21 GMT
css
fonts.googleapis.com/ 		874 B
329 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900&ver=4.8.2-alpha-41336
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:816::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
ESF /
Resource Hash
c5c6ab925099b4e9fc70617dd3b48d2a5de19604db5e5de3cbb37dae9292de4d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
x-xss-protection
1; mode=block
expires
Tue, 19 Sep 2017 14:40:21 GMT
/
s1.wp.com/_static/ 		42 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s1.wp.com/_static/??-eJytkdFOwzAMRX+IYKaOBx7QvsXNvGDqxFXirvD3hFRlTJOmPuztWL73Sr6GeXRek1EysA+KVODMI/i+OFGPAqNMgVOBqMdJ6nbmYyAr4MsfP1d+gn9BcXKrbZWf0FOvOjjhocIXFPsW2uKsbBgyxgttsRX1jOK4Sq6HxcyQ1JblCvdSA2nrw1jT1eBOgpzvWTP1oqFiaJ1dxhvTpv6byEVMGCi3xIh5+L140XsVzbe3PCRbz5TnzNb+dojvu9eX/e5t33Xd5w9BpNyb?cssminify=yes
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
61a51731a561aecb5c8c2f0823b6ef2b4d7ca85837be27f0d1b9ec628495f641

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
last-modified
Thu, 31 Aug 2017 15:45:41 GMT
server
nginx
etag
W/"59a82f25-a948"
vary
Accept-Encoding
content-type
text/css;charset=utf-8
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Wed, 05 Sep 2018 20:02:58 GMT
cbslocal_custom_global.css
wayne.cbslocal.com/cbs-local-custom-css/global/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://wayne.cbslocal.com/cbs-local-custom-css/global/cbslocal_custom_global.css?ver=1.0.1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.216.32.106 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-website-us-east-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
8effcb8fa6d9ead4cf7d6b9565716b6a5ba807af7fed8780d8ff0a4deed26b97

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Last-Modified
Fri, 25 Aug 2017 19:00:53 GMT
Server
AmazonS3
x-amz-request-id
DECAD9C752623D2E
ETag
"c544395d012cd8ea51009fa405239892"
Content-Type
text/css
x-amz-version-id
85kMfFf7.JiLP8tC1yNEPvgnGxR3CjLG
x-amz-meta-version-id
gmR9tf.saE_c2aJlh0bcKHs3MDumx3ia
Content-Length
5039
x-amz-id-2
Eu7aIbH2yrgy0BnN63EM/zAWo9xO93TcqAuXcvbhiC6FNAruE90jmLSq0VNMzJty3/zYjx+BT+c=
global.css
s1.wp.com/wp-content/themes/h4/ 		323 B
228 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s1.wp.com/wp-content/themes/h4/global.css?m=1420737423h&cssminify=yes
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
47109b8930a0453870e5f0d19fa81b9c7e9d174c9c606bbf61f05ed4645af1c9

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
server
nginx
etag
W/"57391271-1d7"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Fri, 22 Jun 2018 02:26:36 GMT
/
s0.wp.com/_static/ 		194 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??-eJy1kdEOwiAMRX9Ixjajb8ZvQdYxsBQcMLO/ly0anQ9mezAhaUrvuaWF3z3TJDE1ELjJ55agH5+hMGHHfwmY1aoXEQqr6SWWjiJQ5LEDm5FBey4vgaGTAvmnU5tIRu0obCa9w7HViJtBs4rwmJSmwK1rEuaqaGY4BzbUqxzee2pBZEWPWnVxkaxe2fdrZhGzgoSCfuq0uGB50mt0/h/WgDmjOP3X2Z6qQ7k/llVVl+YBShjYvw==
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
820843548d5c894cbd65134da0144f9fe0b1795e596a915535d5ac537fef17d9

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
last-modified
Thu, 24 Aug 2017 19:38:14 GMT
server
nginx
etag
W/"599f2b26-30679"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Fri, 24 Aug 2018 19:38:55 GMT
satelliteLib-62c5c4d67cd6b55dd225771b27563dbd602fde8f.js
assets.adobedtm.com/21d6c746401821d9ceb8fd43cc9c7649a92762c2/ 		113 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://assets.adobedtm.com/21d6c746401821d9ceb8fd43cc9c7649a92762c2/satelliteLib-62c5c4d67cd6b55dd225771b27563dbd602fde8f.js?ver=1.0.0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
23.53.173.136 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-173-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5294904674d025ab60f5d8aa71ec5243fc11e0f32bd5caaf7087392e5f1ddf8b

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:21 GMT
Content-Encoding
gzip
Last-Modified
Wed, 07 Jun 2017 21:52:00 GMT
Server
Apache
ETag
"82e23d69793c74a3d12681576ead1b02:1496872320"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *, *, *
Content-Length
35580
/
s1.wp.com/_static/ 		51 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.wp.com/_static/??-eJyFzN0KQEAQBeAXshYRN/IsbEMz7I+dRTw9yo1Srk6d83Xk5oSyJoAJklhq2+EEYmHw7XB1Ak1vY+JIvp2zHDQwX+hjpXkBvz8Ro1kRtl9GEFyrRuGB8bhfG12neVVmVVrkCZ0sAz5U
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
05d403761ddc938a66dc16d50ea6036159cc2b42f969e36575324502e13df5f4

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
last-modified
Thu, 16 Feb 2017 21:47:59 GMT
server
nginx
etag
W/"58a61e0f-ca2d"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Fri, 22 Jun 2018 02:19:13 GMT
addthis_widget.js
s7.addthis.com/js/300/ 		348 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://s7.addthis.com/js/300/addthis_widget.js?ver=1.0.0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
104.16.16.35 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software
cloudflare-nginx /
Resource Hash
8dd0bdc749c5cfd480d2b199c88a4b98acaac36cfcc0f7fda8aa0ef56143162b

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:21 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Transfer-Encoding
chunked
X-Distribution
99
X-Host
s7.addthis.com
Connection
keep-alive
CF-RAY
3a0d4cb61059270e-FRA
Surrogate-Key
client_dist
Last-Modified
Fri, 08 Sep 2017 16:09:13 GMT
Server
cloudflare-nginx
ETag
"56e2d-558afcc42bc40"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
public, no-check, max-age=600
Timing-Allow-Origin
*
/
s0.wp.com/_static/ 		54 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??-eJyNjtsKwjAQRH/IZBEbpA/it+Sy2JRcajZp6N+bQoS+iIV5GTjDGagLs0G7YpBgbnkXTBsUCzom5N4GPtMFflLVmhfm/1yWio6UjiFjyJAn9I1d7QJaEXNRS7cvG6/QsETEuuLM8OiWZkKyK5419q+xOqZlioXQ7YV/S3//9I/rMAoh7rdxmD8D1XU5
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
7072d09f85a1a561d54e1dd85f19f20a1f85e27d05959421fcf7a75cacba03d0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
last-modified
Tue, 23 May 2017 17:40:16 GMT
server
nginx
etag
W/"59247400-d8c2"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Thu, 19 Jul 2018 20:08:48 GMT
plusone.js
apis.google.com/js/
Redirect Chain
  • http://apis.google.com/js/plusone.js?ver=1.0.0
  • https://apis.google.com/js/plusone.js?ver=1.0.0
45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/plusone.js?ver=1.0.0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
ESF /
Resource Hash
f8c3176c8ad6e0c0367ab7236b4e086b7e4b7e97ea34c9e5ede87fac353e2212
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See https://support.google.com/accounts/answer/151657?hl=en for more info."
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge, chrome=1
server
ESF
x-frame-options
SAMEORIGIN
etag
"81599efc6916feaa840a57d20e75c604"
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin
*
expires
Tue, 19 Sep 2017 14:40:21 GMT

Redirect headers

Location
https://apis.google.com/js/plusone.js?ver=1.0.0
Non-Authoritative-Reason
HSTS
/
s1.wp.com/_static/ 		67 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.wp.com/_static/??-eJydjksOwjAMBS9EmnZREAvEWdLULY6cD3EC5fYYARIrVFAWlu154+hrUjaGAqHocgIPrC+YtB1YUbSGtGPtzhXy7VUaG6n6gNNNdU0rz2NoHG/0z6LBqBS5CMlmhv89E8HChCPktfmZ4mBoFZ2ozhhY+zhWkm1lyCrDjFyyKRjDw/fZr7JisFRHGUvY5IKW4Evu/Qc2E8jtFHMRzHvBngZnFokf/aHr27bfdft+6+7RN7Aa
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
4cfa24182cd229513995eefdbaaa46f4c478bb0cd3580cd8d873bc6865c81658

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
last-modified
Thu, 20 Jul 2017 20:57:05 GMT
server
nginx
etag
W/"59711921-10dc8"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Fri, 20 Jul 2018 20:58:29 GMT
tags
services.babator.com/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/tags?apiKey=b7508330-5368-11e6-b9b6-b5368b08d969&ver=1.0.0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
06acc89ca7a0d8928e01f62ba3e213e2bdc362c327d5b65298d41e2fa7f6c5c2

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
public, max-age=60
Date
Tue, 19 Sep 2017 14:40:22 GMT
ETag
BABATAGSREQ1COOLES
Last-Modified
Tue, 19 Sep 2017 14:40:22 GMT
Server
nginx/1.10.1
X-Powered-By
Express
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=60
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
2204
Expires
Tue, 19 Sep 2017 14:41:22 GMT
tag.js
native.sharethrough.com/assets/ 		368 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://native.sharethrough.com/assets/tag.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.84.26.47 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-84-26-47.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7c5ae1bd431e3b6cbde770cd04334ff3c4634013ca25d7cdd71283b1e8fb8b4f

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Mon, 18 Sep 2017 19:52:00 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 Sep 2017 19:51:57 GMT
Server
AmazonS3
Age
2902
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 7fa7088cca668218fbd8b325f55fba9b.cloudfront.net (CloudFront)
Cache-Control
public, max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
VJDirsKrbE4j-hYtHlCf1LWhl5WIzZAaDkEZBRVfjSdW87zINBYXNw==
Expires
Mon, 18 Sep 2017 20:51:55 GMT
/
s0.wp.com/ 		41 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/?custom-css=1&csblog=11qnw&cscache=6&csrev=351
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
b95ee45fab47b3dcb266a49bc85245cade5275f56b7d944ff36f7af7944e6bfa

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
server
nginx
status
200
vary
Accept-Encoding
content-type
text/css;charset=utf-8
x-nc
HIT fra 32
x-ac
4.fra _dfw
expires
Wed, 29 Aug 2018 19:32:16 GMT
cbs_philly1.png
cbsphilly.files.wordpress.com/2016/04/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2016/04/cbs_philly1.png
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
d99a3261f439fde3e1464f5591003554afe8ffa6590989f47da896019e55097e

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:21 GMT
last-modified
Wed, 20 Apr 2016 18:54:47 GMT
server
nginx
x-orig-src
01_mogdir
content-type
image/png
status
200
accept-ranges
bytes
content-length
7897
expires
Thu, 19 Oct 2017 06:22:43 GMT
blank_1x1.gif
s0.wp.com/wp-content/themes/vip/cbs-local/images/global/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.wp.com/wp-content/themes/vip/cbs-local/images/global/blank_1x1.gif
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
1bc3050ed2fe13c304aa685037fdaf4e1c65baa779ab8b4de62e2db956357279

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
x-ac
4.fra _dfw
last-modified
Mon, 16 May 2016 00:23:08 GMT
server
nginx
etag
"573912ec-449"
content-type
image/gif
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1097
expires
Fri, 22 Jun 2018 02:19:13 GMT
anvload.js
w3.cdn.anvato.net/player/prod/v3/scripts/ 		49 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://w3.cdn.anvato.net/player/prod/v3/scripts/anvload.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
205.185.208.126 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip126.ssl.hwcdn.net
Software
/
Resource Hash
527bef1acdaa37b82242bd83c72c79631426be2ee795ed33d7391bee7087df35

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:21 GMT
Last-Modified
Wed, 06 Sep 2017 21:38:52 GMT
ETag
1504733932
X-HW
1505832021.dop017.fr7.t,1505832021.cds012.fr7.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
49756
philly1.png
cbsphilly.files.wordpress.com/2016/04/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2016/04/philly1.png
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
391898afef2cfdb94dfdcc232f1143e0da2cf6c93b3fe41147c1b8e398ca71f6

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:21 GMT
last-modified
Wed, 20 Apr 2016 18:55:08 GMT
server
nginx
x-orig-src
01_mogdir
content-type
image/png
status
200
accept-ranges
bytes
content-length
4527
expires
Sun, 08 Oct 2017 07:36:32 GMT
cbs-local-logo-white.png
s0.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/theme-manager/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/theme-manager/images/cbs-local-logo-white.png
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
288fa7491b981b64411d2dad9310801c9cbf660c24fbc6a107976f3648cb0f26

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
x-ac
4.fra _dfw
last-modified
Sat, 31 Dec 2016 05:37:37 GMT
server
nginx
etag
"58674421-8a4"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
2212
expires
Fri, 22 Jun 2018 02:19:13 GMT
gprofiles.js
0.gravatar.com/js/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://0.gravatar.com/js/gprofiles.js?ver=201738y
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
920c9189a522af2214445b9b592232c64c6bcb262bd4bcf1e1abad27c5cbe606

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:21 GMT
Content-Encoding
gzip
Last-Modified
Thu, 17 Sep 2015 14:13:14 GMT
Server
nginx
ETag
W/"55faca7a-50aa"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800
Connection
keep-alive
Expires
Tue, 26 Sep 2017 14:40:21 GMT
wpgroho.js
s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/ 		582 B
331 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1380573781h
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
21c557180f1bd074974eb41ae4228b6aa9c41234ab1729d780bc8f05761110bb

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
server
nginx
etag
W/"57391252-2f0"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Fri, 22 Jun 2018 02:18:14 GMT
partners.css
s0.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/partners/css/ 		488 B
219 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/partners/css/partners.css?m=1483458356h&cssminify=yes
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
12f3799c970a4b11af799379bb3f3a2647b750e57f5b67c83b15979a80fa4c07

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
server
nginx
etag
W/"586be352-286"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Tue, 28 Aug 2018 19:38:57 GMT
/
s1.wp.com/_static/ 		31 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.wp.com/_static/??-eJyNj81OAzEMhF8I43Ylfi6IR0FO4lJnEyckzhbevikHhDisuFn2fOMZvFTwRY3VMHYMvInn+nkf+x3+OuUBNY130Y5JVu74MXjwmTQkbn/FduY8JZtU9K5DKp7SzbwPp7TtWEe2Sn7FN1GPJ/LsSlmBs+PwX8ouYsYNTDInUd7hFrgljN9BgZTSl4nvOwCFLAqOGmbq88mcoGzcmoRZ92c3HV7zy/HhsDw+H5+WQ7wCNL2EJA==
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
7dcf791b617dfaaa148592c51c58e7b9dcee2c98f919f8f05e478ba2a4f3d02e

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
last-modified
Mon, 14 Aug 2017 03:36:47 GMT
server
nginx
etag
W/"59911acf-7b0a"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Tue, 14 Aug 2018 03:36:55 GMT
CBSLocal_Philadelphia_cs.js
philadelphia_cbslocal.us.intellitxt.com/ast/js/CBSLocal/ 		2 KB
614 B 		Script
General
Check archive.org
Download Go to
Full URL
http://philadelphia_cbslocal.us.intellitxt.com/ast/js/CBSLocal/CBSLocal_Philadelphia_cs.js?ver=1.0.0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
31.24.80.101 , United Kingdom, ASN56464 (VIBRANT-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
4c5cfcbb493c57e4e601aa0b6e6704c45809a7d16a217b22c83a40eb96d709b9

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 May 2017 16:30:57 GMT
Server
nginx
ETag
W/"592eefc1-627"
Vary
Accept-Encoding
P3P
CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control
max-age=2419200
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
Expires
Tue, 17 Oct 2017 14:40:22 GMT
w.js
stats.wp.com/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://stats.wp.com/w.js?56
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
e7f6a232138a2992064e3f39aae317a816a4b892340be34695e42089e0e95cdc

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:21 GMT
Content-Encoding
gzip
Server
nginx
Etag
W/"5890f68b-405c"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Sun, 03 Jun 2018 01:14:56 GMT
/
dbg52463.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://dbg52463.moatads.com/?a=033f43a2ddba4ba592b52109d2ccf5ed
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.84.26.236 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-84-26-236.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 42ea0e2305991c9712b9c0ba4ef99d94.cloudfront.net (CloudFront)
Last-Modified
Mon, 22 Apr 2013 19:31:32 GMT
Server
AmazonS3
x-amz-request-id
3FFC1C3CC7D0A017
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
X-Cache
Miss from cloudfront
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
x-amz-id-2
f9MApiIfYB0LDLdB4TLQTKWzLWmROb9pgxSTuF0BkD6zKGVvUsDLrPnYALK4s9cJN7PaWsz8dTo=
X-Amz-Cf-Id
Tc_TMHk1MQjz0wOzz_DPfba_XerLlJA_md_RMBu6VBaMB-k-g5JCsQ==
/
d5i9o0tpq9sa1.cloudfront.net/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://d5i9o0tpq9sa1.cloudfront.net/?a=033f43a2ddba4ba592b52109d2ccf5ed
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.84.31.103 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-84-31-103.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 f8120b4e1c7749b93d62b7e5e7abcf45.cloudfront.net (CloudFront)
Last-Modified
Mon, 22 Apr 2013 19:31:32 GMT
Server
AmazonS3
x-amz-request-id
9486B36789E89851
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
X-Cache
Miss from cloudfront
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
x-amz-id-2
phFKb11cCRMiFf8pVR+xvdd2YSzVuin5dL6SPf/ax62vHTTdZgR0s/v2WdsdUZqz/0DWYHU3ak8=
X-Amz-Cf-Id
0rpXuonaMOvAOyUrwrhCnAPy7i8k3ILuMGHrIMaoy2lJrwUV5bffpw==
wp-emoji-release.min.js
s1.wp.com/wp-includes/js/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1496863874h&ver=4.8.2-alpha-41336
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
bcb42c4f5eb5b4c7ee08632af417513c6f6002fdf7d4b8d2dea6376f0cadd563

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:21 GMT
content-encoding
gzip
server
nginx
etag
W/"59385624-2e45"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Mon, 17 Sep 2018 20:07:53 GMT
id
dpm.demdex.net/ 		338 B
278 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=823BA0335567497F7F000101%40AdobeOrg&d_nsid=0&ts=1505832021818
Requested by
Host: assets.adobedtm.com
URL: http://assets.adobedtm.com/21d6c746401821d9ceb8fd43cc9c7649a92762c2/satelliteLib-62c5c4d67cd6b55dd225771b27563dbd602fde8f.js?ver=1.0.0
Protocol
HTTP/1.1
Server
54.72.198.94 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-72-198-94.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
0d440d86df137beef732040ac89c61e275543c6e94f436ebab6f3ac6a08b7a72

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
irl1-prod-dcs-83ef0815.edge-irl1.demdex.com 5.17.3.20170905151459 5ms
Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:21 GMT
Content-Encoding
gzip
X-TID
eODpnzAOQV4=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=UTF-8
Content-Length
278
Expires
Thu, 01 Jan 2009 00:00:00 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.RHfQe9Qa8bg.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPbhcA4qM979GGJOvQ8h5YSV2XPtg/ 		131 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.RHfQe9Qa8bg.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCPbhcA4qM979GGJOvQ8h5YSV2XPtg/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js?ver=1.0.0
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
32c1c76d0d27a0102d67e70587d03cd9eb9d627c5b92f221c43285d937b48f71
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Mon, 18 Sep 2017 17:26:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 16 Sep 2017 02:41:41 GMT
server
sffe
age
76450
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
46887
x-xss-protection
1; mode=block
expires
Tue, 18 Sep 2018 17:26:11 GMT
id
cbsdigitalmedia.d1.sc.omtrdc.net/ 		3 B
3 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://cbsdigitalmedia.d1.sc.omtrdc.net/id?d_visid_ver=2.1.0&d_fieldgroup=A&mcorgid=823BA0335567497F7F000101%40AdobeOrg&mid=90189725204722946433263558871443104714&ts=1505832021895
Requested by
Host: assets.adobedtm.com
URL: http://assets.adobedtm.com/21d6c746401821d9ceb8fd43cc9c7649a92762c2/satelliteLib-62c5c4d67cd6b55dd225771b27563dbd602fde8f.js?ver=1.0.0
Protocol
HTTP/1.1
Server
66.235.148.64 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
*.d1.sc.omtrdc.net
Software
Omniture DC /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Tue, 19 Sep 2017 14:40:21 GMT
Server
Omniture DC
xserver
www297
Vary
Origin
X-C
ms-5.5.0
P3P
CP="This is not a P3P policy"
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/x-javascript
Keep-Alive
timeout=15
Content-Length
3
ibs:dpid=411&dpuuid=WcEsVQAAAcDbdxet
dpm.demdex.net/
Redirect Chain
  • http://cm.everesttech.net/cm/dd?d_uuid=90184013968691222523261840264850251765
  • http://dpm.demdex.net/ibs:dpid=411&dpuuid=WcEsVQAAAcDbdxet
42 B
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://dpm.demdex.net/ibs:dpid=411&dpuuid=WcEsVQAAAcDbdxet
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
54.72.198.94 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-72-198-94.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

DCS
irl1-prod-dcs-401f80cb.edge-irl1.demdex.com 5.17.3.20170905151459 3ms
Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:21 GMT
X-TID
m2/Lvc/BS/M=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 2009 00:00:00 GMT

Redirect headers

Date
Tue, 19 Sep 2017 14:40:21 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
http://dpm.demdex.net/ibs:dpid=411&dpuuid=WcEsVQAAAcDbdxet
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
id
services.babator.com/users/ 		8 B
8 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/users/id
Requested by
Host: services.babator.com
URL: https://services.babator.com/tags?apiKey=b7508330-5368-11e6-b9b6-b5368b08d969&ver=1.0.0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
875befe7cefc0715a17dc737f9514dda981f79a3c9f174badcae5bd1cc2425fe

Request headers

Access-Control-Request-Method
GET
Origin
http://philadelphia.cbslocal.com
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Access-Control-Request-Headers
x-api-key

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Server
nginx/1.10.1
X-Powered-By
Express
ETag
W/"8-8ww6QOmj5lyGjHVKXelZGQ"
Allow
GET,HEAD
Access-Control-Allow-Methods
POST, PUT, DELETE
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
8
embed.js
launch.newsinc.com/207/js/
Redirect Chain
  • http://launch.newsinc.com/js/embed.js
  • http://launch.newsinc.com/207/js/embed.js
234 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://launch.newsinc.com/207/js/embed.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
23.53.174.58 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-174-58.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e53283eb9ab1693e934d59c929d477ad8cb551de8809e2c78d143a9faf8caf30

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Sep 2017 20:26:58 GMT
Server
AmazonS3
x-amz-request-id
1713A5FF8E1B5ECE
ETag
"33ac285e4c7b184571c795922a5f93ab"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*, *, *, *
Cache-Control
max-age=604800
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
x-amz-id-2
mIf7FAwJK3pPq0hlq6NuZBadi5JqqAS2gofwa/mberwH01Km3xVcTaXfcreJvIXu0ZXD0THnsZ0=
Expires
Tue, 26 Sep 2017 14:40:22 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Server
Apache/2.4.16 (Amazon) mod_wsgi/3.5 Python/2.7.10
ETag
"d41d8cd98f00b204e9800998ecf8427e"
x-ndn-redirect-proxy
VersionDistributed cache Hit from: i-0196c853b20eb3b74
Location
/207/js/embed.js
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
Expires
Tue, 19 Sep 2017 14:40:22 GMT
tfa.js
cdn.taboola.com/libtrc/cbslocal-sc/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://cdn.taboola.com/libtrc/cbslocal-sc/tfa.js
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJy1kdEOwiAMRX9Ixjajb8ZvQdYxsBQcMLO/ly0anQ9mezAhaUrvuaWF3z3TJDE1ELjJ55agH5+hMGHHfwmY1aoXEQqr6SWWjiJQ5LEDm5FBey4vgaGTAvmnU5tIRu0obCa9w7HViJtBs4rwmJSmwK1rEuaqaGY4BzbUqxzee2pBZEWPWnVxkaxe2fdrZhGzgoSCfuq0uGB50mt0/h/WgDmjOP3X2Z6qQ7k/llVVl+YBShjYvw==
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a96fb43e00479651d742bad1719193a42852c8c58583666d41cd773379eb7bb6

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-amz-version-id
rEHLF._9ul7AfeNv.lPXohwedZyJfWyk
Content-Encoding
gzip
ETag
"5048615ee594b4b5279ff80c8c2cc456"
Age
26051
X-Cache
HIT
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
1333
x-amz-id-2
Ob7qoSfFFv351lby4EmI4JKCIY0EfJEGHzQjhnCAqCdsNJon0kXlik378NP2vaoUxFk/bgayRBk=
X-Served-By
cache-hhn1537-HHN
Last-Modified
Sun, 24 Jan 2016 09:59:13 GMT
Server
AmazonS3
X-Timer
S1505832022.110910,VS0,VE0
Date
Tue, 19 Sep 2017 14:40:22 GMT
Vary
Accept-Encoding
x-amz-request-id
6F6E2C3867FBDF6F
Via
1.1 varnish
Cache-Control
private,max-age=14401
Accept-Ranges
bytes
Content-Type
application/x-javascript
X-Cache-Hits
110491
apstag.js
c.amazon-adsystem.com/aax2/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.84.29.216 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-84-29-216.ewr50.r.cloudfront.net
Software
Server /
Resource Hash
644009ce044802780e83cd4393861847469d3a21943e4db6693d52bbe486b6ef

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Mon, 18 Sep 2017 17:09:11 GMT
Content-Encoding
gzip
Server
Server
Age
77471
ETag
ce6d13ae835b192aca6d3e9e8ab4117d
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 f348970492a18bf5c630c5acc86c1ee3.cloudfront.net (CloudFront)
Cache-Control
public, max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7275
X-Amz-Cf-Id
WTdtQep_DRgyIwW_NA5ZrW0Gl77-gZHLU9Az0AGLzsFX1i0RzA7mlQ==
gpt.js
www.googletagservices.com/tag/js/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
2b750170407fa58eb36575284c2d88754ee8c0ba862777156aca1a6b0fbeb561
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
sffe
ETag
"1505759559734937"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
private, max-age=900, stale-while-revalidate=3600
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
4004
X-XSS-Protection
1; mode=block
Expires
Tue, 19 Sep 2017 14:40:22 GMT
yieldbot.intent.js
cdn.yldbt.com/js/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://cdn.yldbt.com/js/yieldbot.intent.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.85.88.108 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-88-108.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
eb8f22ca3f9c19eee63229b27a816a162a65a1fae4e67bbd88e14f7c3924d8f5

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Mon, 14 Aug 2017 17:27:14 GMT
Content-Encoding
gzip
Last-Modified
Wed, 24 May 2017 16:11:31 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
md5:edf0aa19fbca4a26a46456974647934a
Age
337
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript; charset=utf-8
Via
1.1 5f52e505347220cd6b132b1b803e614d.cloudfront.net (CloudFront)
Cache-Control
max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
3KtqrwOwGIzw0OUjGc7T8QD6Xbqx0QObhTlX2_bOWLefgWb_WU2pMg==
msg.js
s0.wp.com/wp-content/themes/vip/cbs-local/js-modules/sp/ 		321 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/themes/vip/cbs-local/js-modules/sp/msg.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
a3d343d7aedbace7ce3d606ae5088be81a185ea8a56c06c20c582a36ae7bd32d

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:22 GMT
content-encoding
gzip
server
nginx
etag
W/"5963ad70-502c4"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Tue, 10 Jul 2018 16:38:30 GMT
mms_client.js
s0.wp.com/wp-content/themes/vip/cbs-local/js-modules/sp/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/themes/vip/cbs-local/js-modules/sp/mms_client.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
f1dff8f9a8c4d8c82441bef57e2267253e5c7a9a09ba8300499e7d6d601bd473

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:22 GMT
content-encoding
gzip
server
nginx
etag
W/"5963ad70-1671"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=31536000
x-ac
4.fra _dfw
expires
Tue, 10 Jul 2018 16:38:30 GMT
phill-bg.jpg
cbsphilly.files.wordpress.com/2011/03/
Redirect Chain
  • http://cbsphilly.files.wordpress.com/2011/03/phill-bg.jpg
  • https://cbsphilly.files.wordpress.com/2011/03/phill-bg.jpg
60 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2011/03/phill-bg.jpg
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
91806d58e630ae1e95f565eafba59c85cce0533041590c9e7df421cb86bda14a

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Thu, 03 Mar 2011 04:27:57 GMT
server
nginx
x-orig-src
01_mogdir
content-type
image/jpeg
status
200
accept-ranges
bytes
content-length
61125
expires
Tue, 26 Sep 2017 02:19:29 GMT

Redirect headers

Location
https://cbsphilly.files.wordpress.com/2011/03/phill-bg.jpg
Date
Tue, 19 Sep 2017 14:40:22 GMT
Server
nginx
Connection
keep-alive
Content-Length
178
Content-Type
text/html
market-blue-outer.png
s0.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/theme-manager/images/header-backgrounds/ 		69 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/theme-manager/images/header-backgrounds/market-blue-outer.png
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
e9a965688e07f4b22a02ddeee0d71ba6b1133e03b664c7d0ee08ec41c4f78bfd

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:22 GMT
x-ac
4.fra _dfw
last-modified
Mon, 16 May 2016 00:23:09 GMT
server
nginx
etag
"573912ed-1121b"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
70171
expires
Fri, 22 Jun 2018 02:20:33 GMT
nj47mAZe0mYUIySgfn0wpQ.ttf
fonts.gstatic.com/s/lato/v13/ 		61 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v13/nj47mAZe0mYUIySgfn0wpQ.ttf
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:816::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
24f0c478c163116ebd58dba6c4ec5f9f6ca7bf6fe2def65c5d3ebd80c6e65769
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900&ver=4.8.2-alpha-41336
Origin
http://philadelphia.cbslocal.com

Response headers

date
Mon, 04 Sep 2017 15:54:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1291536
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
33312
x-xss-protection
1; mode=block
last-modified
Thu, 09 Feb 2017 19:14:20 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 04 Sep 2018 15:54:46 GMT
magglass-black.png
s1.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/theme-manager/images/ 		245 B
254 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/theme-manager/images/magglass-black.png
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
fded9e588536fa7e8b4fef446857e87cf38824a1760e9e703140196bd3d24656

Request headers

Referer
https://s1.wp.com/_static/??-eJy1kk1OAzEMhS9EaoqKgAXiLJ7ETDPj/BA7HfX2pEMrqNikSKyiZ/t9eXICSzY2RaWooHsKJHDwGewghpNFhsx19FEgJFe5dSVZj2wCOY9gRWDxbiQ153ouKST1KW5a7w5upaOTFdrOPsAkMH1UKkd4J2wThf241yuxCf6PadYhEzDiSGXNdVUxjmTWlPvgPlquzXHm1DBE9GzYx/l/0hE3FfX3IkM1Fxb7uZEm0ox2NqvqC3O6LmPRSEWgJEXFgcl8fYZ+RHMN5EwRucn6/eppYWOxpCrEJ7G5iD6Q6JGpP+7Plb6F1+3j/e5p+7x7eJk+ASa9O5A=?cssminify=yes
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:22 GMT
x-ac
4.fra _dfw
last-modified
Sat, 31 Dec 2016 05:49:09 GMT
server
nginx
etag
"586746d5-f5"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
245
expires
Fri, 22 Jun 2018 02:19:21 GMT
v0SdcGFAl2aezM9Vq_aFTQ.ttf
fonts.gstatic.com/s/lato/v13/ 		58 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v13/v0SdcGFAl2aezM9Vq_aFTQ.ttf
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:816::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
256a19c60a8089b6468b4b981d722e5515fd4c5177477cab146c781766b3319c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900&ver=4.8.2-alpha-41336
Origin
http://philadelphia.cbslocal.com

Response headers

date
Mon, 04 Sep 2017 11:26:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1307606
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
29922
x-xss-protection
1; mode=block
last-modified
Thu, 09 Feb 2017 19:14:22 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 04 Sep 2018 11:26:56 GMT
dest5.html
fast.cbs-local.demdex.net/ Frame 825. 		0
0
action
trc.taboola.com/cbslocal-sc/log/3/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://trc.taboola.com/cbslocal-sc/log/3/action?tim=14%3A40%3A22.132&item-url=http%3A//philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/&name=page_view
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.10.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Via
1.1 varnish
Server
nginx/1.10.1
X-Timer
S1505832022.148992,VS0,VE8
X-Served-By
cache-hhn1538-HHN
X-Cache
MISS
P3P
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
X-Cache-Hits
0
DvlFBScY1r-FMtZSYIYoYw.ttf
fonts.gstatic.com/s/lato/v13/ 		57 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v13/DvlFBScY1r-FMtZSYIYoYw.ttf
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:816::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
55ca5bfda3d140e229e329d321a7467a04d475a983d6b09f4a8ec2ce18837347
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900&ver=4.8.2-alpha-41336
Origin
http://philadelphia.cbslocal.com

Response headers

date
Mon, 04 Sep 2017 17:38:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1285332
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
29433
x-xss-protection
1; mode=block
last-modified
Thu, 09 Feb 2017 19:14:24 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 04 Sep 2018 17:38:10 GMT
social-media-blue-v2.png
s1.wp.com/wp-content/themes/vip/cbs-local/images/global/sprites/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.wp.com/wp-content/themes/vip/cbs-local/images/global/sprites/social-media-blue-v2.png
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
2b500902a3650ddd33e245bf2780d29efb7e38e586441d8b64d40c2751960904

Request headers

Referer
https://s1.wp.com/_static/??-eJy1kk1OAzEMhS9EaoqKgAXiLJ7ETDPj/BA7HfX2pEMrqNikSKyiZ/t9eXICSzY2RaWooHsKJHDwGewghpNFhsx19FEgJFe5dSVZj2wCOY9gRWDxbiQ153ouKST1KW5a7w5upaOTFdrOPsAkMH1UKkd4J2wThf241yuxCf6PadYhEzDiSGXNdVUxjmTWlPvgPlquzXHm1DBE9GzYx/l/0hE3FfX3IkM1Fxb7uZEm0ox2NqvqC3O6LmPRSEWgJEXFgcl8fYZ+RHMN5EwRucn6/eppYWOxpCrEJ7G5iD6Q6JGpP+7Plb6F1+3j/e5p+7x7eJk+ASa9O5A=?cssminify=yes
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:22 GMT
x-ac
4.fra _dfw
last-modified
Wed, 06 Jul 2016 06:58:08 GMT
server
nginx
etag
"577cac00-4028"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
16424
expires
Fri, 22 Jun 2018 02:20:33 GMT
pubads_impl_150.js
securepubads.g.doubleclick.net/gpt/ 		205 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Requested by
Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
sffe /
Resource Hash
bfbd058b5c7ef220c83f818b1af7446e7b4486d722dea610ab690a3af3852c5f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Thu, 14 Sep 2017 13:37:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
435764
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
73564
x-xss-protection
1; mode=block
last-modified
Wed, 13 Sep 2017 18:01:11 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 14 Sep 2018 13:37:38 GMT
4cKlrioa77J2iqTqBgkRWg.ttf
fonts.gstatic.com/s/lato/v13/ 		53 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v13/4cKlrioa77J2iqTqBgkRWg.ttf
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/scripts/anvload.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:816::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
93ba4169030bf588865ec43c2c0f7a4e58a9ee4f49f9948ee2ad0ec2e827898a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900&ver=4.8.2-alpha-41336
Origin
http://philadelphia.cbslocal.com

Response headers

date
Mon, 04 Sep 2017 10:52:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1309647
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
28450
x-xss-protection
1; mode=block
last-modified
Thu, 09 Feb 2017 19:14:10 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 04 Sep 2018 10:52:55 GMT
anvhtml5.css
w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/ Frame 825. 		41 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/anvhtml5.css
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
205.185.208.126 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip126.ssl.hwcdn.net
Software
/
Resource Hash
d3c27a1ef52426453d93545aeb6c4a21227c858688adf4ad05ee985642786e5d

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Last-Modified
Wed, 06 Sep 2017 21:38:52 GMT
ETag
1504733932
X-HW
1505832022.dop017.fr7.t,1505832022.cds057.fr7.c
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
42199
anvplayer.min.js
w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/ Frame 825. 		1 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
205.185.208.126 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip126.ssl.hwcdn.net
Software
/
Resource Hash
5e36a6b6cb423796253de1d5c1143630b2ae309cee2b536a7dd2e4eaeda73f60

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Last-Modified
Wed, 06 Sep 2017 21:38:52 GMT
ETag
1504733932
X-HW
1505832022.dop020.fr7.t,1505832022.cds019.fr7.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
1378795
headphones-white.png
s1.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/theme-manager/images/ 		445 B
454 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/theme-manager/images/headphones-white.png
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
18fb4e0dbc857feaf9c86da0e90053f98842c5dc71c7d65f77c843be5dd7e5bb

Request headers

Referer
https://s1.wp.com/_static/??-eJy1kk1OAzEMhS9EaoqKgAXiLJ7ETDPj/BA7HfX2pEMrqNikSKyiZ/t9eXICSzY2RaWooHsKJHDwGewghpNFhsx19FEgJFe5dSVZj2wCOY9gRWDxbiQ153ouKST1KW5a7w5upaOTFdrOPsAkMH1UKkd4J2wThf241yuxCf6PadYhEzDiSGXNdVUxjmTWlPvgPlquzXHm1DBE9GzYx/l/0hE3FfX3IkM1Fxb7uZEm0ox2NqvqC3O6LmPRSEWgJEXFgcl8fYZ+RHMN5EwRucn6/eppYWOxpCrEJ7G5iD6Q6JGpP+7Plb6F1+3j/e5p+7x7eJk+ASa9O5A=?cssminify=yes
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:22 GMT
x-ac
4.fra _dfw
last-modified
Sat, 31 Dec 2016 05:49:09 GMT
server
nginx
etag
"586746d5-1bd"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
445
expires
Fri, 22 Jun 2018 02:20:35 GMT
tv-icon-web.png
s1.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/theme-manager/images/ 		670 B
679 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/theme-manager/images/tv-icon-web.png
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
b0717853725bb4db2e5cfb4ad931983c7d95f63bcf23314ed5f40792341431f4

Request headers

Referer
https://s1.wp.com/_static/??-eJy1kk1OAzEMhS9EaoqKgAXiLJ7ETDPj/BA7HfX2pEMrqNikSKyiZ/t9eXICSzY2RaWooHsKJHDwGewghpNFhsx19FEgJFe5dSVZj2wCOY9gRWDxbiQ153ouKST1KW5a7w5upaOTFdrOPsAkMH1UKkd4J2wThf241yuxCf6PadYhEzDiSGXNdVUxjmTWlPvgPlquzXHm1DBE9GzYx/l/0hE3FfX3IkM1Fxb7uZEm0ox2NqvqC3O6LmPRSEWgJEXFgcl8fYZ+RHMN5EwRucn6/eppYWOxpCrEJ7G5iD6Q6JGpP+7Plb6F1+3j/e5p+7x7eJk+ASa9O5A=?cssminify=yes
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:22 GMT
x-ac
4.fra _dfw
last-modified
Thu, 27 Apr 2017 17:07:58 GMT
server
nginx
etag
"5902256e-29e"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
670
expires
Fri, 22 Jun 2018 02:19:21 GMT
social-media-square-color.png
s0.wp.com/wp-content/themes/vip/cbs-local/images/global/sprites/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.wp.com/wp-content/themes/vip/cbs-local/images/global/sprites/social-media-square-color.png
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
0938393aec111020c6377a2199db7b1e427e2c4221ca0436f9bf60b71e121750

Request headers

Referer
https://s0.wp.com/_static/??-eJyFkOEKwjAMhF/IGIdM8Yf4LF0btmrTlaV1Pr6ZZSAI8084rvnuSnBOYMeYKWbMAzEJPn1C2wmE0ZqAPtpQnNpWBM2UvQ20V73Df2QKpfdRkEdXgr4KKw6zdz3lT9q38RPJBdYAO06kPieTlw0m5w0FbYybWA2uH68aMr02EU6ntWiRg7EP2axIug1dlyYSAZ3sC0O9xsLd+Nq0h7Zpj5fz8f4GB0SHwA==?cssminify=yes
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:22 GMT
x-ac
4.fra _dfw
last-modified
Mon, 16 May 2016 00:23:08 GMT
server
nginx
etag
"573912ec-6a63"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
27235
expires
Fri, 22 Jun 2018 02:20:33 GMT
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/fonts/ 		55 KB
55 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/fonts/fontawesome-webfont.woff2?v=4.3.0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
198.232.125.123 Los Angeles, United States, ASN54104 (AS-NETDNA - netDNA, US),
Reverse DNS
123-125-232-198.static.unitasglobal.net
Software
NetDNA-cache/2.2 /
Resource Hash
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=4.3.0
Origin
http://philadelphia.cbslocal.com

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Last-Modified
Fri, 27 Feb 2015 19:45:39 GMT
Server
NetDNA-cache/2.2
Connection
keep-alive
ETag
"97493d3f11c0a3bd5cbd959f5d19b699"
Vary
Accept-Encoding
X-Cache
HIT
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=31104000
X-Hello-Human
Say hello back! @getBootstrapCDN on Twitter
Accept-Ranges
bytes
Content-Length
56780
Expires
Fri, 14 Sep 2018 14:40:22 GMT
sdk.js
connect.facebook.net/en_US/
Redirect Chain
  • http://connect.facebook.net/en_US/sdk.js?_=1505832021793
  • https://connect.facebook.net/en_US/sdk.js?_=1505832021793
202 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?_=1505832021793
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
0f406b6a1470bec128a9ea4b474743f4f3f3cc6bbd79738aad5c6622a6dddd0d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
JpGf2jBcRr9LdOmQpIvPAQ==
status
200
content-length
63831
x-xss-protection
0
x-fb-debug
yXs8MMf5+UUN3B8WGc4MFfq4WouRCWLZfTGGJCAnq2MXJh5+12cqQitONuP17bNt52QojWNIybkv6pBuvCPRjA==
x-fb-content-md5
75672ee80155f34f59ccf0e60f9b66de
x-frame-options
DENY
date
Tue, 19 Sep 2017 14:40:22 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"1bb339714114a196950c68a470d3e10d"
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
timing-allow-origin
*
expires
Tue, 19 Sep 2017 15:00:22 GMT

Redirect headers

Location
https://connect.facebook.net/en_US/sdk.js?_=1505832021793
Non-Authoritative-Reason
HSTS
widgets.js
platform.twitter.com/ 		118 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://platform.twitter.com/widgets.js
Requested by
Host: s1.wp.com
URL: https://s1.wp.com/_static/??-eJyNj81OAzEMhF8I43Ylfi6IR0FO4lJnEyckzhbevikHhDisuFn2fOMZvFTwRY3VMHYMvInn+nkf+x3+OuUBNY130Y5JVu74MXjwmTQkbn/FduY8JZtU9K5DKp7SzbwPp7TtWEe2Sn7FN1GPJ/LsSlmBs+PwX8ouYsYNTDInUd7hFrgljN9BgZTSl4nvOwCFLAqOGmbq88mcoGzcmoRZ92c3HV7zy/HhsDw+H5+WQ7wCNL2EJA==
Protocol
HTTP/1.1
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41A8) /
Resource Hash
561bf48852c16969c1f41edbc655616e52483958db2036c72defeba4575f8904

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Sep 2017 17:07:27 GMT
Server
ECS (fcn/41A8)
Etag
"65b040915548896e37972d2e6725dcf6+gzip"
Vary
Accept-Encoding
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control
public, max-age=1800
Content-Type
application/javascript; charset=utf-8
Content-Length
34923
front.asp
philadelphia_cbslocal.us.intellitxt.com/intellitxt/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://philadelphia_cbslocal.us.intellitxt.com/intellitxt/front.asp?ipid=26708
Requested by
Host: philadelphia_cbslocal.us.intellitxt.com
URL: http://philadelphia_cbslocal.us.intellitxt.com/ast/js/CBSLocal/CBSLocal_Philadelphia_cs.js?ver=1.0.0
Protocol
HTTP/1.1
Server
31.24.80.101 , United Kingdom, ASN56464 (VIBRANT-EU, GB),
Reverse DNS
Software
nginx / Kormorant
Resource Hash
8293a8a245e1aaa1b1e52d3c7c61dcc407a2bfcabc33e62e005d578d3a32673c

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
Kormorant
Vary
Accept-Encoding, *
Content-Type
text/javascript; charset=utf-8
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Fri, 08 Jan 2016 00:00:00 GMT
local-footer-background.png
s1.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/theme-manager/images/footer-backgrounds/ 		58 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.wp.com/wp-content/themes/vip/cbs-local/plugins/modules/theme-manager/images/footer-backgrounds/local-footer-background.png
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
0240e5a7e9effb51056056ad21d9472702d35b525c89b3784bb2a03b8f3268af

Request headers

Referer
https://s1.wp.com/_static/??-eJytkdFOwzAMRX+IYKaOBx7QvsXNvGDqxFXirvD3hFRlTJOmPuztWL73Sr6GeXRek1EysA+KVODMI/i+OFGPAqNMgVOBqMdJ6nbmYyAr4MsfP1d+gn9BcXKrbZWf0FOvOjjhocIXFPsW2uKsbBgyxgttsRX1jOK4Sq6HxcyQ1JblCvdSA2nrw1jT1eBOgpzvWTP1oqFiaJ1dxhvTpv6byEVMGCi3xIh5+L140XsVzbe3PCRbz5TnzNb+dojvu9eX/e5t33Xd5w9BpNyb?cssminify=yes
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:22 GMT
x-ac
4.fra _dfw
last-modified
Sat, 31 Dec 2016 05:37:37 GMT
server
nginx
etag
"58674421-e728"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
59176
expires
Fri, 22 Jun 2018 02:20:34 GMT
px.js
p.cpx.to/p/11327/ 		994 B
994 B 		Script
General
Check archive.org
Download Go to
Full URL
http://p.cpx.to/p/11327/px.js?r=194d9
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.85.93.72 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-93-72.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
efd6a9a0b39437917cb3701d987285a12a00b17e8e7f5175547534142be6c455

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Content-Encoding
UTF-8
Last-Modified
Tue, 14 Feb 2017 14:53:26 GMT
Server
AmazonS3
ETag
"40c8b4e6a4c1c1fd65a4df2a97a435b9"
X-Cache
Miss from cloudfront
Content-Type
application/javascript
Via
1.1 f9fbbda041fd5d6cd566e39ed217c7d1.cloudfront.net (CloudFront)
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
994
X-Amz-Cf-Id
fkdztR5AcBMMTAkEscMKGFRCFcyqgEqU9wY-sp5Var9tQ2Kw_TKDbw==
kormorant-1.27.24.min.js
images.intellitxt.com/k/ 		111 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://images.intellitxt.com/k/kormorant-1.27.24.min.js
Requested by
Host: philadelphia_cbslocal.us.intellitxt.com
URL: http://philadelphia_cbslocal.us.intellitxt.com/intellitxt/front.asp?ipid=26708
Protocol
HTTP/1.1
Server
52.85.93.206 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-93-206.jfk6.r.cloudfront.net
Software
nginx /
Resource Hash
a2dc98c830c130be3596ea84a4bc4182c90f9b264fd4e88c9f0019ac346f8e44

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 11:31:58 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 Sep 2017 13:03:33 GMT
Server
nginx
Age
11304
ETag
W/"6ae3a2d3316b3c851a301e767012bc6a"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 40771aeb308f1b1a112f21c14f905436.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
1VQ2Uu8VE55-lHz-dZPOSDkVkGwhuySrQr9xBDyvy2NWV7BuCA3dkQ==
b2
b.scorecardresearch.com/
Redirect Chain
  • http://b.scorecardresearch.com/b?c1=8&c2=6000002&c3=70000&c4=&c5=&c6=&c15=&cv=1.3&cj=1&rn=20170919144022
  • http://b.scorecardresearch.com/b2?c1=8&c2=6000002&c3=70000&c4=&c5=&c6=&c15=&cv=1.3&cj=1&rn=20170919144022
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://b.scorecardresearch.com/b2?c1=8&c2=6000002&c3=70000&c4=&c5=&c6=&c15=&cv=1.3&cj=1&rn=20170919144022
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
95.100.248.105 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-100-248-105.deploy.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
http://b.scorecardresearch.com/b2?c1=8&c2=6000002&c3=70000&c4=&c5=&c6=&c15=&cv=1.3&cj=1&rn=20170919144022
Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
loader.js
cdn.taboola.com/libtrc/cbslocal-network/ 		226 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://cdn.taboola.com/libtrc/cbslocal-network/loader.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4615a4a92840551fd358ba6b5eb576def91076dd2ec62d505af7d1a166960065

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-amz-version-id
6jrI6ucvvgDisG8.qLKyXdxBU8IvOpEQ
Content-Encoding
gzip
ETag
"81f46ae0e4e53875c0f3ea8388814cf2"
Age
9161
X-Cache
HIT
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
22439
x-amz-id-2
Vka5QRCntCWdeiHc4D8fsMMgOe/CUFZXzRMNk4gDdtp9bYInQ0TIpdX6IShWHAFYPDQorc5IWRE=
X-Served-By
cache-hhn1537-HHN
Last-Modified
Tue, 19 Sep 2017 12:07:26 GMT
Server
AmazonS3
X-Timer
S1505832022.361507,VS0,VE0
Date
Tue, 19 Sep 2017 14:40:22 GMT
Vary
Accept-Encoding
x-amz-request-id
1D3BC7AAD87D8AEE
Via
1.1 varnish
Cache-Control
private,max-age=14401
Accept-Ranges
bytes
Content-Type
application/javascript; charset=utf-8
X-Cache-Hits
4
moatcontent.js
z.moatads.com/cbslocalcontent5715253139/ 		178 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbslocalcontent5715253139/moatcontent.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
78d30fedf8e1ab1b55e5c53635fde8257a32681af8e351d9a05f0b444d3e1f08

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 Jul 2017 23:19:06 GMT
Server
AmazonS3
x-amz-request-id
7BEB7CE4DD63A561
ETag
"5b389610fcfd917965c4553fc810c841"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=42705
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
58389
x-amz-id-2
UeOF5erAGPwrjOCkDEQDAc8iabO2/H1cpaRNfgRzSbPNPdyl23Fz2oYZ+qZ/fDvsSR+D8iGsM+Y=
cbslocal.js
tru.am/scripts/custom/ 		2 KB
640 B 		Script
General
Check archive.org
Download Go to
Full URL
http://tru.am/scripts/custom/cbslocal.js
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJy1kdEOwiAMRX9Ixjajb8ZvQdYxsBQcMLO/ly0anQ9mezAhaUrvuaWF3z3TJDE1ELjJ55agH5+hMGHHfwmY1aoXEQqr6SWWjiJQ5LEDm5FBey4vgaGTAvmnU5tIRu0obCa9w7HViJtBs4rwmJSmwK1rEuaqaGY4BzbUqxzee2pBZEWPWnVxkaxe2fdrZhGzgoSCfuq0uGB50mt0/h/WgDmjOP3X2Z6qQ7k/llVVl+YBShjYvw==
Protocol
HTTP/1.1
Server
2400:cb00:2048:1::6819:a322 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software
cloudflare-nginx /
Resource Hash
dd101f8ca5335a2f8a867faf2ecf94f8b8baa2d79d233bb463d7da7d32c5e605

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Last-Modified
Fri, 11 Aug 2017 22:05:41 GMT
Server
cloudflare-nginx
ETag
"b57b43d7a4e49e28b1686b876db557ff"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
public, max-age=14400
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
3a0d4cbbd6f9650b-FRA
Expires
Tue, 19 Sep 2017 18:40:22 GMT
ga.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/ga.js
  • https://www.google-analytics.com/ga.js
42 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/ga.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e85daa68372e63102834a942cdcc263a8c920f6535850cc3651964ea5e649660
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 12 Sep 2017 04:27:56 GMT
server
Golfe2
age
6121
date
Tue, 19 Sep 2017 12:58:21 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
15979
expires
Tue, 19 Sep 2017 14:58:21 GMT

Redirect headers

Location
https://www.google-analytics.com/ga.js
Non-Authoritative-Reason
HSTS
container.html
tpc.googlesyndication.com/safeframe/1-0-10/html/ 		3 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
http://tpc.googlesyndication.com/safeframe/1-0-10/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
HTTP/1.1
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
48098da7b08a94c3c3c814c6c7f1ec8caf664c16fd02771b86ea4a88469ba11e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Purpose
prefetch
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Thu, 14 Sep 2017 12:57:58 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 26 Jul 2017 14:03:10 GMT
Server
sffe
Age
438144
Vary
Accept-Encoding
Content-Type
text/html
Cache-Control
public, immutable, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1789
X-XSS-Protection
1; mode=block
Expires
Fri, 14 Sep 2018 12:57:58 GMT
3p_cookie.html
securepubads.g.doubleclick.net/static/ 		223 B
185 B 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/3p_cookie.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
sffe /
Resource Hash
0a42d405c353edd15594d2ee30d099097ea995e7d7c990ecf81bec9a0ad90082
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Purpose
prefetch
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:29:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 16 Aug 2017 19:15:52 GMT
server
sffe
age
629
vary
Accept-Encoding
content-type
text/html
status
200
cache-control
public, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
176
x-xss-protection
1; mode=block
expires
Tue, 19 Sep 2017 15:19:53 GMT
init
i.yldbt.com/m/f606/v1/ 		234 B
209 B 		Script
General
Check archive.org
Download Go to
Full URL
http://i.yldbt.com/m/f606/v1/init?cb=yieldbot.updateState&v=v2017-05-23%7Ce6df8ce&vi=j7rpi8pfsbd9ot9ddc&si=j7rpi8pf1j9lw7t8e3&pvi=j7rpi8pfwvybkpsk9t&pvd=1&nv&sn=reptile_1%7Creptile_2%7Creptile_50&ssz=%7C%7C&lo=http%3A//philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/&r=&sd=1600x1200&to=0&la=en-US&np=Linux%20x86_64&ua=Mozilla/5.0%20%28X11%3B%20Linux%20x86_64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20HeadlessChrome/60.0.3112.113%20Safari/537.36&cts_ns=1505832021300&cts_js=1505832022416&cts_ini=1505832022419&e
Requested by
Host: cdn.yldbt.com
URL: http://cdn.yldbt.com/js/yieldbot.intent.js
Protocol
HTTP/1.1
Server
34.231.117.225 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-231-117-225.compute-1.amazonaws.com
Software
/
Resource Hash
e9934068671c74710373a482bacab1fedb6964e88b905c3d96ed8e903eb5f208
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Frame-Options DENY

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
content-encoding
gzip
vary
accept-encoding
X-Frame-Options
DENY
transfer-encoding
chunked
Strict-Transport-Security
max-age=0
Content-Type
text/javascript; charset=utf-8
cache-control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
X-Requested-With, Content-Type
g.gif
pixel.wp.com/ 		50 B
50 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.010051359218850031
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Cache-Control
no-cache
Server
nginx
Connection
keep-alive
Content-Length
50
Content-Type
image/gif
g.gif
pixel.wp.com/ 		50 B
50 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pixel.wp.com/g.gif?blog=15116066&v=wpcom&tz=-4&user_id=0&post=924530&subd=cbsphilly&host=philadelphia.cbslocal.com&ref=&rand=0.13735223978304978
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Cache-Control
no-cache
Server
nginx
Connection
keep-alive
Content-Length
50
Content-Type
image/gif
g.gif
pixel.wp.com/ 		50 B
50 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pixel.wp.com/g.gif?crypt=UE40eW5QN0p8M2Y%2FRE1BNmNJfGhxNCVxUDExYmtib2E%2FSzdEJm0lUEtbdFU0fFk4cHZvcUFrZT90Tn4yQm1%2BR3NyNTdocExCODFfQnlZTGxWLFVFPVlVSzZxZ0xDOG5GdkxHLHVERkY9U1RdW0YvR3lNZ0J1eTIwRTVIRDFBM3BbMFF%2BTWpXWE89dXNHS1RmUThmV3RXSTI9c24xNE1KeXNncE5SQVZJOCY%2FbE5OK1dQMCZdbUtEek9qUEROK3pfNHpfRiU4N0trYlFjaEhhN0Z4LTYtWnRhTnVJLWpVeC4zS01pc3pXWWFNLC10US9JVGkwWXxVRnB5SHlBanR1ak4%3D&v=wpcom-no-pv&rand=0.15253317457578586
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Cache-Control
no-cache
Server
nginx
Connection
keep-alive
Content-Length
50
Content-Type
image/gif
quant.js
edge.quantserve.com/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://edge.quantserve.com/quant.js
Requested by
Host: launch.newsinc.com
URL: http://launch.newsinc.com/207/js/embed.js
Protocol
HTTP/1.1
Server
95.100.248.112 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-100-248-112.deploy.akamaitechnologies.com
Software
Apache /
Resource Hash
0356044214bfbedb4744e88e7b07a853ac4fa09bb7381832e48886d6d4b7096e

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Last-Modified
Thu, 25 May 2017 20:26:55 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5458
Expires
Wed, 20 Sep 2017 14:40:22 GMT
callback=_nw2e.closures.c0
ad.crwdcntrl.net/5/c=1859/pe=y/ 		82 B
82 B 		Script
General
Check archive.org
Download Go to
Full URL
http://ad.crwdcntrl.net/5/c=1859/pe=y/callback=_nw2e.closures.c0
Requested by
Host: launch.newsinc.com
URL: http://launch.newsinc.com/207/js/embed.js
Protocol
HTTP/1.1
Server
52.19.73.66 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-19-73-66.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
0e337924ccb0b6bac0e260911b45e3a508668eaa237cebf67f5a32cba6224f3b

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
P3P
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Cache-Control
no-cache
X-Server
172.25.11.231
Connection
keep-alive
Content-Type
application/javascript;charset=UTF-8
Content-Length
82
Expires
0
impl.273-79-RELEASE.js
cdn.taboola.com/libtrc/ 		355 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://cdn.taboola.com/libtrc/impl.273-79-RELEASE.js
Requested by
Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/cbslocal-network/loader.js
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3eb62448c9c839b400104bc5dbc13ed178b99b61cc4c34ad2fe7caa3b811369

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-amz-version-id
.IpnavWt1bwFOr7n0tcyHz_T_OaeUk4b
Content-Encoding
gzip
ETag
"bcc4572801f4810d84e62973e38c8d12"
Age
12475
X-Cache
HIT
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
100756
x-amz-id-2
JVbrcisaDXmEwLg/+zcC2YisBFVQjsOlNU8l26mrqIfmHZIIwpOJXMxP3RIWohhpO0LS7KJhevE=
X-Served-By
cache-hhn1537-HHN
Last-Modified
Tue, 19 Sep 2017 11:12:01 GMT
Server
AmazonS3
X-Timer
S1505832023.543090,VS0,VE0
Date
Tue, 19 Sep 2017 14:40:22 GMT
Vary
Accept-Encoding
x-amz-request-id
C4B1E6F3B861CDBD
Via
1.1 varnish
Cache-Control
private,max-age=31536000
Accept-Ranges
bytes
Content-Type
application/javascript; charset=utf-8
X-Cache-Hits
284840
beacon.js
b.scorecardresearch.com/ 		1 KB
901 B 		Script
General
Check archive.org
Download Go to
Full URL
http://b.scorecardresearch.com/beacon.js
Requested by
Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/cbslocal-network/loader.js
Protocol
HTTP/1.1
Server
95.100.248.105 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-100-248-105.deploy.akamaitechnologies.com
Software
/
Resource Hash
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=1209600
Connection
keep-alive
Content-Length
901
Expires
Tue, 03 Oct 2017 14:40:22 GMT
ta-pagesocial-sdk.js
tru.am/scripts/ 		28 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://tru.am/scripts/ta-pagesocial-sdk.js
Requested by
Host: tru.am
URL: http://tru.am/scripts/custom/cbslocal.js
Protocol
HTTP/1.1
Server
2400:cb00:2048:1::6819:a322 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software
cloudflare-nginx /
Resource Hash
85a45358aad2071d1964c65da9afd84c51828674480e6b27033a7bdae7ed89d6

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Last-Modified
Thu, 08 Dec 2016 21:05:21 GMT
Server
cloudflare-nginx
ETag
"74a258227367266cc4a6a1ca5d750889"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
public, max-age=14400
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
3a0d4cbcf79f650b-FRA
Expires
Tue, 19 Sep 2017 18:40:22 GMT
id
services.babator.com/users/ 		133 B
113 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/users/id
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
497cab21efb9858138031b7be7b5e459580f11e307e1b865ee58aaf80c59ac6b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
x-api-key
b7508330-5368-11e6-b9b6-b5368b08d969

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
Express
Connection
keep-alive
Content-Length
113
Pragma
public, max-age=31104000
Last-Modified
Tue, 19 Sep 2017 14:40:22 GMT
Server
nginx/1.10.1
Access-Control-Allow-Methods
GET
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31104000
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Expires
Fri, 14 Sep 2018 14:40:22 GMT
__utm.gif
www.google-analytics.com/r/
Redirect Chain
  • http://www.google-analytics.com/r/__utm.gif?utmwv=5.6.9&utms=1&utmn=1968628252&utmhn=philadelphia.cbslocal.com&utme=8(User%20Type)9(Guest)11(2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-...
  • https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.9&utms=1&utmn=1968628252&utmhn=philadelphia.cbslocal.com&utme=8(User%20Type)9(Guest)11(2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24...
35 B
53 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.9&utms=1&utmn=1968628252&utmhn=philadelphia.cbslocal.com&utme=8(User%20Type)9(Guest)11(2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%20%C2%AB%20CBS%20Philly&utmhid=1755070634&utmr=-&utmp=%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&utmht=1505832022631&utmac=UA-2438645-53&utmcc=__utma%3D116927303.784117593.1505832023.1505832023.1505832023.1%3B%2B__utmz%3D116927303.1505832023.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1951616096&utmredir=1&utmu=DQAAAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Sep 2017 14:40:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.9&utms=1&utmn=1968628252&utmhn=philadelphia.cbslocal.com&utme=8(User%20Type)9(Guest)11(2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%20%C2%AB%20CBS%20Philly&utmhid=1755070634&utmr=-&utmp=%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&utmht=1505832022631&utmac=UA-2438645-53&utmcc=__utma%3D116927303.784117593.1505832023.1505832023.1505832023.1%3B%2B__utmz%3D116927303.1505832023.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1951616096&utmredir=1&utmu=DQAAAAAAAAAAAAAAAAAAAAAE~
Non-Authoritative-Reason
HSTS
__utm.gif
www.google-analytics.com/r/
Redirect Chain
  • http://www.google-analytics.com/r/__utm.gif?utmwv=5.6.9&utms=2&utmn=480251593&utmhn=philadelphia.cbslocal.com&utme=8(User%20Type)9(Guest)11(2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-b...
  • https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.9&utms=2&utmn=480251593&utmhn=philadelphia.cbslocal.com&utme=8(User%20Type)9(Guest)11(2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-...
35 B
53 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.9&utms=2&utmn=480251593&utmhn=philadelphia.cbslocal.com&utme=8(User%20Type)9(Guest)11(2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%20%C2%AB%20CBS%20Philly&utmhid=1755070634&utmr=-&utmp=%2Fcategory%2Fnews%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F%3Fcat%3Dnews%3Bcat%3Dtalkers%3B&utmht=1505832022634&utmac=UA-17434257-35&utmcc=__utma%3D116927303.784117593.1505832023.1505832023.1505832023.1%3B%2B__utmz%3D116927303.1505832023.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=14500098&utmredir=1&utmmt=1&utmu=DQCAAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Sep 2017 14:40:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://www.google-analytics.com/r/__utm.gif?utmwv=5.6.9&utms=2&utmn=480251593&utmhn=philadelphia.cbslocal.com&utme=8(User%20Type)9(Guest)11(2)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%20%C2%AB%20CBS%20Philly&utmhid=1755070634&utmr=-&utmp=%2Fcategory%2Fnews%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F%3Fcat%3Dnews%3Bcat%3Dtalkers%3B&utmht=1505832022634&utmac=UA-17434257-35&utmcc=__utma%3D116927303.784117593.1505832023.1505832023.1505832023.1%3B%2B__utmz%3D116927303.1505832023.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=14500098&utmredir=1&utmmt=1&utmu=DQCAAAAAAAAAAAAAAAAAAAAE~
Non-Authoritative-Reason
HSTS
s-code-contents-44ebe4ededb134f402edcf0561f9883187dd9126.js
assets.adobedtm.com/21d6c746401821d9ceb8fd43cc9c7649a92762c2/ 		33 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://assets.adobedtm.com/21d6c746401821d9ceb8fd43cc9c7649a92762c2/s-code-contents-44ebe4ededb134f402edcf0561f9883187dd9126.js
Requested by
Host: assets.adobedtm.com
URL: http://assets.adobedtm.com/21d6c746401821d9ceb8fd43cc9c7649a92762c2/satelliteLib-62c5c4d67cd6b55dd225771b27563dbd602fde8f.js?ver=1.0.0
Protocol
HTTP/1.1
Server
23.53.173.136 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-173-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d73c6199818383f6c0bf53264a7969017971e3cb74b779f1b86aaaf101e92ff1

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Last-Modified
Wed, 07 Jun 2017 21:52:00 GMT
Server
Apache
ETag
"3d92ead0fbcba89ed0542e148fb96412:1496872320"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *, *
Content-Length
12811
tracker-ev-sdk.js
d1marr3m5x4iac.cloudfront.net/store/plugins/ 		422 B
310 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d1marr3m5x4iac.cloudfront.net/store/plugins/tracker-ev-sdk.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.89.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-89-95.jfk6.r.cloudfront.net
Software
lighttpd /
Resource Hash
e583da929ecb865c907022be66bf7e53d0bcb4b85de0f15459fc559acbe9eb03

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Fri, 12 Aug 2016 01:34:16 GMT
Content-Encoding
gzip
X-Cache-Lookup
HIT from static01:85
Age
6205211
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
310
Access-Control-Allow-Origin
*
Last-Modified
Tue, 02 Dec 2014 17:53:18 GMT
Server
lighttpd
Vary
Accept-Encoding
Content-Type
text/javascript
Via
1.0 static01:85 (squid), 1.1 bfa784781409d5c8401392394480e61c.cloudfront.net (CloudFront)
Cache-Control
max-age=10368000
X-Amz-Cf-Id
EkS7K971ZXb5YleT_LGwJzuReYaKsnpoGOKzeR1ifaO-MmvoB3wuww==
Expires
Sat, 10 Dec 2016 01:34:16 GMT
switchboard.js
d1marr3m5x4iac.cloudfront.net/store/js/ 		941 B
455 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d1marr3m5x4iac.cloudfront.net/store/js/switchboard.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.89.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-89-95.jfk6.r.cloudfront.net
Software
lighttpd /
Resource Hash
adfa481bc55c932426f1476b8a24f39ccd6891d8e7659f9e95a898f7f4ae1e4f

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Fri, 12 Aug 2016 01:34:17 GMT
Content-Encoding
gzip
X-Cache-Lookup
HIT from static01:85
Age
8141393
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
455
Access-Control-Allow-Origin
*
Last-Modified
Mon, 12 Jan 2015 22:27:23 GMT
Server
lighttpd
Vary
Accept-Encoding
Content-Type
text/javascript
Via
1.0 static01:85 (squid), 1.1 5a57d853ab1d61f9038a75f2a12c9421.cloudfront.net (CloudFront)
Cache-Control
max-age=10368000
X-Amz-Cf-Id
vm0Hm6K428J2wjampjO-lls0f1Mu7argKYD6_ui8GdU-Q2KJrQq5NQ==
Expires
Sat, 10 Dec 2016 01:34:17 GMT
anvato_cbslocal_app_web_prod_547f3e49241ef0e5d30c79b2efbca5d92c698f67.json
anvato-api-config.s3.amazonaws.com/anvacks/ Frame 825. 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://anvato-api-config.s3.amazonaws.com/anvacks/anvato_cbslocal_app_web_prod_547f3e49241ef0e5d30c79b2efbca5d92c698f67.json
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
54.231.72.195 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
66c5c7d64c6b9c179207bd6fb125d6ab4969701c283f9e1a9a8dcb484ff0c03b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Last-Modified
Tue, 19 Apr 2016 18:01:12 GMT
Server
AmazonS3
x-amz-request-id
38FE44A4B5FE9BA5
ETag
"51ce2b4c377fe0cd6239109fae1f1daa"
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods
GET
Content-Type
application/json
Access-Control-Allow-Origin
*
x-amz-meta-s3fox-filesize
1101
x-amz-meta-s3fox-modifiedtime
1460615542000
Accept-Ranges
bytes
Content-Length
1101
x-amz-id-2
qfHOogeiznSZjHOOBDIlj3vQ/g0RCwEB0ryLLj/zhPmK/lMcGEae5CG67lxktuucbnsLr15p3lI=
b
b.scorecardresearch.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://b.scorecardresearch.com/b?c1=7&c2=13739933&c3=20121515121&ns__t=1505832022795&ns_c=UTF-8&cv=3.1&c8=Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%20%C2%AB%20CBS%20Philly&c7=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&c9=
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
95.100.248.105 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-100-248-105.deploy.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
b
b.scorecardresearch.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://b.scorecardresearch.com/b?c1=2&c2=3000023&comscorekw=news&ns__t=1505832022795&ns_c=UTF-8&cv=3.1&c8=Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%20%C2%AB%20CBS%20Philly&c7=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&c9=
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
95.100.248.105 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-100-248-105.deploy.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
Login.aspx
my.cbslocal.com/mycbslocal/pages/ Frame 825. 		0
0
USPA1276
wsidata.weather.com/200904-01/934888385/Weather/Report/ 		42 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://wsidata.weather.com/200904-01/934888385/Weather/Report/USPA1276
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJy1kdEOwiAMRX9Ixjajb8ZvQdYxsBQcMLO/ly0anQ9mezAhaUrvuaWF3z3TJDE1ELjJ55agH5+hMGHHfwmY1aoXEQqr6SWWjiJQ5LEDm5FBey4vgaGTAvmnU5tIRu0obCa9w7HViJtBs4rwmJSmwK1rEuaqaGY4BzbUqxzee2pBZEWPWnVxkaxe2fdrZhGzgoSCfuq0uGB50mt0/h/WgDmjOP3X2Z6qQ7k/llVVl+YBShjYvw==
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
95.101.241.152 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a95-101-241-152.deploy.akamaitechnologies.com
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
8d9f3fd8ef2b5a7332a0a2b390ce0082566854395b144923c7bbaa6cc9290b7b

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Last-Modified
Tue, 19 Sep 2017 14:36:53 GMT
Server
Microsoft-IIS/7.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/xml; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=30
Connection
keep-alive
Content-Length
5088
Expires
Tue, 19 Sep 2017 14:40:52 GMT
hovercard.css
0.gravatar.com/css/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://0.gravatar.com/css/hovercard.css?ver=201738y
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJy1kdEOwiAMRX9Ixjajb8ZvQdYxsBQcMLO/ly0anQ9mezAhaUrvuaWF3z3TJDE1ELjJ55agH5+hMGHHfwmY1aoXEQqr6SWWjiJQ5LEDm5FBey4vgaGTAvmnU5tIRu0obCa9w7HViJtBs4rwmJSmwK1rEuaqaGY4BzbUqxzee2pBZEWPWnVxkaxe2fdrZhGzgoSCfuq0uGB50mt0/h/WgDmjOP3X2Z6qQ7k/llVVl+YBShjYvw==
Protocol
HTTP/1.1
Server
192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
3f10442336cd9b12279a4662345ca628aa1dc48b9993a7cc75c2077b6ecbaf6b

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Last-Modified
Mon, 28 Jan 2013 22:29:45 GMT
Server
nginx
ETag
W/"5106fbd9-2062"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=604800
Connection
keep-alive
Expires
Tue, 26 Sep 2017 14:40:22 GMT
services.css
0.gravatar.com/css/ 		3 KB
562 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://0.gravatar.com/css/services.css?ver=201738y
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJy1kdEOwiAMRX9Ixjajb8ZvQdYxsBQcMLO/ly0anQ9mezAhaUrvuaWF3z3TJDE1ELjJ55agH5+hMGHHfwmY1aoXEQqr6SWWjiJQ5LEDm5FBey4vgaGTAvmnU5tIRu0obCa9w7HViJtBs4rwmJSmwK1rEuaqaGY4BzbUqxzee2pBZEWPWnVxkaxe2fdrZhGzgoSCfuq0uGB50mt0/h/WgDmjOP3X2Z6qQ7k/llVVl+YBShjYvw==
Protocol
HTTP/1.1
Server
192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
ab7e2ffdc04169e144920d681f782403d86113dd0a50dee1eb0522fb4c92375b

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Mar 2014 21:35:23 GMT
Server
nginx
ETag
W/"532a0d9b-bd8"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=604800
Connection
keep-alive
Expires
Tue, 26 Sep 2017 14:40:22 GMT
19019.json
api.wunderground.com/api/245c93fff38d0d82/forecast10day/conditions/q/IA/ 		20 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.wunderground.com/api/245c93fff38d0d82/forecast10day/conditions/q/IA/19019.json?callback=jQuery112404941265636232004_1505832021794&_=1505832021795
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJy1kdEOwiAMRX9Ixjajb8ZvQdYxsBQcMLO/ly0anQ9mezAhaUrvuaWF3z3TJDE1ELjJ55agH5+hMGHHfwmY1aoXEQqr6SWWjiJQ5LEDm5FBey4vgaGTAvmnU5tIRu0obCa9w7HViJtBs4rwmJSmwK1rEuaqaGY4BzbUqxzee2pBZEWPWnVxkaxe2fdrZhGzgoSCfuq0uGB50mt0/h/WgDmjOP3X2Z6qQ7k/llVVl+YBShjYvw==
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.42 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-42.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
f7f7a88a7061445f0045d78ed5375ceb11fad21e45cb917e68eed5180c098620

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

X-CreationTime
0.069
Date
Tue, 19 Sep 2017 14:40:23 GMT
Content-Encoding
gzip
Connection
keep-alive
Content-Length
3056
Pragma
no-cache
Last-Modified
Tue, 19 Sep 2017 14:40:22 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
X-Varnish
1151174595
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Content-Type
text/javascript
Expires
Tue, 19 Sep 2017 14:40:23 GMT
_ate.track.config_resp
m.addthisedge.com/live/boost/ra-4ddd05dc24272928/ 		1 KB
525 B 		Script
General
Check archive.org
Download Go to
Full URL
http://m.addthisedge.com/live/boost/ra-4ddd05dc24272928/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: http://s7.addthis.com/js/300/addthis_widget.js?ver=1.0.0
Protocol
HTTP/1.1
Server
104.16.25.235 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software
cloudflare-nginx /
Resource Hash
29b96bc547f42cb2d5f3662151cd8b304801cc4ab0816f757dfae350ce1c20c4

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Surrogate-Key
ra-4ddd05dc24272928
Server
cloudflare-nginx
ETag
-85739579
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
CF-Cache-Status
HIT
Cache-Control
public, max-age=60, s-maxage=86400
Content-Disposition
attachment; filename=1.txt
Connection
keep-alive
CF-RAY
3a0d4cbeb09b15dd-FRA
Content-Length
525
x.js
0914.global.ssl.fastly.net/ad2/script/ 		7 B
7 B 		Script
General
Check archive.org
Download Go to
Full URL
http://0914.global.ssl.fastly.net/ad2/script/x.js?cb=1505832022829
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/wp-content/themes/vip/cbs-local/js-modules/sp/msg.js
Protocol
HTTP/1.1
Server
151.101.112.249 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f4a37d5988830b8f1b2b5ec95379ee337726c3e2e6571413538a2dfb719d9af7
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Via
1.1 varnish
Age
1402
X-Cache
HIT
Connection
keep-alive
Content-Length
7
x-amz-id-2
FCLL8cG0YCGZkLYGNSvTGnuonb3TumGbK6dflfI5cxFQr/ILYUiwNnNkyNFrxePLsmnFPx7SUoc=
X-Served-By
cache-hhn1542-HHN
Last-Modified
Wed, 28 Jun 2017 21:23:52 GMT
Server
AmazonS3
X-Timer
S1505832023.836040,VS0,VE0
ETag
"0d16497681a349a95fc61ba920a56b36"
x-amz-request-id
CE0E4044A2BD7442
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Accept-Ranges
bytes
Content-Type
text/javascript
Access-Control-Allow-Method
*
X-Cache-Hits
29278
x.gif
0914.global.ssl.fastly.net/ad2/img/ 		45 B
45 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://0914.global.ssl.fastly.net/ad2/img/x.gif?cb=1505832022828
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.112.249 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e0f8dceb516151e70891cb4ed02aac4b5800b37c13d8328a35919472efe0f93e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Via
1.1 varnish
Age
1483
X-Cache
HIT
Connection
keep-alive
Content-Length
45
x-amz-id-2
13dCBi6Pvk0YbeYNJvwh7knd//9qW+WLycn/wBxG6TUpGytnVHSVZOD3VveRA6WSYKDQYHSe+Ls=
X-Served-By
cache-hhn1536-HHN
Last-Modified
Wed, 28 Jun 2017 21:23:25 GMT
Server
AmazonS3
X-Timer
S1505832023.847067,VS0,VE0
ETag
"c4e3e106fbcc28e9c5b2be2a78018886"
x-amz-request-id
308462196F4D06BB
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Accept-Ranges
bytes
Content-Type
image/gif
Access-Control-Allow-Method
*
X-Cache-Hits
60384
x.gif
0914.global.ssl.fastly.net/ad2/img/ 		45 B
45 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://0914.global.ssl.fastly.net/ad2/img/x.gif?cb=1505832022830
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.112.249 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e0f8dceb516151e70891cb4ed02aac4b5800b37c13d8328a35919472efe0f93e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Via
1.1 varnish
Age
1483
X-Cache
HIT
Connection
keep-alive
Content-Length
45
x-amz-id-2
13dCBi6Pvk0YbeYNJvwh7knd//9qW+WLycn/wBxG6TUpGytnVHSVZOD3VveRA6WSYKDQYHSe+Ls=
X-Served-By
cache-hhn1540-HHN
Last-Modified
Wed, 28 Jun 2017 21:23:25 GMT
Server
AmazonS3
X-Timer
S1505832023.847035,VS0,VE0
ETag
"c4e3e106fbcc28e9c5b2be2a78018886"
x-amz-request-id
308462196F4D06BB
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Accept-Ranges
bytes
Content-Type
image/gif
Access-Control-Allow-Method
*
X-Cache-Hits
60329
sync
gum.criteo.com/ 		52 B
52 B 		Script
General
Check archive.org
Download Go to
Full URL
http://gum.criteo.com/sync?r=2&c=158&j=STRCriteoCallback
Requested by
Host: native.sharethrough.com
URL: http://native.sharethrough.com/assets/tag.js
Protocol
HTTP/1.1
Server
178.250.0.67 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
fba7e638bec340f091b109c9a774911121534dd01b646753fee0ccaae3ac08b9

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Cache-Control
private
Expires
Tue, 19 Sep 2017 15:40:23 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Content-Length
52
Content-Type
text/javascript; charset=utf-8
getids
c.newsinc.com/ 		141 B
141 B 		Script
General
Check archive.org
Download Go to
Full URL
http://c.newsinc.com/getids?uid=&callback=jQuery191028513438555283366_1505832022445&_=1505832022446
Requested by
Host: launch.newsinc.com
URL: http://launch.newsinc.com/207/js/embed.js
Protocol
HTTP/1.1
Server
52.20.191.180 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-20-191-180.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1a00afcf6794277c1db53fc76f13094cc94fb0fe498cc4e13cbfd7ea849ce314

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Server
nginx
ETag
77b846cc-9d48-11e7-9011-0a4e33a29963
Access-Control-Allow-Methods
GET, POST
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Alternate-Protocol
443:ndn-spdy/3
Cache-Control
private, max-age=0, no-cache, must-revalidate
Connection
keep-alive
Content-Length
141
Expires
Thu, 01 Dec 1970 00:00:00 GMT
twitter_cookies.html
platform.twitter.com/widgets/ Frame 825. 		0
0
cbs31.png
cbsphilly.files.wordpress.com/2014/12/ 		1018 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2014/12/cbs31.png?w=52
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
a0f6e98115314b6b05f2cdce7d18087d15ee5c4dd5d0a9a1500b80f592939394

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Wed, 20 Apr 2016 18:57:16 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
1018
expires
Sat, 07 Oct 2017 04:43:15 GMT
kyw.png
cbsphilly.files.wordpress.com/2014/06/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2014/06/kyw.png?w=45
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
451cbd70f84bc89a26574f674d893b96d2e6e09141418b285f8233fe80741e7a

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Thu, 04 Aug 2016 19:52:09 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
3046
expires
Sun, 24 Sep 2017 08:47:47 GMT
94wip1.png
cbsphilly.files.wordpress.com/2010/08/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2010/08/94wip1.png?w=61
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
ba50104b6663bec9023159cf2976ce54f99585f37fd2d8138055badba1401acd

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Wed, 20 Apr 2016 18:58:32 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
1574
expires
Sat, 30 Sep 2017 22:01:46 GMT
1210_wpht1.png
cbsphilly.files.wordpress.com/2010/08/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2010/08/1210_wpht1.png?w=80
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
0b836d710aa46e062e43daadb0ba492244ba2155993d1bcbf22c1fd68bb8c258

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Wed, 20 Apr 2016 18:59:15 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
1737
expires
Mon, 09 Oct 2017 16:10:30 GMT
car.jpg
cbsphilly.files.wordpress.com/2017/09/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/car.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
9d87e0654c986ddbe2c833eee1d08ec63bb9ceeecac5f439a7700b4439d43ba9

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Fri, 15 Sep 2017 23:28:32 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
7768
expires
Fri, 20 Oct 2017 08:39:34 GMT
starbucks-introduces-whiskey-flavored-coffee.jpg
cbsphilly.files.wordpress.com/2017/09/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/starbucks-introduces-whiskey-flavored-coffee.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
e72869792b4ac976b786af3fdebe0bddd713b9229016063f583070b3e9741a70

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Tue, 19 Sep 2017 12:40:50 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
18300
expires
Sun, 22 Oct 2017 16:22:23 GMT
hd1_2010-small.jpg
cbsphilly.files.wordpress.com/2017/09/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/hd1_2010-small.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
55e6fdbd184bbca59a57c7c32bfc775b593f50d44504de376dd6f9a0cb07a10d

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Mon, 18 Sep 2017 18:55:14 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
7802
expires
Sat, 21 Oct 2017 12:24:18 GMT
gettyimages-848750844.jpg
cbsphilly.files.wordpress.com/2017/09/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/gettyimages-848750844.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
da426d879d898eae1aa7bcd680302b7d306af706dd3b90d5a1feddf7b83bd3ad

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Mon, 18 Sep 2017 16:31:03 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
20606
expires
Thu, 12 Oct 2017 05:23:31 GMT
legarrette-blount.jpg
cbsphilly.files.wordpress.com/2017/09/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/legarrette-blount.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
b4f8d6b87b6711d6e939720574bce29063fcfe40332f175b91cd749fd81b153c

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Mon, 18 Sep 2017 13:35:27 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
16290
expires
Sun, 22 Oct 2017 15:18:10 GMT
eli-manning.jpg
cbsphilly.files.wordpress.com/2017/09/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/eli-manning.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
9b671498b1e5c3ca830b99ec00116a19e56b8cca7ac1274065e6786377a0834a

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Tue, 19 Sep 2017 13:42:43 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
15490
expires
Mon, 16 Oct 2017 08:32:26 GMT
08d2a4e4-a8f8-8a3f-9206-5f19045e30ce.png
cbsphilly.files.wordpress.com/2016/09/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2016/09/08d2a4e4-a8f8-8a3f-9206-5f19045e30ce.png?w=250&h=250&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
5d893b7b97cb4c532b2d92f433154adf88aa5cf027357948a8052231481c5e6a

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Thu, 29 Sep 2016 17:13:44 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
33568
expires
Mon, 09 Oct 2017 12:49:26 GMT
chrissigal.jpg
cbsphilly.files.wordpress.com/2016/09/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2016/09/chrissigal.jpg?w=205&h=205&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
ee2e197163ea8dc8beead7fa0ee5651995bbd5beedeae2fee03d1bc1866ac935

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Thu, 29 Sep 2016 18:12:24 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
15930
expires
Sun, 24 Sep 2017 10:16:41 GMT
reportersroundup.png
cbsphilly.files.wordpress.com/2016/09/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2016/09/reportersroundup.png?w=205&h=205&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
5959998bae947898273c1e130ba96e8b9102fae7b4ad767bebc891e0101f5b01

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Thu, 29 Sep 2016 18:14:18 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
25901
expires
Thu, 28 Sep 2017 14:45:39 GMT
66cc49bfe25c4e0392d8138d949bd4d7-1.jpg
cbsphilly.files.wordpress.com/2017/09/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/66cc49bfe25c4e0392d8138d949bd4d7-1.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
112c6f20b46b407e71e54c0e3d611c423d818effc4b2830d3ac181d6fe430489

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Fri, 15 Sep 2017 04:03:10 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
19836
expires
Thu, 12 Oct 2017 09:08:34 GMT
untitled39.jpg
cbsphilly.files.wordpress.com/2017/09/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/untitled39.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
ba74a07c8adea8db18115f0b830210f4022b6564aad6014030ae8583c0d8af0f

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Wed, 13 Sep 2017 21:00:08 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
10406
expires
Mon, 09 Oct 2017 23:49:17 GMT
artillery-ridge.jpg
cbsphilly.files.wordpress.com/2017/09/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/artillery-ridge.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
6ceda6f5bf6bebafb5e62d7ed90a96799acc5371cf3a9cb0d975be93dc87c13e

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Mon, 11 Sep 2017 12:39:23 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
14458
expires
Tue, 03 Oct 2017 09:16:49 GMT
oktoberfest1.jpg
cbsphilly.files.wordpress.com/2017/09/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/oktoberfest1.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
88cdc306dc9124b87fe1876c32738a49dbfbe9d316e2d92e3591748a04f5afe0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Mon, 18 Sep 2017 18:14:31 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
43262
expires
Wed, 11 Oct 2017 06:24:38 GMT
fallfoliage1111.jpg
cbsphilly.files.wordpress.com/2017/09/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/fallfoliage1111.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
910f5b2364b0735baef5caec3d3cbcd905225bad464c960d612ba3f3487d5bd3

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Tue, 19 Sep 2017 14:11:29 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
23708
expires
Fri, 27 Oct 2017 15:50:48 GMT
trident.jpg
cbsphilly.files.wordpress.com/2017/09/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/trident.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
2953060dfc62638c45464def96b9c432c954f31756aae2fdcfd7d8b75ce36252

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Mon, 04 Sep 2017 12:46:20 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
17566
expires
Tue, 17 Oct 2017 00:41:37 GMT
pennsbury-manor.jpg
cbsphilly.files.wordpress.com/2017/09/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/09/pennsbury-manor.jpg?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
5ef84b1a0a8d9157bff658978588c84017999699f7939088fa63a1566b841069

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Tue, 05 Sep 2017 22:40:32 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
23598
expires
Thu, 05 Oct 2017 22:24:23 GMT
deals.png
cbsphilly.files.wordpress.com/2016/10/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2016/10/deals.png?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
25dd8ef86a2a6f3af98f6db69607bfb39b77a0bcc50f67b4a6b0033f3831541e

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Mon, 03 Oct 2016 15:31:45 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
43182
expires
Thu, 21 Sep 2017 08:02:33 GMT
events.png
cbsphilly.files.wordpress.com/2016/10/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2016/10/events.png?w=310&h=174&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
4a3d17b20312cc1f6af7fb7cbf5fa7b8d762d2bd7663b0f4cc773d0756ee647b

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Mon, 03 Oct 2016 15:29:41 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
29875
expires
Thu, 21 Sep 2017 10:48:27 GMT
hearphilly.png
cbsphilly.files.wordpress.com/2015/05/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2015/05/hearphilly.png?w=300&h=300&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
54a57761d893d7076c0f4bd161f4f2fc89305660764b5a3f217c349056e18e35

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Wed, 13 May 2015 15:39:14 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
20455
expires
Thu, 28 Sep 2017 11:27:32 GMT
wogl_98-1.png
cbsphilly.files.wordpress.com/2015/05/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2015/05/wogl_98-1.png?w=300&h=300&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
62e170fa9e06291ee084074053999dfe31bd53eb7a9d89263ffb5e20129ce84a

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Wed, 13 May 2015 14:19:01 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
20791
expires
Fri, 22 Sep 2017 09:59:10 GMT
wysp.png
cbsphilly.files.wordpress.com/2015/05/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2015/05/wysp.png?w=300&h=300&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
b5f289360436cf795697b32e938de7c89406d48b4a5fedecd59c39a5218f36f9

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Wed, 13 May 2015 15:38:52 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
17503
expires
Wed, 27 Sep 2017 15:37:02 GMT
xtu_92-5.png
cbsphilly.files.wordpress.com/2015/05/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2015/05/xtu_92-5.png?w=300&h=300&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
14278d5af8efde9802d03dcdee00802683e45ab9ba28aac389c3366ff831ff83

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Wed, 13 May 2015 14:15:35 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
13604
expires
Thu, 28 Sep 2017 01:59:58 GMT
todays965_stacked_color.jpg
cbsphilly.files.wordpress.com/2015/05/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2015/05/todays965_stacked_color.jpg?w=310&h=310&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
d3144685266b247815ecc318e4f448ab68b9c19171d91b0f6635344ca1366ae5

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Thu, 05 Jan 2017 16:45:28 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
14778
expires
Sat, 23 Sep 2017 08:31:09 GMT
wpht_1210.png
cbsphilly.files.wordpress.com/2015/05/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2015/05/wpht_1210.png?w=300&h=300&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
f9ef5a3067015c58a4f869ae2ac4b4003ad7bc88f28c09644cba4b75d80bedab

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Wed, 13 May 2015 14:14:50 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
20394
expires
Mon, 16 Oct 2017 00:01:22 GMT
94_wip.png
cbsphilly.files.wordpress.com/2015/05/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2015/05/94_wip.png?w=300&h=300&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
20e27fb192d58ea59a16f9b9b46759cdbf0f4ef93e57b781dd9d30916950e669

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Wed, 13 May 2015 14:14:24 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
11201
expires
Tue, 03 Oct 2017 10:48:08 GMT
kyw_1060.png
cbsphilly.files.wordpress.com/2015/05/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2015/05/kyw_1060.png?w=300&h=300&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
7fe867c9d3d936e12b154ba57eb92ca3ae5814a8b80869c003fde03c36eefccf

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Wed, 13 May 2015 14:14:09 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
28608
expires
Fri, 29 Sep 2017 05:45:15 GMT
connectingvets1400x1400.png
cbsphilly.files.wordpress.com/2017/06/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/06/connectingvets1400x1400.png?w=310&h=310&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
05317cfcefe255d2a2543204d25f805f94e43446ba2de196f0e76292a8979d05

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Mon, 05 Jun 2017 18:41:51 GMT
server
nginx
vary
Accept
content-type
image/png
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
22403
expires
Sat, 30 Sep 2017 06:53:11 GMT
philly_kyw3_310x3101.jpg
cbsphilly.files.wordpress.com/2017/04/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cbsphilly.files.wordpress.com/2017/04/philly_kyw3_310x3101.jpg?w=310&h=310&crop=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.72.21 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software
nginx /
Resource Hash
2b1450c37241c5cdf593d7ef02caee6f6c0b4ad8945b98e84e7ece4e300172ad

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 21 np
date
Tue, 19 Sep 2017 14:40:22 GMT
last-modified
Thu, 27 Apr 2017 21:43:13 GMT
server
nginx
vary
Accept
content-type
image/webp
status
200
x-orig-src
0_imageresize
accept-ranges
bytes
content-length
14106
expires
Thu, 05 Oct 2017 12:58:22 GMT
ca.png
s.cpx.to/
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fca.png%3Fpid%3D11327%26ref%3D%26hn_ver%3D5%26fid%3Dde275265-407c-4347-8f49-182e22f5dc73%26adnxs_uid%3D%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fca.png%253Fpid%253D11327%2526ref%253D%2526hn_ver%253D5%2526fid%253Dde275265-407c-4347-8f49-182e22f5dc73%2526adnxs_uid%25...
  • https://s.cpx.to/ca.png?pid=11327&ref=&hn_ver=5&fid=de275265-407c-4347-8f49-182e22f5dc73&adnxs_uid=5160562550509235139
95 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/ca.png?pid=11327&ref=&hn_ver=5&fid=de275265-407c-4347-8f49-182e22f5dc73&adnxs_uid=5160562550509235139
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.96.211 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-208-96-211.eu-west-1.compute.amazonaws.com
Software
akka-http/2.4.17 /
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
akka-http/2.4.17
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Connection
keep-alive
Content-Type
image/png
Content-Length
95
Expires
Tue, 19 Sep 2017 14:40:23 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Sep 2017 14:40:25 GMT
x-proxy-origin
148.251.45.254; 148.251.45.254; 301.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.155:80
an-x-request-uuid
63a2094e-e87e-482d-9086-460478c8cab0
server
nginx/1.13.4
status
302
location
https://s.cpx.to/ca.png?pid=11327&ref=&hn_ver=5&fid=de275265-407c-4347-8f49-182e22f5dc73&adnxs_uid=5160562550509235139
p3p
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
content-type
text/html; charset=utf-8
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
ca.png
s.cpx.to/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&pid=11327&ref=&hn_ver=5&fid=de275265-407c-4347-8f49-182e22f5dc73
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&pid=11327&ref=&hn_ver=5&fid=de275265-407c-4347-8f49-182e22f5dc73&google_tc=
  • https://s.cpx.to/ca.png?pid=11327&ref=&hn_ver=5&fid=de275265-407c-4347-8f49-182e22f5dc73&google_gid=CAESEFLNWCfLu53iUf8I2bWVyjA&google_cver=1
95 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/ca.png?pid=11327&ref=&hn_ver=5&fid=de275265-407c-4347-8f49-182e22f5dc73&google_gid=CAESEFLNWCfLu53iUf8I2bWVyjA&google_cver=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.66.100 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-48-66-100.eu-west-1.compute.amazonaws.com
Software
akka-http/2.4.17 /
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
akka-http/2.4.17
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Connection
keep-alive
Content-Type
image/png
Content-Length
95
Expires
Tue, 19 Sep 2017 14:40:23 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Sep 2017 14:40:22 GMT
server
HTTP server (unknown)
status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://s.cpx.to/ca.png?pid=11327&ref=&hn_ver=5&fid=de275265-407c-4347-8f49-182e22f5dc73&google_gid=CAESEFLNWCfLu53iUf8I2bWVyjA&google_cver=1
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"
content-length
358
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
trc.taboola.com/cbslocaltv-philadelphia/trc/3/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://trc.taboola.com/cbslocaltv-philadelphia/trc/3/json?tim=14%3A40%3A22.910&data=%7B%22id%22%3A629%2C%22ii%22%3A%22%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22vi%22%3A1505832022908%2C%22cv%22%3A%22273-79-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F%22%2C%22nsid%22%3A%22cbslocal-network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A8%2C%22uim%22%3A%22thumbnails-a%3Apub%3Dcbslocal-network%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22normal%22%7D
Requested by
Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/impl.273-79-RELEASE.js
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.10.1 /
Resource Hash
ef2336a8a02ca37397e9264a18034fe2c5be773e257f6656ae643a66775259b9

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Content-Encoding
gzip
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
X-Cache
MISS
P3P
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
X-Cache-Hits
0
Connection
keep-alive
X-Served-By
cache-hhn1538-HHN
Server
nginx/1.10.1
X-Timer
S1505832023.921157,VS0,VE194
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Via
1.1 varnish
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
Thu, 01 Jan 1970 00:00:00 GMT
init
services.babator.com/tags/ 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/tags/init?apiKey=b7508330-5368-11e6-b9b6-b5368b08d969&userUUID=777c7220-9d48-11e7-9327-47290f0c4e1a&userId=777c7221-9d48-11e7-9327-47290f0c4e1a
Requested by
Host: services.babator.com
URL: https://services.babator.com/tags?apiKey=b7508330-5368-11e6-b9b6-b5368b08d969&ver=1.0.0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
9141c38507af972c99d0e619e1712019230168c3cdd4ff11d2fe7462e80a40ab

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
public, max-age=150
Date
Tue, 19 Sep 2017 14:40:22 GMT
ETag
BABATAGSREQ1INIT1
Last-Modified
Tue, 19 Sep 2017 14:40:22 GMT
Server
nginx/1.10.1
X-Powered-By
Express
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=150
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
5865
Expires
Tue, 19 Sep 2017 14:42:52 GMT
uc.js
sync.go.sonobi.com/ 		1 KB
738 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/uc.js?pubid=7f621a278b
Requested by
Host: mtrx.go.sonobi.com
URL: https://mtrx.go.sonobi.com/morpheus.cbslocal.3566.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.212.134.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-212-134-99.eu-west-1.compute.amazonaws.com
Software
Sonobi GO /
Resource Hash
bf2263f8c2dc7fd848d8910a3627865e7d90f00bc09827db9b34d1653517c75b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Content-Encoding
gzip
Server
Sonobi GO
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-dub-1-6-10
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private, no-cache="set-cookie"
Tcn
Choice
Connection
keep-alive
Content-Type
text/javascript
Content-Length
738
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
page_views
tru.am/ 		184 B
169 B 		Script
General
Check archive.org
Download Go to
Full URL
http://tru.am/page_views?clientID=1130&version=13&canonical=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&ogURL=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&title=Hackers+Have+Successfully+Hidden+Malware+In+Popular+PC+Cleanup+Tool&image=https%3A%2F%2Fcbsphilly.files.wordpress.com%2F2017%2F09%2F160466978.jpg%3Fw%3D1500&callback=reqwest_1505832022915
Requested by
Host: tru.am
URL: http://tru.am/scripts/ta-pagesocial-sdk.js
Protocol
HTTP/1.1
Server
2400:cb00:2048:1::6819:a322 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software
cloudflare-nginx /
Resource Hash
5929626ff06ed21c984b22e425141b1b88334b84a41f4f0fa5dfdac5ef314033
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
cloudflare-nginx
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
no-cache, private, max-age=0
Content-Disposition
filename=f.txt
Connection
keep-alive
CF-RAY
3a0d4cbf9108650b-FRA
Content-Length
169
Expires
Thu, 01 Jan 1970 00:00:00 UTC
/
www.facebook.com/impression.php/f2a217d97cb148/ 		43 B
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/impression.php/f2a217d97cb148/?api_key=249643311490&lid=115&payload=%7B%22source%22%3A%22jssdk%22%7D
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
x-xss-protection
0
pragma
no-cache
x-fb-debug
rWh0WfXglnCM5nzGJIhwyNZxqmGzuv9MI0h1A59E72jZ0vjKpGDQ+VE4wF9MUYvPSSfH6Eo2dk6RDDMY6NRY3w==
date
Tue, 19 Sep 2017 14:40:23 GMT
strict-transport-security
max-age=15552000; preload
public-key-pins-report-only
max-age=600; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; pin-sha256="PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw="; pin-sha256="q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ="; report-uri="http://reports.fb.com/hpkp/"
access-control-allow-origin
https://www.facebook.com
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
access-control-allow-method
OPTIONS
expires
Sat, 01 Jan 2000 00:00:00 GMT
rta.js
rtax.criteo.com/delivery/rta/ 		165 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
http://rtax.criteo.com/delivery/rta/rta.js?netId=6003&cookieName=crtg_rta&rnd=25254343581&varName=crtg_content
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
178.250.0.100 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
rtax.criteo.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
1db1ef9f35ba473be8b7f429f77ba021307591ed16c678258b420f2de3af2f7b

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, OPTIONS
P3P
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Access-Control-Allow-Origin
*
Cache-Control
private
Access-Control-Allow-Credentials
true
Content-Type
text/javascript
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
165
Expires
Mon, 26 Jul 1997 05:00:00 GMT
kormorant-1.27.24.min.css
images.intellitxt.com/k/ 		11 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://images.intellitxt.com/k/kormorant-1.27.24.min.css
Requested by
Host: images.intellitxt.com
URL: http://images.intellitxt.com/k/kormorant-1.27.24.min.js
Protocol
HTTP/1.1
Server
52.85.93.206 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-93-206.jfk6.r.cloudfront.net
Software
nginx /
Resource Hash
d3729411d27ecc4aeca0a52c1909a51f54c51ed7785c0872217769ba7d8940f5

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 11:32:06 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 Sep 2017 13:03:33 GMT
Server
nginx
Age
11297
ETag
W/"8cffab475e7ac87842b97601eb6bf115"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
text/css
Via
1.1 40771aeb308f1b1a112f21c14f905436.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
v0LDHNuzp_IRf-tPKUBkmyfvR_6F4IJf_AWJAmGWrmMsFtRF2NywzA==
1
philadelphia_cbslocal.us.intellitxt.com/context/ 		13 B
13 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://philadelphia_cbslocal.us.intellitxt.com/context/1
Requested by
Host: images.intellitxt.com
URL: http://images.intellitxt.com/k/kormorant-1.27.24.min.js
Protocol
HTTP/1.1
Server
31.24.80.101 , United Kingdom, ASN56464 (VIBRANT-EU, GB),
Reverse DNS
Software
nginx / Kormorant
Resource Hash
a821ef2e57f7a813859e0757693071df87135628c3d8f017bc499d0322afeba6

Request headers

Access-Control-Request-Method
POST
Origin
http://philadelphia.cbslocal.com
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Allow
GET,HEAD,POST
Server
nginx
X-Powered-By
Kormorant
Vary
*
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Content-Type
Content-Length
13
Expires
Fri, 08 Jan 2016 00:00:00 GMT
5160562550509235139
philadelphia_cbslocal.us.intellitxt.com/csync/0/appnexus/
Redirect Chain
  • http://ib.adnxs.com/getuid?http%3A%2F%2Fphiladelphia_cbslocal.us.intellitxt.com%2Fcsync%2F0%2Fappnexus%2F%24UID
  • http://philadelphia_cbslocal.us.intellitxt.com/csync/0/appnexus/5160562550509235139
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://philadelphia_cbslocal.us.intellitxt.com/csync/0/appnexus/5160562550509235139
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
31.24.80.101 , United Kingdom, ASN56464 (VIBRANT-EU, GB),
Reverse DNS
Software
nginx / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
nginx
Connection
keep-alive
X-Powered-By
Express
ETag
W/"a-oQDOV50e1MN2H/N8GYi+8w"

Redirect headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
X-Proxy-Origin
148.251.45.254; 148.251.45.254; 311.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.84:80
AN-X-Request-Uuid
59054750-d9a7-4595-b395-df140b9460da
Server
nginx/1.11.5
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
http://philadelphia_cbslocal.us.intellitxt.com/csync/0/appnexus/5160562550509235139
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usermatchredir
ssum.casalemedia.com/
Redirect Chain
  • http://ssum.casalemedia.com/usermatchredir?s=184543&cb=http%3A%2F%2Fphiladelphia_cbslocal.us.intellitxt.com%2Fcsync%2F0%2Findex%2F__UID__
  • http://ssum.casalemedia.com/usermatchredir?s=184543&cb=http%3A%2F%2Fphiladelphia_cbslocal.us.intellitxt.com%2Fcsync%2F0%2Findex%2F__UID__&C=1
43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ssum.casalemedia.com/usermatchredir?s=184543&cb=http%3A%2F%2Fphiladelphia_cbslocal.us.intellitxt.com%2Fcsync%2F0%2Findex%2F__UID__&C=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
23.53.174.16 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-174-16.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:23 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
http://ssum.casalemedia.com/usermatchredir?s=184543&cb=http%3A%2F%2Fphiladelphia_cbslocal.us.intellitxt.com%2Fcsync%2F0%2Findex%2F__UID__&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
333
Expires
Tue, 19 Sep 2017 14:40:23 GMT
/
philadelphia_cbslocal.us.intellitxt.com/log/0/ptr/cc9b8b88a660ba6a52e89f61d35e47d83dae5927/26708/05706c48-bf0c-4947-a5c9-a6b7b2cfa268/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://philadelphia_cbslocal.us.intellitxt.com/log/0/ptr/cc9b8b88a660ba6a52e89f61d35e47d83dae5927/26708/05706c48-bf0c-4947-a5c9-a6b7b2cfa268/
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
31.24.80.101 , United Kingdom, ASN56464 (VIBRANT-EU, GB),
Reverse DNS
Software
nginx / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
ETag
W/"a-b541a50d"
Server
nginx
X-Powered-By
Express
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Expires
0
layers.979ac3502d3cdf90c731.js
s7.addthis.com/static/ 		293 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://s7.addthis.com/static/layers.979ac3502d3cdf90c731.js
Requested by
Host: s7.addthis.com
URL: http://s7.addthis.com/js/300/addthis_widget.js?ver=1.0.0
Protocol
HTTP/1.1
Server
104.16.16.35 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software
cloudflare-nginx /
Resource Hash
0cc9c489ed53c8b8c8219a71a03e3c4fcfa657e9f33a301111040df08e2f7777

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Timing-Allow-Origin
*
Date
Tue, 19 Sep 2017 14:40:23 GMT
Content-Encoding
gzip
Surrogate-Key
client_dist
Last-Modified
Fri, 08 Sep 2017 16:08:45 GMT
Server
cloudflare-nginx
Vary
Accept-Encoding
Content-Type
text/javascript
CF-Cache-Status
HIT
Cache-Control
public, no-check, max-age=86313600
Transfer-Encoding
chunked
X-Host
s7.addthis.com
Connection
keep-alive
CF-RAY
3a0d4cc04607270e-FRA
cbs1x1.gif
ev.cbslocal.com/store/apps/generic/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ev.cbslocal.com/store/apps/generic/cbs1x1.gif?data=%7B%22referer%22%3A%22%22%7D&rnd=0.17083158405285093
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
162.217.198.29 Irvine, United States, ASN33695 (SCALEMATRIX - ScaleMatrix, US),
Reverse DNS
sandiego.ar01.host28.scalematrix.net
Software
/
Resource Hash
4c9e52498dc6c0afe8657a9b95ef6417d33e15bd17fd4b4b6301ef908ffe7ea1

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
X-Cache-Lookup
HIT from static01:85
Last-Modified
Mon, 11 Aug 2014 22:24:03 GMT
Age
4570099
X-Cache
HIT from static01
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Sat, 25 Nov 2017 17:12:03 GMT
switchboard
eventful.com/apps/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://eventful.com/apps/switchboard?url=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F
Requested by
Host: d1marr3m5x4iac.cloudfront.net
URL: https://d1marr3m5x4iac.cloudfront.net/store/js/switchboard.js
Protocol
HTTP/1.1
Server
162.217.198.29 Irvine, United States, ASN33695 (SCALEMATRIX - ScaleMatrix, US),
Reverse DNS
sandiego.ar01.host28.scalematrix.net
Software
/
Resource Hash
23de362c60bd7a93bfae2af36d70bfac0afc6a530479acd69749fc53008d3daf

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Content-encoding
gzip
Age
0
Content-Type
application/javascript; charset=UTF-8
Cache-control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3012
s81809624739745
cbsdigitalmedia.d1.sc.omtrdc.net/b/ss/cbslocal-global-unified/1/JS-1.7.0-D7QN/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbsdigitalmedia.d1.sc.omtrdc.net/b/ss/cbslocal-global-unified/1/JS-1.7.0-D7QN/s81809624739745?AQB=1&ndh=1&pf=1&t=19%2F8%2F2017%2014%3A40%3A23%202%200&D=D%3D&mid=90189725204722946433263558871443104714&aamlh=6&ce=UTF-8&ns=cbsdigitalmedia&pageName=article%7CHackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool&g=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&events=event1&aamb=cIBAx_aQzFEHcPoEv0GwcQ&c1=swtv&v1=swtv&c2=desktop&v2=desktop&c3=Philadelphia&v3=Philadelphia&c5=philadelphia.cbslocal.com&v5=philadelphia.cbslocal.com&c6=analytics-article%7Cnews%7Ctalkers%7Cccleaner%7Cchris-melore%7Chackers%7Cmalware&v6=analytics-article%7Cnews%7Ctalkers%7Cccleaner%7Cchris-melore%7Chackers%7Cmalware&c9=article&v9=article&c10=article%7CHackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool&v10=article%7CHackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool&c11=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&v11=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&c20=anvato&v20=anvato&c23=Tatyana%20Gefter&v27=Tatyana%20Gefter&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
66.235.148.64 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
*.d1.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
X-C
ms-5.5.0
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
43
Pragma
no-cache
Last-Modified
Wed, 20 Sep 2017 14:40:23 GMT
Server
Omniture DC/2.0.0
xserver
www268
ETag
"59C12C57-3FD2-600942FB"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Keep-Alive
timeout=15
Expires
Mon, 18 Sep 2017 14:40:23 GMT
5oivrH7Newv.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 825.
Redirect Chain
  • http://staticxx.facebook.com/connect/xd_arbiter/r/5oivrH7Newv.js?version=42
  • https://staticxx.facebook.com/connect/xd_arbiter/r/5oivrH7Newv.js?version=42
0
0
5oivrH7Newv.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 825. 		0
0
server_time
tkx2-prod.anvato.net/rest/v2/ Frame 825. 		28 B
48 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tkx2-prod.anvato.net/rest/v2/server_time?anvack=anvato_cbslocal_app_web_prod_547f3e49241ef0e5d30c79b2efbca5d92c698f67
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.22.197.53 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-107-22-197-53.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5992908e117ac8cbeb87adea5cc922b2786fde5a72d9344411f6831c1b414675

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Date
Tue, 19 Sep 2017 14:40:23 GMT
Content-Encoding
gzip
Server
nginx
Connection
keep-alive
Content-Length
48
Content-Type
application/json
Babator-Connector.min.js
cdn.babator.com/customers/cbs/ 		1 MB
275 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.babator.com/customers/cbs/Babator-Connector.min.js?version=5
Requested by
Host: services.babator.com
URL: https://services.babator.com/tags/init?apiKey=b7508330-5368-11e6-b9b6-b5368b08d969&userUUID=777c7220-9d48-11e7-9327-47290f0c4e1a&userId=777c7221-9d48-11e7-9327-47290f0c4e1a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.192.54.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-54-240.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d3afc63326e40e4ad5a55c99f01f87c0fab47d956a449fe916f2bf274ebbe57f

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Mon, 12 Jun 2017 14:55:44 GMT
Content-Encoding
gzip
Last-Modified
Mon, 12 Jun 2017 14:54:19 GMT
Server
AmazonS3
Age
197347
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 f19281f08e79aa6c6634266c50732dd5.cloudfront.net (CloudFront)
Cache-Control
public, max-age=604800
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
uS4UXxvL2G7Ov8ULvGdCWbVbG_BmG7-lraWSgDtWEVcHinG8E0Ot_w==
pl
c.newsinc.com/ 		50 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://c.newsinc.com/pl?uut=77b846a3-9d48-11e7-9011-0a4e33a29963&insid=77b846cc-9d48-11e7-9011-0a4e33a29963&atei=0&atets=0&vw=1585&vh=1200&sw=1600&sh=1200&furl=http%253A%252F%252Fphiladelphia.cbslocal.com%252F2017%252F09%252F18%252Fhackers-malware-pc-ccleaner%252F&ua=safari&embedCount=0&eo=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&iframe=0&fe=0&fv=0&env=&bn=207&ref=&_=1505832023039
Requested by
Host: launch.newsinc.com
URL: http://launch.newsinc.com/207/js/embed.js
Protocol
HTTP/1.1
Server
52.20.191.180 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-20-191-180.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f48381677f418400751e118cc68d5ab525cc301306ee69c18b1159d6ac266883

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
Content-Type
Content-Length
50
1
philadelphia_cbslocal.us.intellitxt.com/context/ 		36 B
36 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://philadelphia_cbslocal.us.intellitxt.com/context/1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
31.24.80.101 , United Kingdom, ASN56464 (VIBRANT-EU, GB),
Reverse DNS
Software
nginx / Kormorant
Resource Hash
9d6e845430f65cb543ce6df053f686d92f8f943308e291da828bbd2e40753c4e

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Content-Type
application/json

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
nginx
X-Powered-By
Kormorant
Vary
*
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Content-Type
Content-Length
36
Expires
Fri, 08 Jan 2016 00:00:00 GMT
keymaker
keymaker.go.sonobi.com/ 		0
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://keymaker.go.sonobi.com/keymaker?pageviewid=9829efc240566e&corscred=1&ver=3.11.1
Requested by
Host: mtrx.go.sonobi.com
URL: https://mtrx.go.sonobi.com/morpheus.cbslocal.3566.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.64.124 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-208-64-124.eu-west-1.compute.amazonaws.com
Software
Sonobi GO /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Content-Type
text/plain

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
X-Go-Server
xcp-dub-1-6-4
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection
keep-alive
Content-Length
0
X-Xss-Protection
0
Pragma
no-cache
Server
Sonobi GO
Cache-Control
no-cache, no-store, private, no-cache="set-cookie"
Vary
negotiate,Accept-Encoding
Content-Type
text/plain; charset=utf8
Access-Control-Allow-Origin
*
Keymaker-Error
false
Access-Control-Allow-Credentials
true
Tcn
Choice
Expires
Sat, 26 Jul 1997 05:00:00 GMT
ad
ad.afy11.net/ 		45 B
45 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.afy11.net/ad?mode=10&sspid=2585
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
74.117.199.102 San Bruno, United States, ASN2762 (ADIFY-1 - ADIFY CORPORATION, US),
Reverse DNS
Software
Microsoft-IIS/8.5, AdifyServer / ASP.NET
Resource Hash
f11f9e7a7b43ec2de3ea9137553669010def8299f808b5e4348db56f6b050982

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Last-Modified
Sat, 1 Jan 2000 01:01:00 GMT
Server
Microsoft-IIS/8.5, AdifyServer
X-Powered-By
ASP.NET
P3P
policyref="https://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
Connection
close
Content-Type
image/gif
Content-Length
45
Expires
Sat, 1 Jan 2000 01:01:00 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]&mm_bnc&mm_bct
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=b40e59c1-2c57-4900-8d2a-3127b054b143
49 B
49 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=b40e59c1-2c57-4900-8d2a-3127b054b143
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.212.134.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-212-134-99.eu-west-1.compute.amazonaws.com
Software
Sonobi GO /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Server
Sonobi GO
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-dub-1-6-10
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Connection
keep-alive
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
MT3 1.15.14.4 5d3cdb7 master zrh-pixel-x4
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=b40e59c1-2c57-4900-8d2a-3127b054b143
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 19 Sep 2017 14:40:22 GMT
sonobi
sync.rhythmxchange.com/usersync2/ 		0
0
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=cd8a9580-44cd-4702-a0ad-0783408161d5
49 B
49 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=td&nuid=cd8a9580-44cd-4702-a0ad-0783408161d5
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.212.134.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-212-134-99.eu-west-1.compute.amazonaws.com
Software
Sonobi GO /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
Sonobi GO
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-dub-1-6-10
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Connection
keep-alive
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Location
https://sync.go.sonobi.com/us.gif?nw=td&nuid=cd8a9580-44cd-4702-a0ad-0783408161d5
Cache-Control
private,no-cache, must-revalidate
Connection
keep-alive
Content-Type
text/html
Content-Length
193
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?do=add&pid=561191&ev=77c5a8b0-9d48-11e7-bc0f-025d685f3aca&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=uNZi2FmPsIQn
49 B
49 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=uNZi2FmPsIQn
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.212.134.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-212-134-99.eu-west-1.compute.amazonaws.com
Software
Sonobi GO /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Server
Sonobi GO
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-dub-1-6-10
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Connection
keep-alive
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Server
Jetty(9.2.22.v20170606)
P3P
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Transfer-Encoding
chunked
X-Cache
MISS
Content-Language
en-US
Location
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=uNZi2FmPsIQn
Expires
-1
Cache-Control
private, max-age=0, no-cache, no-store
X-Cache-Hits
0
Connection
keep-alive
Accept-Ranges
bytes
CW-Server
ams-bh01
X-Served-By
cache-hhn1527-HHN
sync
x.bidswitch.net/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sonobi
  • https://x.bidswitch.net/ul_cb/sync?ssp=sonobi
  • https://p.adsymptotic.com/d/px/?_pid=12688&_psign=d3e6987fb7f3833d4f283fc40823ac50&bidswitch_ssp_id=sonobi&_redirect=http%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D126%26user_id%3D%24%7BUUID%7D%26e...
  • https://p.adsymptotic.com/d/px/?_pid=12688&_psign=d3e6987fb7f3833d4f283fc40823ac50&bidswitch_ssp_id=sonobi&_redirect=http%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D126%26user_id%3D%24%7BUUID%7D%26e...
  • https://x.bidswitch.net/sync?dsp_id=126&user_id=186b5838209665b40a7ff824b8632f73&expires=14&ssp=sonobi
43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=126&user_id=186b5838209665b40a7ff824b8632f73&expires=14&ssp=sonobi
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.155.1.176 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
176.1.155.104.bc.googleusercontent.com
Software
nginx/1.12.0 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Server
nginx/1.12.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=10
Content-Length
43

Redirect headers

Location
https://x.bidswitch.net/sync?dsp_id=126&user_id=186b5838209665b40a7ff824b8632f73&expires=14&ssp=sonobi
Date
Tue, 19 Sep 2017 14:40:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Server
nginx/1.8.0
Connection
keep-alive
Content-Length
0
P3P
CP='NON DSP COR CONi OUR BUS CNT'
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=1be30a61-c15d-465d-b6e5-82da40df8212&r=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dopenx%26nuid%3D
  • https://us-u.openx.net/w/1.0/cm?cc=1&id=1be30a61-c15d-465d-b6e5-82da40df8212&r=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dopenx%26nuid%3D
  • https://sync.go.sonobi.com/us.gif?nw=openx&nuid=fceb615a-84be-4039-ac8f-adcb7c3f5d2f
49 B
49 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=openx&nuid=fceb615a-84be-4039-ac8f-adcb7c3f5d2f
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.212.134.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-212-134-99.eu-west-1.compute.amazonaws.com
Software
Sonobi GO /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Server
Sonobi GO
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-dub-1-6-10
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Connection
keep-alive
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=openx&nuid=fceb615a-84be-4039-ac8f-adcb7c3f5d2f
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
OXGW/11.117.0
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Length
0
Vary
Accept
Content-Type
image/gif
trinity.js
apex.go.sonobi.com/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.js?key_maker=%7B%22%2F4128%2FCBS.PHILLY%2Fnews%2Farticle%2Fadhesion%7Creptile_31%22%3A%22300x250%22%7D&cv=sbi_20be1012c0ad2ee&vp=desktop&s=19a69c0c63ade02
Requested by
Host: mtrx.go.sonobi.com
URL: https://mtrx.go.sonobi.com/morpheus.cbslocal.3566.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.102.241 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-49-102-241.eu-west-1.compute.amazonaws.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
c704513755ff550eee749d7c8048963c838f1b2575bf51364231b3b1802560d0
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Content-Encoding
gzip
Server
nginx/1.4.6 (Ubuntu)
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-dub-1-6-133
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private, no-cache="set-cookie"
Tcn
Choice
Connection
keep-alive
Content-Type
text/javascript
Content-Length
1313
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
3aadbb71016ecd7a194bbe2791777e9a.png
cdn.taboola.com/libtrc/static/thumbnails/ 		581 B
581 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.taboola.com/libtrc/static/thumbnails/3aadbb71016ecd7a194bbe2791777e9a.png
Requested by
Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/impl.273-79-RELEASE.js
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-amz-version-id
6aZUfTQ.S26Y_1N5QpSv75PDrWc.NB7q
Via
1.1 varnish
ETag
"2697f4b848d2400cd051312585a6bf42"
Age
18159460
X-Cache
HIT
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
581
x-amz-id-2
AWmoybLoPXqCGftv+GDA2/l2jN9dPD/UEl8vHjg3hENR1illpBms7pe39N2/i0/Lk2uIwuSeyEQ=
X-Served-By
cache-hhn1537-HHN
Last-Modified
Wed, 24 Jun 2015 08:00:33 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1426488754/atime:1435045951/md5:2697f4b848d2400cd051312585a6bf42/ctime:1426488754
X-Timer
S1505832023.295860,VS0,VE0
Date
Tue, 19 Sep 2017 14:40:23 GMT
x-amz-request-id
4728F86E40808AFB
Cache-Control
private,max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
X-Cache-Hits
4775342
rtb-h
match.taboola.com/sg/thetradedesk-network/1/ Frame 825.
Redirect Chain
  • http://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
  • http://match.adsrvr.org/track/cmb/generic?ttd_pid=054f32o&ttd_tpi=1
  • http://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=cd8a9580-44cd-4702-a0ad-0783408161d5
  • http://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=cd8a9580-44cd-4702-a0ad-0783408161d5&tbid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
376 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=cd8a9580-44cd-4702-a0ad-0783408161d5&tbid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.9.12 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Server
nginx/1.9.12
X-Timer
S1505832024.960017,VS0,VE8
X-Served-By
cache-hhn1525-HHN
Transfer-Encoding
chunked
X-Cache
MISS
Connection
keep-alive
Accept-Ranges
bytes
X-Cache-Hits
0

Redirect headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Server
nginx/1.10.1
X-Timer
S1505832024.939022,VS0,VE9
X-Cache
MISS
Location
http://match.taboola.com/sg/thetradedesk-network/1/rtb-h?taboola_hm=cd8a9580-44cd-4702-a0ad-0783408161d5&tbid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-Cache-Hits
0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
0
X-Served-By
cache-hhn1537-HHN
32441
i.liadm.com/s/ Frame 825.
Redirect Chain
  • https://i.liadm.com/s/32441?bidder_id=88068&bidder_uuid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
  • https://i.liadm.com/s/32441?bidder_id=88068&bidder_uuid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6&_li_chk=true&previous_uuid=df6528fe3d0d4e889c812f7006fd2b79
43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.liadm.com/s/32441?bidder_id=88068&bidder_uuid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6&_li_chk=true&previous_uuid=df6528fe3d0d4e889c812f7006fd2b79
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.89.197 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-73-89-197.compute-1.amazonaws.com
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Location
/s/32441?bidder_id=88068&bidder_uuid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6&_li_chk=true&previous_uuid=df6528fe3d0d4e889c812f7006fd2b79
Date
Tue, 19 Sep 2017 14:40:23 GMT
Connection
keep-alive
Content-Length
0
/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame 825.
Redirect Chain
  • http://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
  • http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEDec3OHuaZXne95wQfcs860&google_cver=1
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEDec3OHuaZXne95wQfcs860&google_cver=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.10.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Server
nginx/1.10.1
X-Timer
S1505832023.368704,VS0,VE8
X-Served-By
cache-hhn1538-HHN
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Accept-Ranges
bytes
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
HTTP server (unknown)
P3P
policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location
http://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEDec3OHuaZXne95wQfcs860&google_cver=1
Cache-Control
no-cache, must-revalidate
Content-Type
text/html; charset=UTF-8
Content-Length
303
X-XSS-Protection
1; mode=block
Expires
Fri, 01 Jan 1990 00:00:00 GMT
liveramp_sync.xgi
x.dlx.addthis.com/e/ Frame 825.
Redirect Chain
  • http://idsync.rlcdn.com/382399.gif?partner_uid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
  • http://idsync.rlcdn.com/382399.gif?partner_uid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6&redirect=1
  • http://e.nexac.com/e/liveramp_sync.xgi?na_exid=619c9b69e2fd4331e4c2644c7bba87fef38e0328dce43c3177a29793a2398c823b87cd2c0007efc4
  • http://x.dlx.addthis.com/e/liveramp_sync.xgi?na_exid=619c9b69e2fd4331e4c2644c7bba87fef38e0328dce43c3177a29793a2398c823b87cd2c0007efc4
43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://x.dlx.addthis.com/e/liveramp_sync.xgi?na_exid=619c9b69e2fd4331e4c2644c7bba87fef38e0328dce43c3177a29793a2398c823b87cd2c0007efc4
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
34.212.9.224 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-212-9-224.us-west-2.compute.amazonaws.com
Software
lighttpd/1.4.33 / Jigawatts
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Server
lighttpd/1.4.33
X-Powered-By
Jigawatts
P3P
policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Connection
keep-alive
Content-type
image/gif
Content-Length
43
Expires
Wed Sep 15 09:14:42 MDT 2019

Redirect headers

Location
http://x.dlx.addthis.com/e/liveramp_sync.xgi?na_exid=619c9b69e2fd4331e4c2644c7bba87fef38e0328dce43c3177a29793a2398c823b87cd2c0007efc4
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
akka-http/2.4.10
Connection
keep-alive
Content-Length
206
Content-Type
text/html; charset=UTF-8
rtb-h
match.taboola.com/sg/appnexus-network/1/ Frame 825.
Redirect Chain
  • http://ib.adnxs.com/getuid?https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=$UID
  • https://trc.taboola.com/sg/appnexus-network/1/rtb-h/?taboola_hm=5160562550509235139
  • https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=5160562550509235139&tbid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
359 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=5160562550509235139&tbid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.9.12 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:23 GMT
via
1.1 varnish
server
nginx/1.9.12
x-timer
S1505832024.551541,VS0,VE8
x-cache
MISS
status
200
x-cache-hits
0
accept-ranges
bytes
x-served-by
cache-hhn1534-HHN

Redirect headers

date
Tue, 19 Sep 2017 14:40:23 GMT
via
1.1 varnish
server
nginx/1.10.1
x-timer
S1505832024.519603,VS0,VE8
x-served-by
cache-hhn1549-HHN
status
302
x-cache
MISS
location
https://match.taboola.com/sg/appnexus-network/1/rtb-h?taboola_hm=5160562550509235139&tbid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
x-cache-hits
0
accept-ranges
bytes
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
receive
pixel.tapad.com/idsync/ex/ Frame 825.
Redirect Chain
  • http://pixel.tapad.com/idsync/ex/receive?partner_id=2227&partner_device_id=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
  • http://pixel.tapad.com/idsync/ex/receive/check?partner_id=2227&partner_device_id=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
  • http://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=%252C
  • http://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=%252C
  • http://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=cd8a9580-44cd-4702-a0ad-0783408161d5&ttd_puid=%2C
95 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=cd8a9580-44cd-4702-a0ad-0783408161d5&ttd_puid=%2C
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
185.57.60.185 , Netherlands, ASN201979 (TAPAD-AM1, NL),
Reverse DNS
Software
nginx/1.11.3 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Server
nginx/1.11.3
Connection
keep-alive
Content-Type
image/png
Content-Length
95
P3P
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:18 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Location
http://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=cd8a9580-44cd-4702-a0ad-0783408161d5&ttd_puid=%2C
Cache-Control
private,no-cache, must-revalidate
Connection
keep-alive
Content-Type
text/html
Content-Length
279
utsync.ashx
ml314.com/ Frame 825. 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ml314.com/utsync.ashx?eid=50077&et=0&fp=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
34.252.181.159 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-252-181-159.eu-west-1.compute.amazonaws.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control
private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
0,Wed, 20 Sep 2017 10:40:22 GMT
cm
trc.taboola.com/sg/bluekai/1/ Frame 825.
Redirect Chain
  • http://tags.bluekai.com/site/35702?id=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6&redir=%2F%2Ftrc.taboola.com%2Fsg%2Fbluekai%2F1%2Fcm%3Ftaboola_hm%3D%24_BK_UUID
  • http://tags.bluekai.com/site/35702?dt=0&r=577013989&sig=2128339607&bkca=KJy+iLWvy09xHndslMjDlHGX8aJYGwuzLfigqSDJQMcdlp6DjGRly8x6JE4bvt1s0TA9sxtx1hq/GFRF4d1MW4uEm6Uu0PNSE3PB0i0il7MGAVg5TLONkIPTu2Ot8...
  • http://trc.taboola.com/sg/bluekai/1/cm?taboola_hm=rUkIHQ99999CoXaj
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://trc.taboola.com/sg/bluekai/1/cm?taboola_hm=rUkIHQ99999CoXaj
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.10.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Server
nginx/1.10.1
X-Timer
S1505832024.937711,VS0,VE8
X-Served-By
cache-hhn1538-HHN
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Location
http:////trc.taboola.com/sg/bluekai/1/cm?taboola_hm=rUkIHQ99999CoXaj
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
BK-Server
a76a
Expires
Thu, 01 Dec 1994 16:00:00 GMT
cse
pxl.connexity.net/c/ Frame 825. 		44 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pxl.connexity.net/c/cse?a=R&A=22c&D=569a&V=9&I0k=ptnrid&I0v=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
38.106.10.132 , United States, ASN174 (COGENT-174 - Cogent Communications, US),
Reverse DNS
Software
nginx /
Resource Hash
6d1743a4b9cd803083da5fd65626a4e92edebe73a40ee18f60276c96492b4afd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tues, 19 Sep 2017 14:40:23 GMT
Server
nginx
Transfer-Encoding
chunked
P3P
policyref="/w3c/p3p.xml", CP="CAO PSA OUR CURa DEVa PSDo PSAo BUS COR UNI COM",an.pp="http://www.connexity.com/privacy",an.oo="http://www.connexity.com/privacy",an.bt="N"
Cache-Control
no-store, max-age=-1, post-check=0, pre-check=0
Content-Transfer-Encoding
binary
Connection
keep-alive
Content-Type
image/gif
Expires
-1
cm
trc.taboola.com/sg/neustar/1/ Frame 825.
Redirect Chain
  • http://aa.agkn.com/adscores/g.pixel?sid=9212237748&puid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
  • http://d.agkn.com/pixel/8463/?che=1505832023&sk=164450102453000305531&puid=d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6&l0=http://trc.taboola.com/sg/neustar/1/cm?taboola_hm=164450102453000305531
  • http://trc.taboola.com/sg/neustar/1/cm?taboola_hm=164450102453000305531
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://trc.taboola.com/sg/neustar/1/cm?taboola_hm=164450102453000305531
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.10.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Server
nginx/1.10.1
X-Timer
S1505832024.705938,VS0,VE8
X-Served-By
cache-hhn1538-HHN
X-Cache
MISS
X-Cache-Hits
0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
Apache-Coyote/1.1
P3P
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
http://trc.taboola.com/sg/neustar/1/cm?taboola_hm=164450102453000305531
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Sat, 01 Jan 2000 00:00:00 GMT
f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 		254 B
254 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/wp-content/themes/vip/cbs-local/js-modules/sp/msg.js
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-amz-version-id
hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
Via
1.1 varnish
ETag
"dfa7b52c86e56bd67fa4002f6ed19854"
Age
17730270
X-Cache
HIT
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
254
x-amz-id-2
XvamycYj5i9elo1HIxQVWoqB3bzM0MDs3mgweXjpvYdi7ZZIyzbyvzEvbwKvdJGIx5LiaLJce0k=
X-Served-By
cache-hhn1537-HHN
Last-Modified
Wed, 24 Jun 2015 07:14:11 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
X-Timer
S1505832024.709347,VS0,VE0
Date
Tue, 19 Sep 2017 14:40:23 GMT
x-req
/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
x-amz-request-id
093E8082E423E036
Cache-Control
private,max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
X-Cache-Hits
2621679
weather-icons.png
s1.wp.com/wp-content/themes/vip/cbs-local/images/global/sprites/ 		76 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.wp.com/wp-content/themes/vip/cbs-local/images/global/sprites/weather-icons.png
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJy1kdEOwiAMRX9Ixjajb8ZvQdYxsBQcMLO/ly0anQ9mezAhaUrvuaWF3z3TJDE1ELjJ55agH5+hMGHHfwmY1aoXEQqr6SWWjiJQ5LEDm5FBey4vgaGTAvmnU5tIRu0obCa9w7HViJtBs4rwmJSmwK1rEuaqaGY4BzbUqxzee2pBZEWPWnVxkaxe2fdrZhGzgoSCfuq0uGB50mt0/h/WgDmjOP3X2Z6qQ7k/llVVl+YBShjYvw==
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
f17443dd0c9d8ae52a5c4f7827be975df847b84826c52f1600d693bda980bf97

Request headers

Referer
https://s1.wp.com/_static/??-eJy1kk1OAzEMhS9EaoqKgAXiLJ7ETDPj/BA7HfX2pEMrqNikSKyiZ/t9eXICSzY2RaWooHsKJHDwGewghpNFhsx19FEgJFe5dSVZj2wCOY9gRWDxbiQ153ouKST1KW5a7w5upaOTFdrOPsAkMH1UKkd4J2wThf241yuxCf6PadYhEzDiSGXNdVUxjmTWlPvgPlquzXHm1DBE9GzYx/l/0hE3FfX3IkM1Fxb7uZEm0ox2NqvqC3O6LmPRSEWgJEXFgcl8fYZ+RHMN5EwRucn6/eppYWOxpCrEJ7G5iD6Q6JGpP+7Plb6F1+3j/e5p+7x7eJk+ASa9O5A=?cssminify=yes
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

x-nc
HIT fra 32
date
Tue, 19 Sep 2017 14:40:23 GMT
x-ac
4.fra _dfw
last-modified
Mon, 16 May 2016 00:23:09 GMT
server
nginx
etag
"573912ed-130be"
content-type
image/png
status
200
cache-control
max-age=31536000
accept-ranges
bytes
content-length
78014
expires
Fri, 22 Jun 2018 02:20:38 GMT
1
philadelphia_cbslocal.us.intellitxt.com/ad/ 		5 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://philadelphia_cbslocal.us.intellitxt.com/ad/1?callback=vib_1&ipid=26708&pvu=05706c48-bf0c-4947-a5c9-a6b7b2cfa268&kw=&contextKey=cc9b8b88a660ba6a52e89f61d35e47d83dae5927&intext.ids=2093634045%2C682817675%2C-484897253%2C-971942454%2C-1355446314&intext.sets=&intext.bidders=&intext.count=4&intext.internal=false&intext.autoreveal=false
Requested by
Host: images.intellitxt.com
URL: http://images.intellitxt.com/k/kormorant-1.27.24.min.js
Protocol
HTTP/1.1
Server
31.24.80.101 , United Kingdom, ASN56464 (VIBRANT-EU, GB),
Reverse DNS
Software
nginx / Kormorant
Resource Hash
73d7258cedfd0cefd42f730c57a35c9b5c1e5585165397ad1fac689ff769c1f5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
X-Powered-By
Kormorant
Vary
Accept-Encoding, *
Content-Type
text/javascript; charset=utf-8
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0
Transfer-Encoding
chunked
Connection
keep-alive
ETag
W/"1585-Oof1yGxrPWilXqPmLHWQy6wdNAA"
Expires
Fri, 08 Jan 2016 00:00:00 GMT
p90207114-lowres.jpg%3Fw%3D720
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//fortunedotcom.files.wordpress.com/2016/07/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//fortunedotcom.files.wordpress.com/2016/07/p90207114-lowres.jpg%3Fw%3D720
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
41b43dfcaa5df5653cbe987467ce3e0248b4f92e32af3f0d000aced1ad73d383

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Age
1764872
X-Cache
HIT
Status
200 OK
Connection
keep-alive
X-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//fortunedotcom.files.wordpress.com/2016/07/p90207114-lowres.jpg%3Fw%3D720
Content-Length
13097
X-Request-Id
123326a4b1dd840c
X-Served-By
cache-hhn1537-HHN
Last-Modified
Tue, 29 Aug 2017 08:37:51 GMT
Server
cloudinary
X-Timer
S1505832024.799088,VS0,VE0
ETag
"1b5a30236ba87406e9a8dcd7527765e1"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
8
billgates_large_verge_medium_landscape_c43799ef19ca133f43361b1bf8ba95d0.600x500.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/20917dab-cdcd-4de2-af1b-059af86db4cd/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/20917dab-cdcd-4de2-af1b-059af86db4cd/billgates_large_verge_medium_landscape_c43799ef19ca133f43361b1bf8ba95d0.600x500.png
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
8624fc2f3f5bdea8997cb41d70c7ac6c4b46d9c05992542aa6ba11905c352ea8

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Age
1462268
X-Cache
HIT
Expiration
expiry-date="Sat, 16 Sep 2017 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
Connection
keep-alive
X-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/20917dab-cdcd-4de2-af1b-059af86db4cd/billgates_large_verge_medium_landscape_c43799ef19ca133f43361b1bf8ba95d0.600x500.png
Content-Length
11843
X-Served-By
cache-hhn1530-HHN
Last-Modified
Wed, 16 Aug 2017 14:12:48 GMT
Server
cloudinary
X-Timer
S1505832024.809757,VS0,VE0
ETag
"5e3d87dba1adf4f3d3016ad12432275a"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
5
2cba4c243d07a6491e3f79d81d8ae152.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2cba4c243d07a6491e3f79d81d8ae152.jpg
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
3d87e898c4d82cc05eeb0a6c1e6d39f6898a8b550366564ae6e7b57bd74d566f

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Age
88135
X-Cache
HIT
Expiration
expiry-date="Thu, 21 Sep 2017 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
Connection
keep-alive
X-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2cba4c243d07a6491e3f79d81d8ae152.jpg
Content-Length
12568
X-Served-By
cache-hhn1537-HHN
Last-Modified
Mon, 21 Aug 2017 11:09:06 GMT
Server
cloudinary
X-Timer
S1505832024.804956,VS0,VE0
ETag
"5da817930a246ddf9a3bf151862f66f0"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
1
55b113bce62bf51b3af4b7157c0a3ed5.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboolasyndication.com/libtrc/static/thumbnails/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboolasyndication.com/libtrc/static/thumbnails/55b113bce62bf51b3af4b7157c0a3ed5.jpg
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
88bf52e4dd09def6dd69cb8715bfcc76b096af7757b89e605da7e4255a372cbb

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Age
1676245
X-Cache
HIT
Expiration
expiry-date="Wed, 02 Aug 2017 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
Connection
keep-alive
X-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboolasyndication.com/libtrc/static/thumbnails/55b113bce62bf51b3af4b7157c0a3ed5.jpg
Content-Length
17119
X-Served-By
cache-hhn1530-HHN
Last-Modified
Sun, 02 Jul 2017 04:51:00 UTC
Server
cloudinary
X-Timer
S1505832024.815453,VS0,VE0
ETag
"9433c1398d84edae6d5e945196f1d248"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
2541
27c596b8d6b9746c53677b3405d0ed82.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboolasyndication.com/libtrc/static/thumbnails/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboolasyndication.com/libtrc/static/thumbnails/27c596b8d6b9746c53677b3405d0ed82.jpg
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
8cdb0d2102ac2902544ca73b554b0596758ac3c4f396396d1a94d1959664c0f5

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Age
937684
X-Cache
HIT
Expiration
expiry-date="Mon, 21 Aug 2017 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
Connection
keep-alive
X-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboolasyndication.com/libtrc/static/thumbnails/27c596b8d6b9746c53677b3405d0ed82.jpg
Content-Length
7595
X-Served-By
cache-hhn1537-HHN
Last-Modified
Fri, 21 Jul 2017 08:43:11 GMT
Server
cloudinary
X-Timer
S1505832024.811986,VS0,VE0
ETag
"c52f625a9e07ebf60e87aa79c576d1c3"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
34124
0f189e03cf75b848711ba3da4fac074d.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboolasyndication.com/libtrc/static/thumbnails/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboolasyndication.com/libtrc/static/thumbnails/0f189e03cf75b848711ba3da4fac074d.jpg
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
cdc8c55ca6691e247e93f0c0158b3d65e94f14cff596fb46ef603d09e763a636

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Age
363916
X-Cache
HIT
Connection
keep-alive
X-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboolasyndication.com/libtrc/static/thumbnails/0f189e03cf75b848711ba3da4fac074d.jpg
Content-Length
12208
X-Served-By
cache-hhn1530-HHN
Last-Modified
Sat, 20 May 2017 13:55:39 GMT
Server
cloudinary
X-Timer
S1505832024.821919,VS0,VE0
ETag
"6e8196e64cb6a979da3f84735b71068a"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
8368
avocado-2115922_1280.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//bleubloom.com/wp-content/uploads/2017/05/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//bleubloom.com/wp-content/uploads/2017/05/avocado-2115922_1280.jpg
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
3b0436812fae61083977ba5fdf52896d4a9378d2d36fa20a5269caf752d2e42b

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Age
52565
X-Cache
HIT
Expiration
expiry-date="Thu, 21 Sep 2017 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
Connection
keep-alive
X-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//bleubloom.com/wp-content/uploads/2017/05/avocado-2115922_1280.jpg
Content-Length
11305
X-Served-By
cache-hhn1537-HHN
Last-Modified
Mon, 21 Aug 2017 07:15:26 GMT
Server
cloudinary
X-Timer
S1505832024.817758,VS0,VE0
ETag
"eedb745759ef73c85c7ca36722aa45fe"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
906
house-2414374_1920-1024x679.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//www.womensarticle.com/wp-content/uploads/2017/06/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//www.womensarticle.com/wp-content/uploads/2017/06/house-2414374_1920-1024x679.jpg
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
cloudinary /
Resource Hash
c313ddc656eae4cd800acbd32be98450fdb60a243d373c9f423b0633849bc1ce

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Age
1906907
X-Cache
HIT
Expiration
expiry-date="Mon, 31 Jul 2017 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
Connection
keep-alive
X-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_217%2Cw_260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//www.womensarticle.com/wp-content/uploads/2017/06/house-2414374_1920-1024x679.jpg
Content-Length
15127
X-Served-By
cache-hhn1530-HHN
Last-Modified
Fri, 30 Jun 2017 17:36:05 UTC
Server
cloudinary
X-Timer
S1505832024.828041,VS0,VE0
ETag
"2e2c3f9664e6129cf96df049e26365ea"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=2592000
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-Requested-With
X-Cache-Hits
948
available
trc.taboola.com/cbslocaltv-philadelphia/log/3/ Frame 825. 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://trc.taboola.com/cbslocaltv-philadelphia/log/3/available
Requested by
Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/impl.273-79-RELEASE.js
Protocol
HTTP/1.1
Server
151.101.114.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx/1.10.1 /
Resource Hash

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Via
1.1 varnish
Server
nginx/1.10.1
X-Timer
S1505832023.222620,VS0,VE9
X-Served-By
cache-hhn1538-HHN
X-Cache
MISS
P3P
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
X-Cache-Hits
0
pixel;r=872076711;labels=Page%20Load.DPID.91288%2CPage%20Load.Site%20Category.2b.DPID.91288%2CPage%20Load.Site%20Category.1a.DPID.91288%2CPage%20Load.Site%20Category.0.DPID.91288%2CPage%20Load.Site...
pixel.quantserve.com/ 		35 B
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pixel.quantserve.com/pixel;r=872076711;labels=Page%20Load.DPID.91288%2CPage%20Load.Site%20Category.2b.DPID.91288%2CPage%20Load.Site%20Category.1a.DPID.91288%2CPage%20Load.Site%20Category.0.DPID.91288%2CPage%20Load.Site%20Category.3a.DPID.91288;event=refresh;rf=3;a=p-573scDfDoUH6o;url=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F;fpan=1;fpa=P0-1725652699-1505832023245;ns=0;ce=1;cm=;ref=;je=0;sr=1600x1200x24;enc=n;dst=0;et=1505832023245;tzo=0;ogl=title.Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%2Cimage.https%3A%2F%2Fcbsphilly%252Efiles%252Ewordpress%252Ecom%2F2017%2F09%2F160466978%252Ejpg%3Fw%3D1500%2Cimage%3Asecure_url.https%3A%2F%2Fcbsphilly%252Efiles%252Ewordpress%252Ecom%2F2017%2F09%2F160466978%252Ejpg%3Fw%3D1500%2Cdescription.Security%20experts%20say%20the%20Trojan%20horse-style%20attack%20hackers%20launched%20affected%20ove%2Ctype.article%2Curl.http%3A%2F%2Fphiladelphia%252Ecbslocal%252Ecom%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F%2Cimage%3Aheight.982%2Cimage%3Awidth.1500
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
95.172.94.11 , United Kingdom, ASN15570 (Internap European Autonomous System, GB),
Reverse DNS
pixel.quantserve.com
Software
QS /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
QS
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control
private, no-cache, no-store, proxy-revalidate
Connection
close
Content-Type
image/gif
Content-Length
35
Expires
Fri, 04 Aug 1978 12:00:00 GMT
acyfSZGKFVTYk1hV2JTTVhhLWQrfXJPUVFdY1xiTVdSKyF-IXJPUF4rVE9aYVNyYFNUU2BgU2ArclhkK316JXomfX5yYnEjMGZxIzIrZ3JRUlErZVdcUl1lek1hXk16W1thek1XXGJTYFxPWnpRUlF9
mms.cbslocal.com/ 		359 B
268 B 		Script
General
Check archive.org
Download Go to
Full URL
http://mms.cbslocal.com/acyfSZGKFVTYk1hV2JTTVhhLWQrfXJPUVFdY1xiTVdSKyF-IXJPUF4rVE9aYVNyYFNUU2BgU2ArclhkK316JXomfX5yYnEjMGZxIzIrZ3JRUlErZVdcUl1lek1hXk16W1thek1XXGJTYFxPWnpRUlF9
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/wp-content/themes/vip/cbs-local/js-modules/sp/mms_client.js
Protocol
HTTP/1.1
Server
52.59.88.2 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-59-88-2.eu-central-1.compute.amazonaws.com
Software
openresty /
Resource Hash
22610d70041dc0dc2b17ce404982f36a00fbf5159b510befc4d4849b126857b1

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Content-Encoding
gzip
X-Sp-Mms-Node
mms-6ea996d2.node.fra.consul
Server
openresty
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
X-Sp-Mms-Env
1
Connection
keep-alive
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bcn
www.summerhamster.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.summerhamster.com/bcn?hu=0&fe=1505832023383&y=1.7.812&elg=391400950&flg=323&x=sklodghoskld.fevorfdo.frp%2F2017%2F09%2F18%2Fkdfnhuv-pdozduh-sf-ffohdqhu%2F&vqwo=1&deo=0&g0=vg%3A%3Aer%2Cxd%3A%3Aqexd%3A%3Aqsu%7Cvg%3A%3Ask%3A%3Aqsk%3A%3Aqsu%7Clq%3A%3Adm%2Clp%2Clqi%2Cqh%3A%3Aqoe%3A%3Aqsu%3A%3Axuo%3D%2F%2F0914.joredo.vvo.idvwob.qhw%2Fdg2%2Flpj%2Fa.jli%3Ffe%3D1505832022828%7Clq%3A%3Adm%2Clqi%2Cqh%2Cvf%3A%3Aqoe%3A%3Aqsu%3A%3Axuo%3D%2F%2F0914.joredo.vvo.idvwob.qhw%2Fdg2%2Fvfulsw%2Fa.mv%3Ffe%3D1505832022829%7Cjdg%3A%3Aho%2Ckl%2Cklg%2Clqi%3A%3Aqhk%3A%3Aqsu%3A%3Avho%3D.sodlqDg%7Cjdg%3A%3Akl%2Clp%2Clqi%3A%3Aqoe%3A%3Aqsu%3A%3Axuo%3D%2F%2F0914.joredo.vvo.idvwob.qhw%2Fdg2%2Flpj%2Fa.jli%3Ffe%3D1505832022830%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cqr%3A%3Aqqr%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Cdg%3A%3Adu%2Cklg%2Cvv%3A%3Aqvvs%3A%3Aqsu%7Csu%3A%3Aid%3A%3Aquiv%3A%3Aqsu&g2=0%3A%3A0%3A%3A0%3A%3A0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.10.154.150 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-10-154-150.us-west-2.compute.amazonaws.com
Software
openresty /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Sep 2017 14:40:24 GMT
Server
openresty
Connection
keep-alive
Content-Length
43
Access-Control-Allow-Methods
*
Content-Type
image/gif
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=b40e59c1-2c57-4900-8d2a-3127b054b143
49 B
49 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=b40e59c1-2c57-4900-8d2a-3127b054b143
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.212.134.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-212-134-99.eu-west-1.compute.amazonaws.com
Software
Sonobi GO /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Server
Sonobi GO
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-dub-1-6-10
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Connection
keep-alive
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
MT3 1.15.14.4 5d3cdb7 master zrh-pixel-x6
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=b40e59c1-2c57-4900-8d2a-3127b054b143
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 19 Sep 2017 14:40:22 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=1be30a61-c15d-465d-b6e5-82da40df8212&r=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dopenx%26nuid%3D
  • https://sync.go.sonobi.com/us.gif?nw=openx&nuid=fceb615a-84be-4039-ac8f-adcb7c3f5d2f
49 B
49 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=openx&nuid=fceb615a-84be-4039-ac8f-adcb7c3f5d2f
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.212.134.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-212-134-99.eu-west-1.compute.amazonaws.com
Software
Sonobi GO /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:22 GMT
Server
Sonobi GO
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-dub-1-6-10
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Connection
keep-alive
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=openx&nuid=fceb615a-84be-4039-ac8f-adcb7c3f5d2f
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
OXGW/11.117.0
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Length
0
Vary
Accept
Content-Type
image/gif
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.rhythmxchange.com/usersync2/sonobi
  • https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT
49 B
49 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.212.134.99 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-212-134-99.eu-west-1.compute.amazonaws.com
Software
Sonobi GO /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
Sonobi GO
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-dub-1-6-10
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Connection
keep-alive
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Server
nginx
ETag
OPTOUT
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=OPTOUT
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Type
text/html
Expires
0
ads
securepubads.g.doubleclick.net/gampad/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=3435998563273801&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fif&eid=108809107&sc=0&sfv=1-0-10&iu=%2F4128%2FCBS.PHILLY%2Fnews%2Farticle%2Fheader&sz=120x60&scp=pos%3D10%26loc%3Dheader%26refresh%3D0&eri=1&cust_params=tag%3Dhackershavesuccessfullyhiddenmalwareinpopularpccleanuptool%252Cpost%252Carticle%252Cnews%252Ctalkers%252Cccleaner%252Cchrismelore%252Chackers%252Cmalware%252Cfeaturedvideo&cookie_enabled=1&abxe=1&lmt=1505831868&dt=1505832023433&frm=20&biw=1585&bih=1200&oid=3&adx=0&ady=0&adk=2562216092&gut=v2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&dssz=95&icsg=34376515584&mso=512&std=0&vrg=150&vis=1&ga_vid=784117593.1505832023&ga_sid=1505832023&ga_hid=1755070634&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
5dc92d1dc9c91dfd6bce725cdf4d337ab3ecf75df58ea05da70ee04634f10e81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
6253
x-xss-protection
1; mode=block
google-lineitem-id
436875628
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138201817661
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=3435998563273801&output=json_html&callback=googletag.impl.pubads.callbackProxy2&impl=fif&eid=108809107&sc=0&sfv=1-0-10&iu=%2F4128%2FCBS.PHILLY%2Fnews%2Farticle%2Fpartner-injected&sz=1x5&scp=pos%3D30%26loc%3Dpartner-injected%26refresh%3D0%26strnativekey%3Dd3da4d50&eri=1&cust_params=tag%3Dhackershavesuccessfullyhiddenmalwareinpopularpccleanuptool%252Cpost%252Carticle%252Cnews%252Ctalkers%252Cccleaner%252Cchrismelore%252Chackers%252Cmalware%252Cfeaturedvideo&cookie_enabled=1&abxe=1&lmt=1505831868&dt=1505832023441&frm=20&biw=1585&bih=1200&oid=3&adx=633&ady=1605&adk=1509699497&gut=v2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&dssz=96&icsg=34376515584&mso=512&std=0&vrg=150&vis=1&ga_vid=784117593.1505832023&ga_sid=1505832023&ga_hid=1755070634&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
3c10d08e6f27ea56a917e165c8a86663c09cc382d4e5dd99c47c2970696ec584
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
3771
x-xss-protection
1; mode=block
google-lineitem-id
398122588
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
111138540988
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=3435998563273801&output=json_html&callback=googletag.impl.pubads.callbackProxy3&impl=fif&eid=108809107&sc=0&sfv=1-0-10&iu=%2F4128%2FCBS.PHILLY%2Fnews%2Farticle%2Fundefined&sz=88x31&scp=pos%3D70%26loc%3D%26refresh%3D0&eri=1&cust_params=tag%3Dhackershavesuccessfullyhiddenmalwareinpopularpccleanuptool%252Cpost%252Carticle%252Cnews%252Ctalkers%252Cccleaner%252Cchrismelore%252Chackers%252Cmalware%252Cfeaturedvideo&cookie_enabled=1&abxe=1&lmt=1505831868&dt=1505832023445&frm=20&biw=1585&bih=1200&oid=3&adx=0&ady=0&adk=405307911&gut=v2&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&dssz=97&icsg=34376515584&mso=512&std=0&vrg=150&vis=1&ga_vid=784117593.1505832023&ga_sid=1505832023&ga_hid=1755070634&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
e26797260ed4109f2240adc8c331e9e614b15b659cadfe4669b0ffbddfb030a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
6269
x-xss-protection
1; mode=block
google-lineitem-id
440564428
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138204132162
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=3435998563273801&output=json_html&callback=googletag.impl.pubads.callbackProxy4&impl=fif&eid=108809107&sc=0&sfv=1-0-10&iu=%2F4128%2FCBS.PHILLY%2Fnews%2Farticle%2Fadhesion&sz=300x250&scp=pos%3D31%26loc%3Dadhesion%26refresh%3D0&eri=1&cust_params=tag%3Dhackershavesuccessfullyhiddenmalwareinpopularpccleanuptool%252Cpost%252Carticle%252Cnews%252Ctalkers%252Cccleaner%252Cchrismelore%252Chackers%252Cmalware%252Cfeaturedvideo&cookie_enabled=1&abxe=1&lmt=1505831868&dt=1505832023450&frm=20&biw=1585&bih=1200&oid=3&adx=966&ady=585&adk=811693159&gut=v2&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&dssz=98&icsg=34376515584&mso=512&std=0&vrg=150&vis=1&ga_vid=784117593.1505832023&ga_sid=1505832023&ga_hid=1755070634&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
5d371c7efc035183b53407f79202e717f42f682562bb615415e5d3c757f7109d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
6316
x-xss-protection
1; mode=block
google-lineitem-id
4351794217
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138205913720
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=3435998563273801&output=json_html&callback=googletag.impl.pubads.callbackProxy5&impl=fif&eid=108809107&sc=0&sfv=1-0-10&iu=%2F4128%2FCBS.PHILLY%2Fnews%2Farticle%2Fundefined&sz=1x8&scp=pos%3D32%26loc%3D%26refresh%3D0&eri=1&cust_params=tag%3Dhackershavesuccessfullyhiddenmalwareinpopularpccleanuptool%252Cpost%252Carticle%252Cnews%252Ctalkers%252Cccleaner%252Cchrismelore%252Chackers%252Cmalware%252Cfeaturedvideo&cookie_enabled=1&abxe=1&lmt=1505831868&dt=1505832023453&frm=20&biw=1585&bih=1200&oid=3&adx=792&ady=2877&adk=4276579077&gut=v2&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&dssz=99&icsg=34376515584&mso=512&std=0&vrg=150&vis=1&ga_vid=784117593.1505832023&ga_sid=1505832023&ga_hid=1755070634&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
2c32b8cb0f5599ed3e8201f9dec8584371af008a6f91fad87dbba54f7d736617
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
3720
x-xss-protection
1; mode=block
google-lineitem-id
405816868
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138209620799
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		479 B
361 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=3435998563273801&output=json_html&callback=googletag.impl.pubads.callbackProxy6&impl=fif&eid=108809107&sc=0&sfv=1-0-10&iu=%2F4128%2FCBS.PHILLY%2Fnews%2Farticle%2Fundefined&sz=1x6&scp=pos%3D33%26loc%3D%26refresh%3D0&eri=1&cust_params=tag%3Dhackershavesuccessfullyhiddenmalwareinpopularpccleanuptool%252Cpost%252Carticle%252Cnews%252Ctalkers%252Cccleaner%252Cchrismelore%252Chackers%252Cmalware%252Cfeaturedvideo&cookie_enabled=1&abxe=1&lmt=1505831868&dt=1505832023457&frm=20&biw=1585&bih=1200&oid=3&adx=792&ady=2877&adk=2363618629&gut=v2&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&dssz=100&icsg=34376515584&mso=512&std=0&vrg=150&vis=1&ga_vid=784117593.1505832023&ga_sid=1505832023&ga_hid=1755070634&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
27b46ea060aac85e06d29dbfb378a9d2219f8710375ee7ae346c9bdb02a88977
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
343
x-xss-protection
1; mode=block
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		479 B
365 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=3435998563273801&output=json_html&callback=googletag.impl.pubads.callbackProxy7&impl=fif&eid=108809107&sc=0&sfv=1-0-10&iu=%2F4128%2FCBS.PHILLY%2Fnews%2Farticle%2Fundefined&sz=1x7&scp=pos%3D34%26loc%3D%26refresh%3D0&eri=1&cust_params=tag%3Dhackershavesuccessfullyhiddenmalwareinpopularpccleanuptool%252Cpost%252Carticle%252Cnews%252Ctalkers%252Cccleaner%252Cchrismelore%252Chackers%252Cmalware%252Cfeaturedvideo&cookie_enabled=1&abxe=1&lmt=1505831868&dt=1505832023460&frm=20&biw=1585&bih=1200&oid=3&adx=792&ady=2877&adk=1061159700&gut=v2&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&dssz=101&icsg=34376515584&mso=512&std=0&vrg=150&vis=1&ga_vid=784117593.1505832023&ga_sid=1505832023&ga_hid=1755070634&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
c7c316f00019d8113c7d552faead3a04a04a1dd95b743376b2859d2d526b7559
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
347
x-xss-protection
1; mode=block
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=3435998563273801&output=json_html&callback=googletag.impl.pubads.callbackProxy8&impl=fif&eid=108809107&sc=0&sfv=1-0-10&iu=%2F4128%2FCBS.PHILLY%2Fnews%2Farticle%2Fskin&sz=1x1&ists=1&scp=pos%3Dskin_1%26refresh%3D0&eri=1&cust_params=tag%3Dhackershavesuccessfullyhiddenmalwareinpopularpccleanuptool%252Cpost%252Carticle%252Cnews%252Ctalkers%252Cccleaner%252Cchrismelore%252Chackers%252Cmalware%252Cfeaturedvideo&cookie_enabled=1&abxe=1&lmt=1505831868&dt=1505832023465&frm=20&biw=1585&bih=1200&oid=3&adx=792&ady=2877&adk=2249832104&gut=v2&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&dssz=101&icsg=34376515584&mso=512&std=0&vrg=150&vis=1&ga_vid=784117593.1505832023&ga_sid=1505832023&ga_hid=1755070634&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
4f82d304a482f1b45e00d92e1de3768fc53bcabfa88a29b4da1360b38dbf19b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
1801
x-xss-protection
1; mode=block
google-lineitem-id
4428492688
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138204464681
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
3711097
tkx2-prod.anvato.net/rest/v2/mcp/video/ Frame 825. 		18 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://tkx2-prod.anvato.net/rest/v2/mcp/video/3711097?anvack=anvato_cbslocal_app_web_prod_547f3e49241ef0e5d30c79b2efbca5d92c698f67&rtyp=fp&X-Anvato-Adst-Auth=OE6G5uDbPyRRe9DpdUUeGefKL0jPeO1T03G1HyTzbKV34s63jilvxzfcE4TaTiv3l1kXFe7gOZebxEEfexaSEw%3D%3D
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.22.197.53 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-107-22-197-53.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a294f92a30d7ed82a2288c3d85decb868681c0e0b4d7902406ea94285b4ea647

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Date
Tue, 19 Sep 2017 14:40:23 GMT
Content-Encoding
gzip
Server
nginx
Connection
keep-alive
Content-Length
4433
Content-Type
application/x-javascript
keymaker
keymaker.go.sonobi.com/ 		0
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://keymaker.go.sonobi.com/keymaker?pageviewid=9829efc240566e&corscred=1&ver=3.11.1
Requested by
Host: mtrx.go.sonobi.com
URL: https://mtrx.go.sonobi.com/morpheus.cbslocal.3566.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.64.124 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-208-64-124.eu-west-1.compute.amazonaws.com
Software
Sonobi GO /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Content-Type
text/plain

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
X-Go-Server
xcp-dub-1-6-10
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection
keep-alive
Content-Length
0
X-Xss-Protection
0
Pragma
no-cache
Server
Sonobi GO
Cache-Control
no-cache, no-store, private, no-cache="set-cookie"
Vary
negotiate,Accept-Encoding
Content-Type
text/plain; charset=utf8
Access-Control-Allow-Origin
*
Keymaker-Error
false
Access-Control-Allow-Credentials
true
Tcn
Choice
Expires
Sat, 26 Jul 1997 05:00:00 GMT
anvtp.html
d3135glefggiep.cloudfront.net/ Frame 825. 		0
0
sprite32.png
w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/img/ Frame 825. 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/img/sprite32.png
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
205.185.208.126 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip126.ssl.hwcdn.net
Software
/
Resource Hash
eadd077e035c284bfff0ca6ed59f4f40ceea2cdf42d6d9cbe85ab6a3aadf87b0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Last-Modified
Wed, 06 Sep 2017 21:38:55 GMT
ETag
1504733935
X-HW
1505832023.dop020.fr7.t,1505832023.cds020.fr7.c
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
42036
castsprite.png
w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/img/ Frame 825. 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/img/castsprite.png
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
205.185.208.126 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip126.ssl.hwcdn.net
Software
/
Resource Hash
3018bfbafb684f6cca9b8512605bfe28e8e9facafdba948c4367c7ee090bcf33

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Wed, 06 Sep 2017 21:38:56 GMT
ETag
1504733936
X-HW
1505832024.dop017.fr7.t,1505832024.cds065.fr7.c
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
2363
48E06982FC7548FAAC2A489577880233.json
cbslocal-uploads.s3.amazonaws.com/anv-captionupl/48E/069/ Frame 825. 		734 B
734 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://cbslocal-uploads.s3.amazonaws.com/anv-captionupl/48E/069/48E06982FC7548FAAC2A489577880233.json
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
54.231.72.195 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
67d4f3f8d9c0768f77bfd0796651fa625959555dbc73074dd723651c5c0b47b0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Tue, 08 Aug 2017 13:51:30 GMT
Server
AmazonS3
x-amz-request-id
3552DC26823C87EA
ETag
"890c247cfcfe56457218b0ef1dc85092"
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods
GET, POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Max-Age
15000
Cache-Control
max-age=315360000
Accept-Ranges
bytes
Content-Length
734
x-amz-id-2
WDZGuSSFLL0TlW/PNtCbzmlHT1MT+LhEwiRHPakjWPRgZX+tS/Y6aPBUJUOtDI0Bygg3ixYuFqg=
Expires
Fri, 06 Aug 2027 06:51:29 PDT
loadingsprite.png
w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/img/ Frame 825. 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/img/loadingsprite.png
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
205.185.208.126 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip126.ssl.hwcdn.net
Software
/
Resource Hash
45a4c895b82ba3b2ddf8593ed2b43f568f6158b2667b8c6df5c194c05d9a834d

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Last-Modified
Wed, 06 Sep 2017 21:38:55 GMT
ETag
1504733935
X-HW
1505832023.dop020.fr7.t,1505832023.cds068.fr7.c
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
16096
3711097.m3u8
cbslocal-download.s3.amazonaws.com/anv-videos/variant/ Frame 825. 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://cbslocal-download.s3.amazonaws.com/anv-videos/variant/3711097.m3u8?anv_user=0423d5acc5598c092f58434a8a8031e64966&fw_ltlg=&fw_sdk_flag=%2Bslcb%2Bvicb&fw_metr=7&_dev=web&fw_did=973A2633-DA77-4E34-BABA-E66791FEDC58&fw_sdk_flag_safe=%252Bslcb%252Bvicb&id=973A2633-DA77-4E34-BABA-E66791FEDC58&_tkx_anvack=anvato_cbslocal_app_web_prod_547f3e49241ef0e5d30c79b2efbca5d92c698f67&_tkx_callsign=3711097&anvauth=tb=0~te=1505832113~sgn=e79ecd585fdb360a11113e498e2b3e65065edc56194e25648a5fd7ce929a3aae&t=1505832023
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
54.231.72.195 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
a74f3ea8ae82f41379562a8afb769cfda1cb4f450246c1e5ebafdc1ae0c14893

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Tue, 08 Aug 2017 13:53:10 GMT
Server
AmazonS3
x-amz-request-id
C713FC74E1083925
ETag
"f564b8cc07d19602d8c79d4736b940f3"
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods
GET
Content-Type
application/x-mpegURL
Access-Control-Allow-Origin
*
Access-Control-Max-Age
3000
Accept-Ranges
bytes
Content-Length
2142
x-amz-id-2
tAyHl5ogJHOnXmV1aIWuNK7punmbOIOUzuMeB5K/tjtQhgltT8Zwn6886P9F7qmgczE4o4hXLQM=
streamsense.4.1412.05.min.js
w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/lib/ Frame 825. 		28 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/lib/streamsense.4.1412.05.min.js
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
205.185.208.126 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip126.ssl.hwcdn.net
Software
/
Resource Hash
a58e3a7f70f9ff30b74124150cfdd6ecf164baffe00eea93cb1c3f26f5d058b9

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Wed, 06 Sep 2017 21:38:56 GMT
ETag
1504733936
X-HW
1505832024.dop017.fr7.t,1505832024.cds008.fr7.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
28842
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 825. 		200 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:816::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
57d9ab90395db464ed881ca21d111e1f4c628b8cd5e7c9665f9ca57b0dcb4256
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 18 Sep 2017 16:39:46 GMT
Server
sffe
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
private, max-age=900
Accept-Ranges
bytes
Content-Length
69390
X-XSS-Protection
1; mode=block
Expires
Tue, 19 Sep 2017 14:40:24 GMT
VideoHeartbeat.min.js
w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/lib/ Frame 825. 		149 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/lib/VideoHeartbeat.min.js
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
205.185.208.126 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip126.ssl.hwcdn.net
Software
/
Resource Hash
36acf72304a9bb850b5b16c25606446349be3de58666c04a405872922d1bdc79

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Wed, 06 Sep 2017 21:38:56 GMT
ETag
1504733936
X-HW
1505832024.dop006.fr7.t,1505832024.cds069.fr7.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
152960
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
truncated
/ Frame 825. 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
whiteinfo.png
w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/img/ Frame 825. 		642 B
642 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/img/whiteinfo.png
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
205.185.208.126 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip126.ssl.hwcdn.net
Software
/
Resource Hash
b782897879d54d9c5a40b46b89d67d1da224ec1bc785592e22f193738a202f2b

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Wed, 06 Sep 2017 21:38:55 GMT
ETag
1504733935
X-HW
1505832024.dop013.fr7.t,1505832024.cds024.fr7.c
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
642
cbs-article-rec.css
d1marr3m5x4iac.cloudfront.net/store/plugins/ 		947 B
366 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://d1marr3m5x4iac.cloudfront.net/store/plugins/cbs-article-rec.css
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJy1kdEOwiAMRX9Ixjajb8ZvQdYxsBQcMLO/ly0anQ9mezAhaUrvuaWF3z3TJDE1ELjJ55agH5+hMGHHfwmY1aoXEQqr6SWWjiJQ5LEDm5FBey4vgaGTAvmnU5tIRu0obCa9w7HViJtBs4rwmJSmwK1rEuaqaGY4BzbUqxzee2pBZEWPWnVxkaxe2fdrZhGzgoSCfuq0uGB50mt0/h/WgDmjOP3X2Z6qQ7k/llVVl+YBShjYvw==
Protocol
HTTP/1.1
Server
52.85.89.63 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-89-63.jfk6.r.cloudfront.net
Software
lighttpd /
Resource Hash
bb5c6b02ee0243036502f68b407956718bb6e9caa3b5d8ee1b174bb6b68b621e

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Wed, 05 Oct 2016 22:11:17 GMT
Content-Encoding
gzip
X-Cache-Lookup
HIT from static02:85
Age
10254856
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
366
Access-Control-Allow-Origin
*
Last-Modified
Wed, 05 Oct 2016 22:08:05 GMT
Server
lighttpd
Vary
Accept-Encoding
Content-Type
text/css
Via
1.0 static02:85 (squid), 1.1 0f0049492e2872b6e133c50b6cc7be4b.cloudfront.net (CloudFront)
Cache-Control
max-age=10368000
X-Amz-Cf-Id
IJsfgMwBvTziyxt0raoZe2O8zvdA5P1tmJJScakoZIoY25TGbdXN_Q==
Expires
Thu, 02 Feb 2017 22:11:17 GMT
events
services.babator.com/ 		13 B
13 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/events
Requested by
Host: cdn.babator.com
URL: https://cdn.babator.com/customers/cbs/Babator-Connector.min.js?version=5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
13212dd00db0953c536cd4b4feb15bac1bb65761d235ee0ca65bdb975be6a662

Request headers

Access-Control-Request-Method
POST
Origin
http://philadelphia.cbslocal.com
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Access-Control-Request-Headers
content-type,x-api-key,x-user-uuid

Response headers

Date
Tue, 19 Sep 2017 14:40:23 GMT
Server
nginx/1.10.1
X-Powered-By
Express
ETag
W/"d-hXhJBegAzPe2v3FerP2DCw"
Allow
POST,GET,HEAD
Access-Control-Allow-Methods
POST, PUT, DELETE
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
13
3711097.m3u8
cbslocal-download.s3.amazonaws.com/anv-videos/variant/ Frame 825. 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://cbslocal-download.s3.amazonaws.com/anv-videos/variant/3711097.m3u8?anv_user=0423d5acc5598c092f58434a8a8031e64966&fw_ltlg=&fw_sdk_flag=%2Bslcb%2Bvicb&fw_metr=7&_dev=web&fw_did=973A2633-DA77-4E34-BABA-E66791FEDC58&fw_sdk_flag_safe=%252Bslcb%252Bvicb&id=973A2633-DA77-4E34-BABA-E66791FEDC58&_tkx_anvack=anvato_cbslocal_app_web_prod_547f3e49241ef0e5d30c79b2efbca5d92c698f67&_tkx_callsign=3711097&anvauth=tb=0~te=1505832113~sgn=e79ecd585fdb360a11113e498e2b3e65065edc56194e25648a5fd7ce929a3aae&t=1505832023
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
54.231.72.195 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
a74f3ea8ae82f41379562a8afb769cfda1cb4f450246c1e5ebafdc1ae0c14893

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Tue, 08 Aug 2017 13:53:10 GMT
Server
AmazonS3
x-amz-request-id
370DBA82CE87E9F6
ETag
"f564b8cc07d19602d8c79d4736b940f3"
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods
GET
Content-Type
application/x-mpegURL
Access-Control-Allow-Origin
*
Access-Control-Max-Age
3000
Accept-Ranges
bytes
Content-Length
2142
x-amz-id-2
Iz3jTqTTPOGKIiAX1sO+QmZC+/0ehwlpMdqDuX5Sb1hrsMNQsAsLG3pleVUff78E8vTS/0n8OAM=
truncated
/ 		184 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
46f2146f11986c2e812380e113d75b65fcf506174e59490fb2963da4727a4734

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
px.js
p.cpx.to/p/11847/ 		994 B
994 B 		Script
General
Check archive.org
Download Go to
Full URL
https://p.cpx.to/p/11847/px.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.93.72 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-93-72.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f4224cd383f9d61f584f2afe33b36fcbe2b3f1338ab9e3582c38f86f91992c4e

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 14 Feb 2017 15:00:39 GMT
Content-Encoding
UTF-8
Last-Modified
Tue, 14 Feb 2017 14:53:37 GMT
Server
AmazonS3
Age
2437971
ETag
"7686f370fba5f09323123e480b24f70e"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 a1bc06b7f7932216e8d406a348288eac.cloudfront.net (CloudFront)
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
994
X-Amz-Cf-Id
9dHJG77VZSe74xOZauMw1xpsdsvMcAEIhDOug3HCdSWgvicqA9-nUg==
05706c48-bf0c-4947-a5c9-a6b7b2cfa268
philadelphia_cbslocal.us.intellitxt.com/log/0/hl/26708/intext/335a7793-0b53-4474-a9cf-30d875029f22%2C3e98e8c8-77c6-4b71-b72b-3208b45cf540%2C2056c904-8590-47a7-807b-dcf5d7028519%2Cfb6c6604-cc33-4113... 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://philadelphia_cbslocal.us.intellitxt.com/log/0/hl/26708/intext/335a7793-0b53-4474-a9cf-30d875029f22%2C3e98e8c8-77c6-4b71-b72b-3208b45cf540%2C2056c904-8590-47a7-807b-dcf5d7028519%2Cfb6c6604-cc33-4113-94e0-a90c9fb7ee64/cc9b8b88a660ba6a52e89f61d35e47d83dae5927/05706c48-bf0c-4947-a5c9-a6b7b2cfa268
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
31.24.80.101 , United Kingdom, ASN56464 (VIBRANT-EU, GB),
Reverse DNS
Software
nginx / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
ETag
W/"a-b541a50d"
Server
nginx
X-Powered-By
Express
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Expires
0
m_window_focus_non_hydra.js
tpc.googlesyndication.com/pagead/js/r20170913/r20110914/client/ext/ Frame 825. 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20170913/r20110914/client/ext/m_window_focus_non_hydra.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
4dc10d61a7d456c118c0b7751423253badbc69c55dce398b5224933b9f96bed6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Wed, 13 Sep 2017 23:59:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
484830
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
1214
x-xss-protection
1; mode=block
server
cafe
etag
2062743375355407424
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Sep 2017 23:59:54 GMT
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20170913/r20110914/activeview/ Frame 825. 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20170913/r20110914/activeview/osd_listener.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
4c2388ac6a4eaada86eb12a6cf7152f661a40c7357ec6abcef4ab11abbb7be31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Wed, 13 Sep 2017 23:59:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
484830
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
10744
x-xss-protection
1; mode=block
server
cafe
etag
7344886307660329505
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Sep 2017 23:59:54 GMT
l
www.google.com/ads/measurement/ Frame 825. 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.google.com/ads/measurement/l?ebcid=ALh7CaRoz2FztQKU1z6na8H5NQfFA50FLUA3aaWt123NCzniFdD1EWv-sLY0vNCF4URa1E2VTrzDprMpfPnsemszBLZPFnfrJw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
HTTP/1.1
Server
2a00:1450:401b:801::2004 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
jumble_frontend_server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

X-XSS-Protection
1; mode=block
Date
Tue, 19 Sep 2017 14:40:24 GMT
X-Content-Type-Options
nosniff
Server
jumble_frontend_server
Content-Length
0
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
moatad.js
z.moatads.com/cbslocal166502539715/ Frame 825. 		217 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbslocal166502539715/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8efae33edaa72eb2105babb6e71dd6c517b3bcf942b7137916fa1896aa38c5aa

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 Aug 2017 18:39:13 GMT
Server
AmazonS3
x-amz-request-id
1C9DDDCC4FF480FF
ETag
"bac320ceabae59ebca0aaafed7442ab8"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=41571
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
69487
x-amz-id-2
h+RpT7S+N86UbLK5Ge2NQeTcvdeEvLr2NX5eOoPOnx7tMxWBUD+vS6/cUsoaeXuWnAR3txdADmM=
16294041912681934503
tpc.googlesyndication.com/simgad/ Frame 825. 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/16294041912681934503
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
74233cf6804cf1d4b0a6b4fdfe4603da8f29c1f938c0c8dda1f849cff4a81c40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Mon, 18 Sep 2017 10:41:45 GMT
x-content-type-options
nosniff
last-modified
Wed, 07 Jun 2017 20:00:52 GMT
server
sffe
age
100719
status
200
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
3867
x-xss-protection
1; mode=block
expires
Tue, 18 Sep 2018 10:41:45 GMT
osd.js
pagead2.googlesyndication.com/pagead/ 		76 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://pagead2.googlesyndication.com/pagead/osd.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:81e::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
d90ac6f212959c9cc3d6a339fd6a97b91bc71bb5ee2d61ec707bdd874d306cff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 13:51:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
cafe
Age
2948
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
ETag
15523572733375803017
Content-Type
text/javascript; charset=UTF-8
Cache-Control
public, max-age=3600
Content-Disposition
attachment; filename="f.txt"
Timing-Allow-Origin
*
Content-Length
28644
X-XSS-Protection
1; mode=block
Expires
Tue, 19 Sep 2017 14:51:16 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 825. 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssrkaaq-oQS7NB2mNYi_NtRkLuVxNlO1l-UJ5e9K6dq8lIp1Pui_9WCvjCi1fldl0z3N2KD4wkCuLiWsXaV0-Hzw2pydjBMB6pTKZ9owhqIhLBb38lDENwQFfyPOBaVVAiQ-1OqseFwmRd908-ggczOysil_yCMt4O-pO7Oo1-jYTmz1Ul583Hj7nN3MMFNGJH8-8Ny8fpFi3xUsfioghbQP13BeAW4p6MKIJWZTju_BqNhDKx2w-75TEku7Lt1r-Ep1i_TdED3o0ZBaoRFbA&sig=Cg0ArKJSzFiS0D4ALh2PEAE&adurl=
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Sep 2017 14:40:24 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
0
x-xss-protection
1; mode=block
200
philadelphia_cbslocal.us.intellitxt.com/log/0/hdrb/26708/05706c48-bf0c-4947-a5c9-a6b7b2cfa268/criteo/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://philadelphia_cbslocal.us.intellitxt.com/log/0/hdrb/26708/05706c48-bf0c-4947-a5c9-a6b7b2cfa268/criteo/200
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
31.24.80.101 , United Kingdom, ASN56464 (VIBRANT-EU, GB),
Reverse DNS
Software
nginx / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
ETag
W/"a-b541a50d"
Server
nginx
X-Powered-By
Express
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Expires
0
sfp-iframe-buster.js
native.sharethrough.com/assets/ Frame 825. 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://native.sharethrough.com/assets/sfp-iframe-buster.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
HTTP/1.1
Server
52.84.26.47 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-84-26-47.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d3c2a992dfe77b415b64cf341febfab3b20a1f1dd440ff7daca9171dbcbce466

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Mon, 18 Sep 2017 19:51:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 Sep 2017 19:51:57 GMT
Server
AmazonS3
Age
2906
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 7fa7088cca668218fbd8b325f55fba9b.cloudfront.net (CloudFront)
Cache-Control
public, max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
90xr_AO68J8JQVO-pnz0AwrqOVH7ilJ2FLiT9RNlvWxugNYDBvNByg==
Expires
Mon, 18 Sep 2017 20:51:55 GMT
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20170913/r20110914/activeview/ Frame 825. 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20170913/r20110914/activeview/osd_listener.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
4c2388ac6a4eaada86eb12a6cf7152f661a40c7357ec6abcef4ab11abbb7be31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Wed, 13 Sep 2017 23:59:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
484830
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
10744
x-xss-protection
1; mode=block
server
cafe
etag
7344886307660329505
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Sep 2017 23:59:54 GMT
moatad.js
z.moatads.com/cbslocal166502539715/ Frame 825. 		217 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbslocal166502539715/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8efae33edaa72eb2105babb6e71dd6c517b3bcf942b7137916fa1896aa38c5aa

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 Aug 2017 18:39:13 GMT
Server
AmazonS3
x-amz-request-id
1C9DDDCC4FF480FF
ETag
"bac320ceabae59ebca0aaafed7442ab8"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=41571
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
69487
x-amz-id-2
h+RpT7S+N86UbLK5Ge2NQeTcvdeEvLr2NX5eOoPOnx7tMxWBUD+vS6/cUsoaeXuWnAR3txdADmM=
view
securepubads.g.doubleclick.net/pcs/ Frame 825. 		0
0
events
services.babator.com/ 		191 B
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/events
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
508676ec97ad501029e1e6ccbc60d712b3b64ab8991e5d12abfee5022ff33e9b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
x-user-uuid
777c7220-9d48-11e7-9327-47290f0c4e1a
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
x-api-key
b7508330-5368-11e6-b9b6-b5368b08d969
Content-Type
application/json

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx/1.10.1
X-Powered-By
Express
Access-Control-Allow-Methods
POST, PUT, DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
170
ETag
W/"bf-4UqJuSsDKweqqKmg14aHIw"
m_window_focus_non_hydra.js
tpc.googlesyndication.com/pagead/js/r20170913/r20110914/client/ext/ Frame 825. 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20170913/r20110914/client/ext/m_window_focus_non_hydra.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
4dc10d61a7d456c118c0b7751423253badbc69c55dce398b5224933b9f96bed6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Wed, 13 Sep 2017 23:59:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
484830
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
1214
x-xss-protection
1; mode=block
server
cafe
etag
2062743375355407424
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Sep 2017 23:59:54 GMT
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20170913/r20110914/activeview/ Frame 825. 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20170913/r20110914/activeview/osd_listener.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
4c2388ac6a4eaada86eb12a6cf7152f661a40c7357ec6abcef4ab11abbb7be31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Wed, 13 Sep 2017 23:59:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
484830
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
10744
x-xss-protection
1; mode=block
server
cafe
etag
7344886307660329505
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Sep 2017 23:59:54 GMT
l
www.google.com/ads/measurement/ Frame 825. 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.google.com/ads/measurement/l?ebcid=ALh7CaSGIrdh1AGXqHIyOxJZEE8417isKSO_Y_I8v5L6okUabaWYDFkrnzYczeoPrm0dD18Nn65pqv7kDjH6ySfjX-JTQhwM-A
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
HTTP/1.1
Server
2a00:1450:401b:801::2004 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
jumble_frontend_server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

X-XSS-Protection
1; mode=block
Date
Tue, 19 Sep 2017 14:40:24 GMT
X-Content-Type-Options
nosniff
Server
jumble_frontend_server
Content-Length
0
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
moatad.js
z.moatads.com/cbslocal166502539715/ Frame 825. 		217 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbslocal166502539715/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8efae33edaa72eb2105babb6e71dd6c517b3bcf942b7137916fa1896aa38c5aa

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 Aug 2017 18:39:13 GMT
Server
AmazonS3
x-amz-request-id
1C9DDDCC4FF480FF
ETag
"bac320ceabae59ebca0aaafed7442ab8"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=41571
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
69487
x-amz-id-2
h+RpT7S+N86UbLK5Ge2NQeTcvdeEvLr2NX5eOoPOnx7tMxWBUD+vS6/cUsoaeXuWnAR3txdADmM=
2234399157114648267
tpc.googlesyndication.com/simgad/ Frame 825. 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2234399157114648267
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
2ae27e72ed08b5b603a98339e6e7f05b0f85c8076112cdba799f1a8b5ae2b093
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Sat, 16 Sep 2017 14:45:47 GMT
x-content-type-options
nosniff
last-modified
Wed, 21 Jun 2017 20:48:26 GMT
server
sffe
age
258877
status
200
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
3330
x-xss-protection
1; mode=block
expires
Sun, 16 Sep 2018 14:45:47 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 825. 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss6LSrJsM1hz6ePasSXi4TdZfTLl-6ScTsowWonhPaDkedy8RcqcejYyCCVAOcXApEtKWCF-BpXMCuuf166xR4dwG9T7ZGTOsyOtGvrgCkm1u1fW_klAHidRW7pr6JYo1R75y8tZJwny4-9DWoS9iSed3yijLewTwQvYHvOhxbMZvzJol9M0z5FLhK7PoRbP1_9BbDPvduM32B3nXf4TYGv3xMuvRUglU_0xGFAr_Nk24h1t4nVMrm-y2CW9_DAOTF8SDH9hWWScrPv4sWmBXiHmA&sig=Cg0ArKJSzEZmI5GhpX4CEAE&adurl=
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Sep 2017 14:40:24 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
0
x-xss-protection
1; mode=block
truncated
/ Frame 825. 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fd56267fab926cfd2d573a6d0ced044e69390709b814b82d6b01a5cd5bad9b8b

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=34&ud=false&ue=false&uu=false&qa=1600&qb=1200&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qi=1600&qj=1200&ql=&qo=0&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&i=CBSLOCAL1&hp=1&zMoatPS=header&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222415708&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&bq=0&f=0&j=&o=3&t=1505832024067&de=628471575348&m=0&ar=44605d6-clean&q=1&cb=0&cu=1505832024067&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=147452668%3A489132028%3A436875628%3A138201817661&qs=1&zMoatNonPlayer=true&bo=24653668&bp=222415708&bd=header&dfp=0%2C1&la=222415708&gw=cbslocal166502539715&fd=1&ac=1&it=500&fs=122435&na=1541187828&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
truncated
/ Frame 825. 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c3489947fc90b32f27b9c45c2b45c4d77fffdee11c1217326e3434c65189c5e6

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ Frame 825. 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b6f5a5ca7a0aec1132a68f63759c0077a9f7957bd4265ae7ba5e750e54d70502

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
tag
a.teads.tv/page/12955/ Frame 825. 		2 KB
849 B 		Script
General
Check archive.org
Download Go to
Full URL
http://a.teads.tv/page/12955/tag
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
HTTP/1.1
Server
52.51.73.34 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-51-73-34.eu-west-1.compute.amazonaws.com
Software
teads-ssp /
Resource Hash
a5cfcce5e0edfea1fde9a3beed87a26838aa089aeb567043ec0628dbf86c74ef

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
Server
teads-ssp
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
849
Expires
0
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20170913/r20110914/activeview/ Frame 825. 		27 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20170913/r20110914/activeview/osd_listener.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
4c2388ac6a4eaada86eb12a6cf7152f661a40c7357ec6abcef4ab11abbb7be31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Response headers

date
Wed, 13 Sep 2017 23:59:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
484830
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
10744
x-xss-protection
1; mode=block
server
cafe
etag
7344886307660329505
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Sep 2017 23:59:54 GMT
moatad.js
z.moatads.com/cbslocal166502539715/ Frame 825. 		217 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbslocal166502539715/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8efae33edaa72eb2105babb6e71dd6c517b3bcf942b7137916fa1896aa38c5aa

Request headers

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 Aug 2017 18:39:13 GMT
Server
AmazonS3
x-amz-request-id
1C9DDDCC4FF480FF
ETag
"bac320ceabae59ebca0aaafed7442ab8"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=41571
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
69487
x-amz-id-2
h+RpT7S+N86UbLK5Ge2NQeTcvdeEvLr2NX5eOoPOnx7tMxWBUD+vS6/cUsoaeXuWnAR3txdADmM=
truncated
/ Frame 825. 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3745e4e7777dccf20f02466c3f449faa99ce1b6141a23a8a69cd263097dd8b11

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 825. 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu8nsSwz26NxpTMLNCMwbW2a1Y59ibmduzOJOxdhLXq4HjnsWRjCsxedow381OkWAY_8Yd7f-osQJKtnigdu_nYUA5hZTPB1DjOmH-mG_3uu24-m69TFcvRD6a5e9jKU3EqDt3KfhkifKiXXWzGafLclBE-jioNKp7nx_pL0yX2_LOB6HZd7TH5RIMHh1cDfQ71e3WQqbT0UtYIDL6h_6V1AbrFCM1_gLFVCfZv8UNvoJYGOysWHYOZEeBSVXiCu34qNDf7BgGR37ZYB4s1lR0QAjfZ&sig=Cg0ArKJSzOBwdeuMDjkiEAE&urlfix=1&adurl=
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Sep 2017 14:40:24 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
0
x-xss-protection
1; mode=block
3711097_31E95F124AC149B9A0F9A09DF259B5F9_170808_3711097_Hackers_Release_More_HBO_Files__Demand_Ransom_400.m3u8
vodtv.cbslocal.com.edgesuite.net/lax/705/17/08/08/3711097/ Frame 825. 		280 B
280 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://vodtv.cbslocal.com.edgesuite.net/lax/705/17/08/08/3711097/3711097_31E95F124AC149B9A0F9A09DF259B5F9_170808_3711097_Hackers_Release_More_HBO_Files__Demand_Ransom_400.m3u8
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
2a02:26f0:78::5f64:f863 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9c4ca60bc3bb40e5341bb85fccc8e7e82bf7897beaf07d7a18d4252b22e6d435

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Tue, 08 Aug 2017 13:52:51 GMT
Server
AkamaiNetStorage
ETag
"1ccb5e958d3f4c76f3938c1788536e58:1502200371.120514"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
audio/x-mpegurl
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
280
public.json
platform-cdn.sharethrough.com/api/external/v1/placements/d3da4d50/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://platform-cdn.sharethrough.com/api/external/v1/placements/d3da4d50/public.json
Requested by
Host: native.sharethrough.com
URL: http://native.sharethrough.com/assets/tag.js
Protocol
HTTP/1.1
Server
52.84.26.155 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-84-26-155.ewr50.r.cloudfront.net
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
727480010e3bafc0a9a6aaf3492b76f4c3f5f5277792c0a7d51bf8257ad449bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:28:55 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
User-Cache-Control
no-cache, must-revalidate
Age
689
X-Cache
Hit from cloudfront
Status
200 OK
Connection
keep-alive
Content-Length
1915
X-XSS-Protection
1; mode=block
X-Request-Id
b5991c6b-c3eb-40c7-b559-895dfc92f6ec
X-Runtime
0.018646
Access-Control-Allow-Origin
*
User-Header
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Server
nginx/1.4.6 (Ubuntu)
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET
Content-Type
application/json; charset=utf-8
Via
1.1 cf50699455d063ab813aee70063811cf.cloudfront.net (CloudFront)
Cache-Control
max-age=900, public
X-Amz-Cf-Id
2QA3U3TG0UrsfPZjgmlPcVWpzOpT9KRQWRoReZTyDgIgUh-bBZ2Quw==
truncated
/ Frame 825. 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb712771499c57cadd6e394f2c292ce5a9b9aff237baffe130a60217be8c20ca

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
1x1image.jpg
s1.2mdn.net/viewad/3409133/
Redirect Chain
  • https://ad.doubleclick.net/ddm/ad/N7196.1139838.CBSPHILLY.COM/B10891752.145450728;sz=1x1;ord=816895268;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=?
  • https://ad.doubleclick.net/ddm/ad/N7196.1139838.CBSPHILLY.COM/B10891752.145450728;dc_pre=CNCWmre9sdYCFYQSGwodJNkFYw;sz=1x1;ord=816895268;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=?
  • https://s1.2mdn.net/viewad/3409133/1x1image.jpg
8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.2mdn.net/viewad/3409133/1x1image.jpg
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:816::2006 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
b1425e0c189dba2306bb19b416a50e4f5477d918307760ad32461a0e874ac044
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 04:29:16 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Feb 2013 23:39:53 GMT
server
sffe
age
36668
status
200
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
7870
x-xss-protection
1; mode=block
expires
Wed, 20 Sep 2017 04:29:16 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Sep 2017 14:40:24 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
content-type
text/html; charset=UTF-8
location
https://s1.2mdn.net/viewad/3409133/1x1image.jpg
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
imgad
tpc.googlesyndication.com/pagead/
Redirect Chain
  • https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstKcn1F4w4Yt7dAR9fPifRcXWhJIKdrUv-DF-PQqp-zxYuIISJxqL2g_BuA7Ef4bv7XABYw5NlpAgrmWpq53RIAhYwjbM3QY-tFMLNXLZuKJHEcQHzI3NS2CL5jkcHm87fjS1gY6uY9k...
  • https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKCrgLdZEAEYATII_x-mCKxcFhQ
80 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKCrgLdZEAEYATII_x-mCKxcFhQ
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
3ebf690d45694c4f61fc88cc3cdb795519db89618fb7c6ef1545d8f430485d18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 04:34:30 GMT
x-content-type-options
nosniff
server
cafe
age
36354
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/jpeg
status
200
cache-control
public, max-age=604800
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
82192
x-xss-protection
1; mode=block
expires
Tue, 26 Sep 2017 04:34:30 GMT

Redirect headers

timing-allow-origin
*
date
Tue, 19 Sep 2017 14:40:24 GMT
x-content-type-options
nosniff
server
cafe
status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKCrgLdZEAEYATII_x-mCKxcFhQ
cache-control
private
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
0
x-xss-protection
1; mode=block
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSLOCAL1&hp=1&zMoatPS=header&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222415708&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&bq=0&f=0&j=&o=3&t=1505832024067&de=628471575348&m=0&ar=44605d6-clean&q=2&cb=0&cu=1505832024067&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=147452668%3A489132028%3A436875628%3A138201817661&qs=1&zMoatNonPlayer=true&bo=24653668&bp=222415708&bd=header&dfp=0%2C1&la=222415708&gw=cbslocal166502539715&fd=1&ac=1&it=500&fs=122435&na=434133020&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
m_window_focus_non_hydra.js
tpc.googlesyndication.com/pagead/js/r20170913/r20110914/client/ext/ Frame 825. 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20170913/r20110914/client/ext/m_window_focus_non_hydra.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
4dc10d61a7d456c118c0b7751423253badbc69c55dce398b5224933b9f96bed6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Response headers

date
Wed, 13 Sep 2017 23:59:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
484830
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
1214
x-xss-protection
1; mode=block
server
cafe
etag
2062743375355407424
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Sep 2017 23:59:54 GMT
osd_listener.js
tpc.googlesyndication.com/pagead/js/r20170913/r20110914/activeview/ Frame 825. 		27 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20170913/r20110914/activeview/osd_listener.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
4c2388ac6a4eaada86eb12a6cf7152f661a40c7357ec6abcef4ab11abbb7be31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Response headers

date
Wed, 13 Sep 2017 23:59:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
484830
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
10744
x-xss-protection
1; mode=block
server
cafe
etag
7344886307660329505
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 27 Sep 2017 23:59:54 GMT
moatad.js
z.moatads.com/cbslocal166502539715/ Frame 825. 		217 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/cbslocal166502539715/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8efae33edaa72eb2105babb6e71dd6c517b3bcf942b7137916fa1896aa38c5aa

Request headers

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 Aug 2017 18:39:13 GMT
Server
AmazonS3
x-amz-request-id
1C9DDDCC4FF480FF
ETag
"bac320ceabae59ebca0aaafed7442ab8"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=41571
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
69487
x-amz-id-2
h+RpT7S+N86UbLK5Ge2NQeTcvdeEvLr2NX5eOoPOnx7tMxWBUD+vS6/cUsoaeXuWnAR3txdADmM=
truncated
/ Frame 825. 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
51c4be3b629a685f298e9fa0bb5c7c92bf197db2818325b26acc34918004d9c4

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 825. 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvkwZf8_uKhj8KOsVHdyQv_Bk_jlSEaMBIhsI0YdgzplNoqrOjzn3KclnRI98docE-XzWaSpTLgw9tQpLXHt3NcfRD40i0yFhdRESCGRLG_ymTpuC5cgtQ1gyDf51R_Y2tR4witjMya2khN-7nEabh-Ih-zCWAIT3amJQ9DnytDF5p8qeFvuHTLcFyGSmxHk8SSY28lT1ZGh0_XbUD8VBmAD1fIonoK92j5gFQ8tQZuwo0AU4u3d0QWTVaJsdLS50uqWTqeEXn3fYMcQ-35BGM0kwcI&sig=Cg0ArKJSzM6pvwQlXz6FEAE&adurl=
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Sep 2017 14:40:24 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
0
x-xss-protection
1; mode=block
3081149488413533531
tpc.googlesyndication.com/simgad/ Frame 825. 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/3081149488413533531
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
7fc3865699520a9bdb77f8f0424132f677011e8b814046078822b634db28ed2b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 04:42:26 GMT
x-content-type-options
nosniff
last-modified
Mon, 10 Jul 2017 21:09:38 GMT
server
sffe
age
35878
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
20026
x-xss-protection
1; mode=block
expires
Wed, 19 Sep 2018 04:42:26 GMT
l
www.google.com/ads/measurement/ Frame 825. 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.google.com/ads/measurement/l?ebcid=ALh7CaSuKNpHKWFEMUm6FzsdOLGszhmMpoUg2MfbI7nS15-th_A32fDP9tTOGJ_KK8AgjF7x-8eqP_MFlEj7lJttLLGnFuJbpg
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
2a00:1450:401b:801::2004 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
jumble_frontend_server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

X-XSS-Protection
1; mode=block
Date
Tue, 19 Sep 2017 14:40:24 GMT
X-Content-Type-Options
nosniff
Server
jumble_frontend_server
Content-Length
0
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
teads-format.min.js
cdn.teads.tv/media/format/v3/ 		616 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://cdn.teads.tv/media/format/v3/teads-format.min.js
Requested by
Host: a.teads.tv
URL: http://a.teads.tv/page/12955/tag
Protocol
HTTP/1.1
Server
23.53.174.233 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-174-233.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
3355c923370ecc8ee9058b750ab449bf53bd0ce1a969650c6806dc17cada5e22

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
Last-Modified
Tue, 19 Sep 2017 12:37:47 GMT
Server
AmazonS3
x-amz-request-id
AAAF98BA7DBF162C
ETag
"b0898a14178d9e8efd930dcad426f8fc"
Vary
Accept-Encoding
Content-Type
text/javascript;charset=utf-8
Cache-Control
max-age=267
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
147236
x-amz-id-2
SHXkcZqfyrnW9teHglJguv1p/Hr3yzQyRvgb/TjCsrmrf8GZsqYCx1sUb6JWcWBQFvkuxobkDnA=
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=34&ud=false&ue=false&uu=false&qa=1600&qb=1200&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qi=1600&qj=1200&ql=&qo=0&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&i=CBSLOCAL1&hp=1&zMoatPS=Position%20Not%20Identified&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222164788&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&bq=0&f=0&j=&o=3&t=1505832024122&de=689640579158&m=0&ar=44605d6-clean&q=4&cb=0&cu=1505832024122&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=148848988%3A492008428%3A440564428%3A138204132162&qs=1&zMoatNonPlayer=true&bo=24653668&bp=222164788&bd=Position%20Not%20Identified&dfp=0%2C1&la=222164788&gw=cbslocal166502539715&fd=1&ac=1&it=500&fs=122435&na=1300764688&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
3711097_31E95F124AC149B9A0F9A09DF259B5F9_170808_3711097_Hackers_Release_More_HBO_Files__Demand_Ransom_400.m3u8
vodtv.cbslocal.com.edgesuite.net/lax/705/17/08/08/3711097/ Frame 825. 		280 B
280 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://vodtv.cbslocal.com.edgesuite.net/lax/705/17/08/08/3711097/3711097_31E95F124AC149B9A0F9A09DF259B5F9_170808_3711097_Hackers_Release_More_HBO_Files__Demand_Ransom_400.m3u8
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
2a02:26f0:78::5f64:f863 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9c4ca60bc3bb40e5341bb85fccc8e7e82bf7897beaf07d7a18d4252b22e6d435

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Tue, 08 Aug 2017 13:52:51 GMT
Server
AkamaiNetStorage
ETag
"1ccb5e958d3f4c76f3938c1788536e58:1502200371.120514"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
audio/x-mpegurl
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
280
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSLOCAL1&hp=1&zMoatPS=Position%20Not%20Identified&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222164788&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&bq=0&f=0&j=&o=3&t=1505832024122&de=689640579158&m=0&ar=44605d6-clean&q=5&cb=0&cu=1505832024122&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=148848988%3A492008428%3A440564428%3A138204132162&qs=1&zMoatNonPlayer=true&bo=24653668&bp=222164788&bd=Position%20Not%20Identified&dfp=0%2C1&la=222164788&gw=cbslocal166502539715&fd=1&ac=1&it=500&fs=122435&na=686971526&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
939B8D9CE2039E268D9C5E8624AC018CDC9FF33344A84A-1.ts
vodtv.cbslocal.com.edgesuite.net/lax/705/17/08/08/3711097/ Frame 825. 		621 KB
621 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://vodtv.cbslocal.com.edgesuite.net/lax/705/17/08/08/3711097/939B8D9CE2039E268D9C5E8624AC018CDC9FF33344A84A-1.ts
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
2a02:26f0:78::5f64:f863 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
aa60d90b04ace5c2abf0333ccb4f5b084ffa61d743e677ee15c8df9e2663a0de

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Tue, 08 Aug 2017 13:52:49 GMT
Server
AkamaiNetStorage
ETag
"e4f259bdd0329828da379bbfb1edca9c:1502200369.972039"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
636004
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=34&ud=false&ue=false&uu=false&qa=1600&qb=1200&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qi=1600&qj=1200&ql=&qo=0&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&i=CBSLOCAL1&hp=1&zMoatPS=partner-injected&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222416668&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&bq=0&f=0&j=&o=3&t=1505832024140&de=632086691115&m=0&ar=44605d6-clean&q=7&cb=0&cu=1505832024140&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=136557148%3A455318908%3A398122588%3A111138540988&qs=1&zMoatNonPlayer=true&bo=24653668&bp=222416668&bd=partner-injected&dfp=0%2C1&la=222416668&gw=cbslocal166502539715&fd=1&ac=1&it=500&fs=122435&na=1929550749&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
ca.png
s.cpx.to/
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fca.png%3Fpid%3D11847%26ref%3D%26hn_ver%3D5%26fid%3D1ad47ad0-dea2-46d9-9ed3-7c04e0796649%26adnxs_uid%3D%24UID
  • https://s.cpx.to/ca.png?pid=11847&ref=&hn_ver=5&fid=1ad47ad0-dea2-46d9-9ed3-7c04e0796649&adnxs_uid=5160562550509235139
95 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/ca.png?pid=11847&ref=&hn_ver=5&fid=1ad47ad0-dea2-46d9-9ed3-7c04e0796649&adnxs_uid=5160562550509235139
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.96.211 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-208-96-211.eu-west-1.compute.amazonaws.com
Software
akka-http/2.4.17 /
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Server
akka-http/2.4.17
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Connection
keep-alive
Content-Type
image/png
Content-Length
95
Expires
Tue, 19 Sep 2017 14:40:24 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Sep 2017 14:40:26 GMT
x-proxy-origin
148.251.45.254; 148.251.45.254; 301.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.140:80
an-x-request-uuid
224833d4-4098-47a9-a5e6-58ca6ecf2beb
server
nginx/1.13.4
status
302
p3p
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://s.cpx.to/ca.png?pid=11847&ref=&hn_ver=5&fid=1ad47ad0-dea2-46d9-9ed3-7c04e0796649&adnxs_uid=5160562550509235139
cache-control
no-store, no-cache, private
content-type
text/html; charset=utf-8
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
ca.png
s.cpx.to/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&pid=11847&ref=&hn_ver=5&fid=1ad47ad0-dea2-46d9-9ed3-7c04e0796649
  • https://s.cpx.to/ca.png?pid=11847&ref=&hn_ver=5&fid=1ad47ad0-dea2-46d9-9ed3-7c04e0796649&google_gid=CAESEFLNWCfLu53iUf8I2bWVyjA&google_cver=1
95 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/ca.png?pid=11847&ref=&hn_ver=5&fid=1ad47ad0-dea2-46d9-9ed3-7c04e0796649&google_gid=CAESEFLNWCfLu53iUf8I2bWVyjA&google_cver=1
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.66.100 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-48-66-100.eu-west-1.compute.amazonaws.com
Software
akka-http/2.4.17 /
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Server
akka-http/2.4.17
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Connection
keep-alive
Content-Type
image/png
Content-Length
95
Expires
Tue, 19 Sep 2017 14:40:24 GMT

Redirect headers

pragma
no-cache
date
Tue, 19 Sep 2017 14:40:24 GMT
server
HTTP server (unknown)
status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://s.cpx.to/ca.png?pid=11847&ref=&hn_ver=5&fid=1ad47ad0-dea2-46d9-9ed3-7c04e0796649&google_gid=CAESEFLNWCfLu53iUf8I2bWVyjA&google_cver=1
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"
content-length
358
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
redirect
sync.teads.tv/iframe/ Frame 825.
Redirect Chain
  • http://sync.teads.tv/iframe?pid=33484&userId=6eab444a-9673-463a-8810-f0e262ae58e1&1505832024483
  • http://sync.teads.tv/iframe/redirect
0
0
ad
a.teads.tv/page/12955/ 		98 B
104 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://a.teads.tv/page/12955/ad?windowWidth=1600&windowHeight=1200&windowDepth=1&windowReferrerUrl=&page=%7B%22id%22%3A12955%2C%22placements%22%3A%5B%7B%22id%22%3A33484%2C%22validity%22%3A%7B%22status%22%3Atrue%2C%22reasons%22%3A%5B%5D%7D%2C%22player%22%3A%7B%22width%22%3A555%2C%22height%22%3A312%7D%2C%22slotType%22%3A%22native%22%7D%5D%7D&userId=6eab444a-9673-463a-8810-f0e262ae58e1&auctid=7ce447b1-1064-4296-9dcc-415e9a95399d&formatVersion=2.16.58&env=js-web
Requested by
Host: cdn.teads.tv
URL: http://cdn.teads.tv/media/format/v3/teads-format.min.js
Protocol
HTTP/1.1
Server
52.51.73.34 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-51-73-34.eu-west-1.compute.amazonaws.com
Software
teads-ssp /
Resource Hash
2465f67342841d5db9f96c3ec1d4428c00e6d62c10424d6f9262403d599e9e92

Request headers

Accept
application/json; charset=UTF-8
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
Server
teads-ssp
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Cache-Control
no-cache, must-revalidate, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
104
Expires
0
track
t.teads.tv/ 		23 B
23 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://t.teads.tv/track?action=placementCall&pageId=12955&pid=33484&gid=&slot=native&env=js-web&ts=1505832024477&auctid=7ce447b1-1064-4296-9dcc-415e9a95399d
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.208.229.32 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-208-229-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Expires
Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
23
Content-Type
image/gif
track
t.teads.tv/ 		23 B
23 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://t.teads.tv/track?action=slotAvailable&pageId=12955&pid=33484&gid=&slot=native&env=js-web&ts=1505832024477&auctid=7ce447b1-1064-4296-9dcc-415e9a95399d
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.208.229.32 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-208-229-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Expires
Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
23
Content-Type
image/gif
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSLOCAL1&hp=1&zMoatPS=partner-injected&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222416668&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&bq=0&f=0&j=&o=3&t=1505832024140&de=632086691115&m=0&ar=44605d6-clean&q=8&cb=0&cu=1505832024140&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=136557148%3A455318908%3A398122588%3A111138540988&qs=1&zMoatNonPlayer=true&bo=24653668&bp=222416668&bd=partner-injected&dfp=0%2C1&la=222416668&gw=cbslocal166502539715&fd=1&ac=1&it=500&fs=122435&na=150369717&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
gpt.js
www.googletagservices.com/tag/js/ Frame 825. 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: a.teads.tv
URL: http://a.teads.tv/page/12955/tag
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
2b750170407fa58eb36575284c2d88754ee8c0ba862777156aca1a6b0fbeb561
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1505759559734937"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="39,38,37,35",quic=":443"; ma=2592000; v="39,38,37,35"
content-length
4004
x-xss-protection
1; mode=block
expires
Tue, 19 Sep 2017 14:40:24 GMT
track
t.teads.tv/ 		23 B
23 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://t.teads.tv/track?action=passback-noAd&pageId=12955&pid=33484&gid=&slot=native&env=js-web&ts=1505832024477&auctid=7ce447b1-1064-4296-9dcc-415e9a95399d
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.208.229.32 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-208-229-32.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Expires
Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
23
Content-Type
image/gif
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=34&ud=false&ue=false&uu=false&qa=1600&qb=1200&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qi=1600&qj=1200&ql=&qo=0&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&i=CBSLOCAL1&hp=1&zMoatPS=Position%20Not%20Identified&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222164788&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&bq=0&f=0&j=&o=3&t=1505832024179&de=628136050372&m=0&ar=44605d6-clean&q=10&cb=0&cu=1505832024179&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=136557868%3A462609388%3A405816868%3A138209620799&qs=1&zMoatNonPlayer=true&bo=24653668&bp=222164788&bd=Position%20Not%20Identified&dfp=0%2C1&la=222164788&gw=cbslocal166502539715&fd=1&ac=1&it=500&fs=122435&na=248854712&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
pubads_impl_150.js
securepubads.g.doubleclick.net/gpt/ Frame 825. 		205 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
sffe /
Resource Hash
bfbd058b5c7ef220c83f818b1af7446e7b4486d722dea610ab690a3af3852c5f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Thu, 14 Sep 2017 13:37:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
435766
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
73564
x-xss-protection
1; mode=block
last-modified
Wed, 13 Sep 2017 18:01:11 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 14 Sep 2018 13:37:38 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSLOCAL1&hp=1&zMoatPS=Position%20Not%20Identified&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222164788&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&bq=0&f=0&j=&o=3&t=1505832024179&de=628136050372&m=0&ar=44605d6-clean&q=11&cb=0&cu=1505832024179&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=136557868%3A462609388%3A405816868%3A138209620799&qs=1&zMoatNonPlayer=true&bo=24653668&bp=222164788&bd=Position%20Not%20Identified&dfp=0%2C1&la=222164788&gw=cbslocal166502539715&fd=1&ac=1&it=500&fs=122435&na=1726621520&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
events
services.babator.com/ 		13 B
13 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/events
Requested by
Host: cdn.babator.com
URL: https://cdn.babator.com/customers/cbs/Babator-Connector.min.js?version=5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
13212dd00db0953c536cd4b4feb15bac1bb65761d235ee0ca65bdb975be6a662

Request headers

Access-Control-Request-Method
POST
Origin
http://philadelphia.cbslocal.com
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Access-Control-Request-Headers
content-type,x-api-key,x-user-uuid

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Server
nginx/1.10.1
X-Powered-By
Express
ETag
W/"d-hXhJBegAzPe2v3FerP2DCw"
Allow
POST,GET,HEAD
Access-Control-Allow-Methods
POST, PUT, DELETE
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
13
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=34&ud=false&ue=false&uu=false&qa=1600&qb=1200&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qi=1600&qj=1200&ql=&qo=0&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&i=CBSLOCAL1&hp=1&zMoatPS=adhesion&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222239308&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&bq=0&f=0&j=&o=3&t=1505832024323&de=209710007744&m=0&ar=44605d6-clean&q=13&cb=0&cu=1505832024323&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=4403365912%3A2099624806%3A4351794217%3A138205913720&qs=1&zMoatNonPlayer=true&bo=24653668&bp=222239308&bd=adhesion&dfp=0%2C1&la=222239308&gw=cbslocal166502539715&fd=1&ac=1&it=500&fs=122435&na=840291102&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-10/html/ Frame 825. 		3 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
http://tpc.googlesyndication.com/safeframe/1-0-10/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
HTTP/1.1
Server
2a00:1450:400e:807::2001 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
48098da7b08a94c3c3c814c6c7f1ec8caf664c16fd02771b86ea4a88469ba11e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Purpose
prefetch
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Thu, 14 Sep 2017 12:58:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 26 Jul 2017 14:03:10 GMT
Server
sffe
Age
438140
Vary
Accept-Encoding
Content-Type
text/html
Cache-Control
public, immutable, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1789
X-XSS-Protection
1; mode=block
Expires
Fri, 14 Sep 2018 12:58:04 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame 825. 		315 B
240 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&correlator=615795624560245&output=json_html&callback=googletag.impl.pubads.setPassbackAdContents&impl=s&eid=108809107%2C108809159%2C21060013&sc=0&sfv=1-0-10&iu=%2F4128%2FCBS.CHI%2Finreadpassback&sz=1x1&eri=2&cookie=ID%3D43cd44a28744763c%3AT%3D1505832023%3AS%3DALNI_MY90SxLlxGikFQSzHCWHkOpKas85Q&lmt=1505832024&dt=1505832024707&ea=0&frm=23&biw=1585&bih=1200&isw=1&ish=1&oid=3&adk=299031987&ifi=1&ifk=2168789842&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&ref=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&top=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&dssz=2&icsg=10&std=0&vrg=150&vis=1&ga_vid=784117593.1505832023&ga_sid=1505832023&ga_hid=1828594125&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
cafe /
Resource Hash
73077d06f3c15d17cc40f91db7ecdbdd7922e6a94e7b89788f623fe9154bd72c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:40:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
222
x-xss-protection
1; mode=block
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
3p_cookie.html
securepubads.g.doubleclick.net/static/ Frame 825. 		223 B
185 B 		Other
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/static/3p_cookie.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_150.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.17.130 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
ams15s30-in-f130.1e100.net
Software
sffe /
Resource Hash
0a42d405c353edd15594d2ee30d099097ea995e7d7c990ecf81bec9a0ad90082
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Purpose
prefetch
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:29:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 16 Aug 2017 19:15:52 GMT
server
sffe
age
631
vary
Accept-Encoding
content-type
text/html
status
200
cache-control
public, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
176
x-xss-protection
1; mode=block
expires
Tue, 19 Sep 2017 15:19:53 GMT
bridge3.179.0_en.html
imasdk.googleapis.com/js/core/ Frame 825. 		0
0
client.js
s0.2mdn.net/instream/video/ Frame 825. 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:816::2006 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Tue, 19 Sep 2017 14:35:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
265
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
10523
x-xss-protection
1; mode=block
last-modified
Thu, 19 Jan 2017 00:16:22 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 19 Sep 2017 14:50:59 GMT
id
dpm.demdex.net/ Frame 825. 		225 B
209 B 		Script
General
Check archive.org
Download Go to
Full URL
http://dpm.demdex.net/id?d_rtbd=json&d_ver=2&d_orgid=823BA0335567497F7F000101%40AdobeOrg&d_mid=90189725204722946433263558871443104714&d_blob=cIBAx_aQzFEHcPoEv0GwcQ&d_cb=s_c_il%5B0%5D._setAudienceManagerFields
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/lib/VideoHeartbeat.min.js
Protocol
HTTP/1.1
Server
54.72.198.94 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-72-198-94.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ed7458e8c75e368d60bfbb83771cc76ef35cb4585bab4445613c431753f4aea5

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

DCS
irl1-prod-dcs-fae0076c.edge-irl1.demdex.com 5.17.3.20170905151459 2ms
Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
X-TID
unUamh+FTsA=
Vary
Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
application/javascript; charset=UTF-8
Content-Length
209
Expires
Thu, 01 Jan 2009 00:00:00 GMT
823ba0335567497f7f000101-adobeorg.xml
cbsdigitalmedia.hb.omtrdc.net/settings/ Frame 825. 		228 B
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://cbsdigitalmedia.hb.omtrdc.net/settings/823ba0335567497f7f000101-adobeorg.xml?r=1505832024762
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/lib/VideoHeartbeat.min.js
Protocol
HTTP/1.1
Server
52.22.138.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-22-138-219.compute-1.amazonaws.com
Software
openresty /
Resource Hash
0e4e46fa1aa04c24e793912d7aabaa2f2b0f7dc03d73cf74fbe12cb84f062554

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Thu, 03 Aug 2017 16:06:20 GMT
Server
openresty
ETag
"598349fc-e4"
Content-Type
text/xml
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
228
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=CBSLOCAL1&hp=1&zMoatPS=adhesion&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222239308&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&bq=0&f=0&j=&o=3&t=1505832024323&de=209710007744&m=0&ar=44605d6-clean&q=14&cb=0&cu=1505832024323&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=4403365912%3A2099624806%3A4351794217%3A138205913720&qs=1&zMoatNonPlayer=true&bo=24653668&bp=222239308&bd=adhesion&dfp=0%2C1&la=222239308&gw=cbslocal166502539715&fd=1&ac=1&it=500&fs=122435&na=303357612&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
events
services.babator.com/ 		16 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/events
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
369131ad65e220d28be48bdb840c9505ffce18f825fec27ae8a0c611253ecf7e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
x-user-uuid
777c7220-9d48-11e7-9327-47290f0c4e1a
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
x-api-key
b7508330-5368-11e6-b9b6-b5368b08d969
Content-Type
application/json

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx/1.10.1
X-Powered-By
Express
Access-Control-Allow-Methods
POST, PUT, DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
6493
ETag
W/"40f1-Hku+QHm34DolSg72JlRJwA"
3711097_C1ECDDD429394CBD8DF8694725AF386E_170808_3711097_Hackers_Release_More_HBO_Files__Demand_Ransom_4000.m3u8
vodtv.cbslocal.com.edgesuite.net/lax/705/17/08/08/3711097/ Frame 825. 		283 B
283 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://vodtv.cbslocal.com.edgesuite.net/lax/705/17/08/08/3711097/3711097_C1ECDDD429394CBD8DF8694725AF386E_170808_3711097_Hackers_Release_More_HBO_Files__Demand_Ransom_4000.m3u8
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
2a02:26f0:78::5f64:f863 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
78e5d358e5369513a02da5ed62ec2d8001bc8285ee897663d0cb596bea3e84af

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Tue, 08 Aug 2017 13:52:59 GMT
Server
AkamaiNetStorage
ETag
"118b742b587875431387ad5470d66b31:1502200379.543529"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
audio/x-mpegurl
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
283
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&kq=1&lo=1&qs=1&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F16294041912681934503&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&h=60&w=120&fy=0&gp=0&zMoatPS=header&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222415708&f=0&j=&o=3&t=1505832024067&de=628471575348&cu=1505832024067&m=559&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=0&ag=57&an=0&gf=57&gg=0&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=57&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&im=0&em=0&en=0&st=1&su=1&of=1&oz=1&bu=114&cd=0&ah=114&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=147452668%3A489132028%3A436875628%3A138201817661&zMoatNonPlayer=true&bo=24653668&bp=222415708&bd=header&gw=cbslocal166502539715&dfp=0%2C1&la=222415708&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=1973851864&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
ED3E56992E2D0F45A4F31B465825BA4ACC373342968EBEC-2.ts
vodtv.cbslocal.com.edgesuite.net/lax/705/17/08/08/3711097/ Frame 825. 		5 MB
5 MB 		XHR
General
Check archive.org
Download Go to
Full URL
http://vodtv.cbslocal.com.edgesuite.net/lax/705/17/08/08/3711097/ED3E56992E2D0F45A4F31B465825BA4ACC373342968EBEC-2.ts
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
2a02:26f0:78::5f64:f863 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
11643d61d70df561bc16a2bab9ebc74d0776b6f402f6ce7d3f2b6ad89b681097

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Tue, 08 Aug 2017 13:52:57 GMT
Server
AkamaiNetStorage
ETag
"7fc7d016654bcae1f8db32d81325a804:1502200377.782312"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
5227340
connatix.renderer.infeed.min.js
cdn.connatix.com/min/ 		350 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
94.31.29.250 , United Kingdom, ASN6461 (ZAYO-6461 - Zayo Bandwidth Inc, US),
Reverse DNS
94.31.29.250.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
b7bb94c28ae12339a1162eec6f542b04a35fbcadcc04c3f9d7a8097ee9a0cc15

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:24 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Sep 2017 11:22:32 GMT
Server
NetDNA-cache/2.2
x-amz-request-id
6508D448FC005723
ETag
W/"9842fbd2335b3aed8f5f0845c2d04bbc"
Transfer-Encoding
chunked
X-Cache
HIT
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
x-amz-id-2
k33h9FJ0ihvjbv8naD+02n+lxQEgDruDztVJfScgM9VlEb1SwsINRo8dZB72rwsBjq8VbTTVGS0=
butler
b.sharethrough.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://b.sharethrough.com/butler?type=networkImpressionRequest&pkey=d3da4d50&placementIndex=1&networkKey=280474eb&networkOrder=1&session=77a13830-9d48-11e7-bd4a-97f89acd0814&bwidth=1600&bheight=1200&pref=&ploc=http%253A%252F%252Fphiladelphia.cbslocal.com%252F2017%252F09%252F18%252Fhackers-malware-pc-ccleaner%252F&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20HeadlessChrome%2F60.0.3112.113%20Safari%2F537.36&umtime=1505832024809&version=63-1fd29b2dacfd1e89b411fbc7b7c19e054afee225&uid=&mrid=787e51c0-9d48-11e7-bd4a-97f89acd0814&bidId=NO_BID_ID
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
34.206.181.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-206-181-118.compute-1.amazonaws.com
Software
nginx/1.4.6 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:25 GMT
Server
nginx/1.4.6 (Ubuntu)
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&kq=1&lo=1&qs=1&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F2234399157114648267&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&h=31&w=88&fy=0&gp=0&zMoatPS=Position%20Not%20Identified&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222164788&f=0&j=&o=3&t=1505832024122&de=689640579158&cu=1505832024122&m=526&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=0&ag=20&an=0&gf=20&gg=0&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=20&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&im=0&em=0&en=0&st=1&su=1&of=1&oz=1&bu=39&cd=0&ah=39&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=148848988%3A492008428%3A440564428%3A138204132162&zMoatNonPlayer=true&bo=24653668&bp=222164788&bd=Position%20Not%20Identified&gw=cbslocal166502539715&dfp=0%2C1&la=222164788&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=875192582&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&kq=1&lo=1&qs=1&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F3081149488413533531&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&h=250&w=300&fy=0&gp=0&zMoatPS=adhesion&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222239308&f=0&j=&o=3&t=1505832024323&de=209710007744&cu=1505832024323&m=515&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=0&ag=29&an=0&gf=29&gg=0&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=29&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&im=0&em=0&en=0&st=1&su=1&of=1&oz=1&bu=58&cd=0&ah=58&am=0&rf=0&re=0&wb=1&cl=0&at=0&d=4403365912%3A2099624806%3A4351794217%3A138205913720&zMoatNonPlayer=true&bo=24653668&bp=222239308&bd=adhesion&gw=cbslocal166502539715&dfp=0%2C1&la=222239308&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=830123955&cs=0
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:24 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:24 GMT
iframes%5C44720f84-21ae-4882-bf37-0450bb4a1f13.html
u.connatix.com/ Frame 825. 		0
0
ED3E56992E2D0F45A4F31B465825BA4ACC373342968EBEC-3.ts
vodtv.cbslocal.com.edgesuite.net/lax/705/17/08/08/3711097/ Frame 825. 		2 MB
2 MB 		XHR
General
Check archive.org
Download Go to
Full URL
http://vodtv.cbslocal.com.edgesuite.net/lax/705/17/08/08/3711097/ED3E56992E2D0F45A4F31B465825BA4ACC373342968EBEC-3.ts
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js
Protocol
HTTP/1.1
Server
2a02:26f0:78::5f64:f863 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
7900f85fa6a718540dc6e675e981971a95bf18983b5db832a0f341dc05f0686e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Tue, 08 Aug 2017 13:52:58 GMT
Server
AkamaiNetStorage
ETag
"6f89142d4af096808b70e0bcdc0a04e7:1502200378.985108"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
1849544
events
services.babator.com/ 		13 B
13 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/events
Requested by
Host: cdn.babator.com
URL: https://cdn.babator.com/customers/cbs/Babator-Connector.min.js?version=5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
13212dd00db0953c536cd4b4feb15bac1bb65761d235ee0ca65bdb975be6a662

Request headers

Access-Control-Request-Method
POST
Origin
http://philadelphia.cbslocal.com
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Access-Control-Request-Headers
content-type,x-api-key,x-user-uuid

Response headers

Date
Tue, 19 Sep 2017 14:40:25 GMT
Server
nginx/1.10.1
X-Powered-By
Express
ETag
W/"d-hXhJBegAzPe2v3FerP2DCw"
Allow
POST,GET,HEAD
Access-Control-Allow-Methods
POST, PUT, DELETE
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
13
pls
api.connatix.com/ 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://api.connatix.com/pls?callback=jQuery11230425894198657498_1505832024864&off=0&mode=top&token=1da227b2-fd75-4dd7-9150-b8abcf828f31&p=http%3A%2F%2Fphiladelphia.cbslocal.com&_=1505832024865
Requested by
Host: cdn.connatix.com
URL: http://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol
HTTP/1.1
Server
52.20.69.247 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-20-69-247.compute-1.amazonaws.com
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
9af9c48a50baa8b6a5fde8ac9256673f29cdd94973a3f2c3a0fa817e060f599c

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:22 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private
Connection
keep-alive
Content-Length
4950
DF0730B8B85A4128AD3DBDB935916A73_pvw-M0.jpg
cbslocal-uploads.s3.amazonaws.com/anv-pvw/DF0/730/ Frame 825. 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/anv-pvw/DF0/730/DF0730B8B85A4128AD3DBDB935916A73_pvw-M0.jpg
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
9203cb53baf18e72097b29dcfd6ddffeb535c38fba00321ba24f8e751bfa5aa6

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:26 GMT
Last-Modified
Tue, 08 Aug 2017 13:52:47 GMT
Server
AmazonS3
x-amz-request-id
F4D7A80B83960120
ETag
"a441d16831a9b75a2c3c171adb28d679"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
37694
x-amz-id-2
vcdkkhbt0km7BzFRvyYWbq2RaT70zLCgEc73Rsha/u/i7VrOsSkPDTdcHmqWxR3/t4QkhN/swn0=
DF0730B8B85A4128AD3DBDB935916A73_pvw-M00.jpg
cbslocal-uploads.s3.amazonaws.com/anv-pvw/DF0/730/ Frame 825. 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/anv-pvw/DF0/730/DF0730B8B85A4128AD3DBDB935916A73_pvw-M00.jpg
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
8e57a028de6f926c3a5b6110fcb3b551ff864199da1155e8f6cb477db33db316

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:26 GMT
Last-Modified
Tue, 08 Aug 2017 13:52:47 GMT
Server
AmazonS3
x-amz-request-id
E47EA20B20F380FE
ETag
"5908bb5f419ae0a1ac94d01c907d2cde"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
14026
x-amz-id-2
pXXNAPlTmtlEarpb2JGtRSydrpKbOL0EwxzLP6TndGI5bt5TRIUuFW2gluyM+6Wm3YD0AvFHyBU=
DF0730B8B85A4128AD3DBDB935916A73_pvw-hi.bif
cbslocal-uploads.s3.amazonaws.com/anv-pvw/DF0/730/ Frame 825. 		13 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/anv-pvw/DF0/730/DF0730B8B85A4128AD3DBDB935916A73_pvw-hi.bif
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:26 GMT
Last-Modified
Tue, 08 Aug 2017 13:52:47 GMT
Server
AmazonS3
x-amz-request-id
B30FC261C9BC0AB7
ETag
"45265667a3f9a2804318b6b20bc0e1b1"
Content-Type
binary/octet-stream
Accept-Ranges
bytes
Content-Length
216433
x-amz-id-2
ZF3imwQtOPfo7EQ4LXnFZSbF7xJLs8GxKNBRVjZOtVP+5XcDQnHNnEppTEHHmwnY14Kcu7ypAhs=
DF0730B8B85A4128AD3DBDB935916A73_pvw-med.bif
cbslocal-uploads.s3.amazonaws.com/anv-pvw/DF0/730/ Frame 825. 		13 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/anv-pvw/DF0/730/DF0730B8B85A4128AD3DBDB935916A73_pvw-med.bif
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:26 GMT
Last-Modified
Tue, 08 Aug 2017 13:52:47 GMT
Server
AmazonS3
x-amz-request-id
6211119A5DEE8768
ETag
"72d3cca8a47ac8278f059a81e7d6bbd2"
Content-Type
binary/octet-stream
Accept-Ranges
bytes
Content-Length
67699
x-amz-id-2
40h3t2OwR50yeDpSjcDNjfOxNZQSmNTejSnJBD/DjzxkO2VwHurEdLbLIT8gPgTplu/tgGpDj0w=
DF0730B8B85A4128AD3DBDB935916A73_pvw-lo.bif
cbslocal-uploads.s3.amazonaws.com/anv-pvw/DF0/730/ Frame 825. 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/anv-pvw/DF0/730/DF0730B8B85A4128AD3DBDB935916A73_pvw-lo.bif
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:26 GMT
Last-Modified
Tue, 08 Aug 2017 13:52:47 GMT
Server
AmazonS3
x-amz-request-id
2874649EF8AA133D
ETag
"fe46ec3f1042312eae099da499c9c4ab"
Content-Type
binary/octet-stream
Accept-Ranges
bytes
Content-Length
48793
x-amz-id-2
IAnUChbWh3nUvEL5OiY+a05AqfAUwFoeUBjUmoPwnAZHKEKbF3bwa0eX5DP7IOs85CobTLcczk0=
events
services.babator.com/ 		14 B
14 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/events
Requested by
Host: philadelphia.cbslocal.com
URL: http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
7cd85494eb375cc958155aca095fd0bae01e24f777c4ce4059e2edb82324618c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
x-user-uuid
777c7220-9d48-11e7-9327-47290f0c4e1a
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
x-api-key
b7508330-5368-11e6-b9b6-b5368b08d969
Content-Type
application/json

Response headers

Date
Tue, 19 Sep 2017 14:40:25 GMT
X-Content-Type-Options
nosniff
Server
nginx/1.10.1
X-Powered-By
Express
Access-Control-Allow-Methods
POST, PUT, DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
14
ETag
W/"e-+3Pmmp/QERKiJq3DueGVYg"
satellite-59386ef464746d4516005f19.js
assets.adobedtm.com/21d6c746401821d9ceb8fd43cc9c7649a92762c2/scripts/ 		203 B
170 B 		Script
General
Check archive.org
Download Go to
Full URL
http://assets.adobedtm.com/21d6c746401821d9ceb8fd43cc9c7649a92762c2/scripts/satellite-59386ef464746d4516005f19.js
Requested by
Host: assets.adobedtm.com
URL: http://assets.adobedtm.com/21d6c746401821d9ceb8fd43cc9c7649a92762c2/satelliteLib-62c5c4d67cd6b55dd225771b27563dbd602fde8f.js?ver=1.0.0
Protocol
HTTP/1.1
Server
23.53.173.136 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-173-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
87ca0be3d1a93c191201c266c354b1615fba9ed618770d370c2f47fcad00953e

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:25 GMT
Content-Encoding
gzip
Last-Modified
Wed, 07 Jun 2017 21:52:00 GMT
Server
Apache
ETag
"751694cd8c05a0905be83b882bc91a2e:1496872320"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
170
activeview
pagead2.googlesyndication.com/ Frame 825. 		42 B
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pagead2.googlesyndication.com/activeview?avi=BD3VmVyzBWeGlOtOx3gPMnKeoDQAAAAAQATgByAECwAIC4AIAyAOZBOAEAaAGFNIIBQiAYRAB&cid=CAASEuRouJRpmVGrdiYcMnn56nos7A&id=osdim&ti=1&r=u&adk=2562216092&tt=1082&bs=1585,1200&mtos=1074,1074,1074,1074,1074&tos=1074,0,0,0,0&p=56,1146,116,1266&inapp=0&mcvt=1074&rs=3&ht=0&tfs=7&tls=1081&mc=1&lte=1&bas=0&bac=0&bos=1600,1200&ps=1585,2925&ss=1600,1200&pt=1080&deb=1-6-6-9-9--1&tvt=1075&avms=geo&uc=4&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=120x60&v=r20170913
Protocol
HTTP/1.1
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
X-Content-Type-Options
nosniff
Server
cafe
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate
Timing-Allow-Origin
*
Content-Length
42
X-XSS-Protection
1; mode=block
Expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/ Frame 825. 		42 B
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pagead2.googlesyndication.com/activeview?avi=Bq0gCVyzBWYLTO4aV3gOYyZHQAgAAAAAQATgByAECwAIC4AIAyAOZBOAEAaAGFNIIBQiAYRAB&cid=CAASEuRo_kn0jMxZCmIXjTTa-q4BDw&id=osdim&ti=1&r=u&adk=405307911&tt=1082&bs=1585,1200&mtos=1069,1069,1069,1069,1069&tos=1069,0,0,0,0&p=340,1171,371,1259&inapp=0&mcvt=1069&rs=3&ht=0&tfs=12&tls=1081&mc=1&lte=1&bas=0&bac=0&bos=1600,1200&ps=1585,2925&ss=1600,1200&pt=1080&deb=1-6-6-9-9--1&tvt=1075&avms=geo&uc=4&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=88x31&v=r20170913
Protocol
HTTP/1.1
Server
2a00:1450:4001:81e::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
X-Content-Type-Options
nosniff
Server
cafe
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate
Timing-Allow-Origin
*
Content-Length
42
X-XSS-Protection
1; mode=block
Expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/ Frame 825. 		42 B
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pagead2.googlesyndication.com/activeview?avi=BTr9cWCzBWcYglYNklIGz0AwAAAAAEAE4AcgBA8ACAuACAMgDmQTgBAGgBhTSCAUIgGEQAQ&cid=CAASEuRoqR52A72gGTNSHVF-b91dKQ&id=osdim&ti=1&r=u&adk=811693159&tt=1082&bs=1585,1200&mtos=1050,1050,1050,1050,1050&tos=1050,0,0,0,0&p=585,966,835,1266&inapp=0&mcvt=1050&rs=3&ht=0&tfs=31&tls=1081&mc=1&lte=1&bas=0&bac=0&bos=1600,1200&ps=1585,2925&ss=1600,1200&pt=1080&deb=1-6-6-9-9--1&tvt=1075&avms=geo&uc=4&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=300x250&v=r20170913
Protocol
HTTP/1.1
Server
2a00:1450:4001:81f::2002 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
X-Content-Type-Options
nosniff
Server
cafe
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate
Timing-Allow-Origin
*
Content-Length
42
X-XSS-Protection
1; mode=block
Expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&h=60&w=120&fy=0&gp=0&zMoatPS=header&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222415708&f=0&j=&o=3&t=1505832024067&de=628471575348&cu=1505832024067&m=1607&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=1113&an=57&gi=1&gf=1113&gg=57&ez=1&ck=1113&kw=1024&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1113&bx=57&ci=1113&jz=1024&dj=1&aa=0&ad=983&cn=0&gk=983&gl=0&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=1024&cd=114&ah=1024&am=114&rf=0&re=0&wb=1&cl=0&at=0&d=147452668%3A489132028%3A436875628%3A138201817661&zMoatNonPlayer=true&bo=24653668&bp=222415708&bd=header&gw=cbslocal166502539715&dfp=0%2C1&la=222415708&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=1102119700&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:25 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&h=60&w=120&fy=0&gp=0&zMoatPS=header&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222415708&f=0&j=&o=3&t=1505832024067&de=628471575348&cu=1505832024067&m=1608&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=1113&an=1113&gi=1&gf=1113&gg=1113&ez=1&ck=1113&kw=1024&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1113&bx=1113&ci=1113&jz=1024&dj=1&aa=0&ad=983&cn=983&gk=983&gl=983&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=1024&cd=1024&ah=1024&am=1024&rf=0&re=0&wb=1&cl=0&at=0&d=147452668%3A489132028%3A436875628%3A138201817661&zMoatNonPlayer=true&bo=24653668&bp=222415708&bd=header&gw=cbslocal166502539715&dfp=0%2C1&la=222415708&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=1613271483&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:25 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&h=60&w=120&fy=0&gp=0&zMoatPS=header&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222415708&f=0&j=&o=3&t=1505832024067&de=628471575348&cu=1505832024067&m=1609&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=1113&an=1113&gi=1&gf=1113&gg=1113&ez=1&ck=1113&kw=1024&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1113&bx=1113&ci=1113&jz=1024&dj=1&aa=0&ad=983&cn=983&gk=983&gl=983&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=1024&cd=1024&ah=1024&am=1024&rf=0&re=0&wb=1&cl=0&at=0&d=147452668%3A489132028%3A436875628%3A138201817661&zMoatNonPlayer=true&bo=24653668&bp=222415708&bd=header&gw=cbslocal166502539715&dfp=0%2C1&la=222415708&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=569746589&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:25 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&h=31&w=88&fy=0&gp=0&zMoatPS=Position%20Not%20Identified&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222164788&f=0&j=&o=3&t=1505832024122&de=689640579158&cu=1505832024122&m=1603&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=1100&an=20&gi=1&gf=1100&gg=20&ez=1&ck=1100&kw=924&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1100&bx=20&ci=1100&jz=924&dj=1&aa=1&ad=1015&cn=0&gn=1&gk=1015&gl=0&co=1015&cp=924&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=924&cd=39&ah=924&am=39&rf=0&re=0&wb=1&cl=0&at=0&d=148848988%3A492008428%3A440564428%3A138204132162&zMoatNonPlayer=true&bo=24653668&bp=222164788&bd=Position%20Not%20Identified&gw=cbslocal166502539715&dfp=0%2C1&la=222164788&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=2058056957&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:25 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&h=31&w=88&fy=0&gp=0&zMoatPS=Position%20Not%20Identified&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222164788&f=0&j=&o=3&t=1505832024122&de=689640579158&cu=1505832024122&m=1604&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=1100&an=1100&gi=1&gf=1100&gg=1100&ez=1&ck=1100&kw=924&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1100&bx=1100&ci=1100&jz=924&dj=1&aa=1&ad=1015&cn=1015&gn=1&gk=1015&gl=1015&co=1015&cp=924&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=924&cd=924&ah=924&am=924&rf=0&re=0&wb=1&cl=0&at=0&d=148848988%3A492008428%3A440564428%3A138204132162&zMoatNonPlayer=true&bo=24653668&bp=222164788&bd=Position%20Not%20Identified&gw=cbslocal166502539715&dfp=0%2C1&la=222164788&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=326281062&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:25 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&h=31&w=88&fy=0&gp=0&zMoatPS=Position%20Not%20Identified&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222164788&f=0&j=&o=3&t=1505832024122&de=689640579158&cu=1505832024122&m=1605&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=1100&an=1100&gi=1&gf=1100&gg=1100&ez=1&ck=1100&kw=924&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1100&bx=1100&ci=1100&jz=924&dj=1&aa=1&ad=1015&cn=1015&gn=1&gk=1015&gl=1015&co=1015&cp=924&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=924&cd=924&ah=924&am=924&rf=0&re=0&wb=1&cl=0&at=0&d=148848988%3A492008428%3A440564428%3A138204132162&zMoatNonPlayer=true&bo=24653668&bp=222164788&bd=Position%20Not%20Identified&gw=cbslocal166502539715&dfp=0%2C1&la=222164788&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=1699284472&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:25 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&h=60&w=120&fy=0&gp=0&zMoatPS=header&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222415708&f=0&j=&o=3&t=1505832024067&de=628471575348&cu=1505832024067&m=1808&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=1313&an=1113&gi=1&gf=1313&gg=1113&ez=1&ck=1113&kw=1024&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1313&bx=1113&ci=1113&jz=1024&dj=1&aa=1&ad=1183&cn=983&gn=1&gk=1183&gl=983&co=1183&cp=1170&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=1170&cd=1024&ah=1170&am=1024&rf=0&re=0&wb=1&cl=0&at=0&d=147452668%3A489132028%3A436875628%3A138201817661&zMoatNonPlayer=true&bo=24653668&bp=222415708&bd=header&gw=cbslocal166502539715&dfp=0%2C1&la=222415708&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=224153155&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:25 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&h=250&w=300&fy=0&gp=0&zMoatPS=adhesion&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222239308&f=0&j=&o=3&t=1505832024323&de=209710007744&cu=1505832024323&m=1603&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=1120&an=29&gi=1&gf=1120&gg=29&ez=1&ck=1120&kw=951&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1120&bx=29&ci=1120&jz=951&dj=1&aa=0&ad=958&cn=0&gk=958&gl=0&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=951&cd=58&ah=951&am=58&rf=0&re=0&wb=1&cl=0&at=0&d=4403365912%3A2099624806%3A4351794217%3A138205913720&zMoatNonPlayer=true&bo=24653668&bp=222239308&bd=adhesion&gw=cbslocal166502539715&dfp=0%2C1&la=222239308&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=726815369&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:25 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&h=250&w=300&fy=0&gp=0&zMoatPS=adhesion&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222239308&f=0&j=&o=3&t=1505832024323&de=209710007744&cu=1505832024323&m=1604&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=1120&an=1120&gi=1&gf=1120&gg=1120&ez=1&ck=1120&kw=951&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1120&bx=1120&ci=1120&jz=951&dj=1&aa=0&ad=958&cn=958&gk=958&gl=958&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=951&cd=951&ah=951&am=951&rf=0&re=0&wb=1&cl=0&at=0&d=4403365912%3A2099624806%3A4351794217%3A138205913720&zMoatNonPlayer=true&bo=24653668&bp=222239308&bd=adhesion&gw=cbslocal166502539715&dfp=0%2C1&la=222239308&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=1678595471&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:25 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&h=250&w=300&fy=0&gp=0&zMoatPS=adhesion&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222239308&f=0&j=&o=3&t=1505832024323&de=209710007744&cu=1505832024323&m=1604&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=1120&an=1120&gi=1&gf=1120&gg=1120&ez=1&ck=1120&kw=951&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1120&bx=1120&ci=1120&jz=951&dj=1&aa=0&ad=958&cn=958&gk=958&gl=958&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=951&cd=951&ah=951&am=951&rf=0&re=0&wb=1&cl=0&at=0&d=4403365912%3A2099624806%3A4351794217%3A138205913720&zMoatNonPlayer=true&bo=24653668&bp=222239308&bd=adhesion&gw=cbslocal166502539715&dfp=0%2C1&la=222239308&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=825248974&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:25 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:25 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&h=250&w=300&fy=0&gp=0&zMoatPS=adhesion&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222239308&f=0&j=&o=3&t=1505832024323&de=209710007744&cu=1505832024323&m=1803&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=1320&an=1120&gi=1&gf=1320&gg=1120&ez=1&ck=1120&kw=951&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1320&bx=1120&ci=1120&jz=951&dj=1&aa=1&ad=1158&cn=958&gn=1&gk=1158&gl=958&co=1158&cp=1149&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=1149&cd=951&ah=1149&am=951&rf=0&re=0&wb=1&cl=0&at=0&d=4403365912%3A2099624806%3A4351794217%3A138205913720&zMoatNonPlayer=true&bo=24653668&bp=222239308&bd=adhesion&gw=cbslocal166502539715&dfp=0%2C1&la=222239308&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=1615139380&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:26 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:26 GMT
/
rt.analytics.anvato.net/ Frame 825. 		2 B
2 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://rt.analytics.anvato.net/?act=start-try%2Crebuffer%2Cvideo-loaded%3A1028%2Cstart-ok%3A4121%2Cplaying%3A552%2Chs%3AAAAAAAAAAAAAAAAAAA%3D%3D~24&dma=0&dev=desktop&aid=CBS~998161~3711097&sid=FC9B4D9A-855C-4D95-B5CD-05CA15DB119E&tech=browser&plyr=html5&pln=Anvato%20Web%20Player%20v3&src=philadelphia.cbslocal.com
Protocol
HTTP/1.1
Server
130.211.42.235 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
235.42.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:28 GMT
Via
1.1 google
Server
nginx
Content-Length
2
Content-Type
text/html; charset=UTF-8
s89582616764097
cbsdigitalmedia.d1.sc.omtrdc.net/b/ss/cbslocal-global-unified/1/JS-1.4.3/ Frame 825. 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbsdigitalmedia.d1.sc.omtrdc.net/b/ss/cbslocal-global-unified/1/JS-1.4.3/s89582616764097?AQB=1&ndh=1&pf=1&t=19%2F8%2F2017%2014%3A40%3A27%202%200&mid=90189725204722946433263558871443104714&aamlh=6&ce=UTF-8&ns=philadelphia.cbslocal.com-p0&pageName=Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%20%C2%AB%20CBS%20Philly&g=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&r=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&c.&videoShowName=CBS%202%20News%20Morning&videoSeason=0&startType=auto&videoCategory=Stations%5CSpoken%20Word%5CKCBSTV%2CSyndication%5CNDN%2CSyndication%5CMSN%2CSyndication%5CAOL%2CSyndication%5CYahoo%2CSyndication%5CTribune%2CSyndication%5CCurb.tv%2CContent%5CNews&a.&contentType=vod&media.&name=3711097&friendlyName=Hackers%20Release%20More%20HBO%20Files%2C%20Demand%20Ransom&length=24&playerName=Anvato%20Universal%20Player-p0&channel=philadelphia.cbslocal.com&view=true&.media&.a&.c&pe=ms_s&pev3=video&aamb=cIBAx_aQzFEHcPoEv0GwcQ&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=624&bh=351&AQE=1
Protocol
HTTP/1.1
Server
66.235.148.64 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
*.d1.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:27 GMT
X-C
ms-5.5.0
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
43
Pragma
no-cache
Last-Modified
Wed, 20 Sep 2017 14:40:27 GMT
Server
Omniture DC/2.0.0
xserver
www23
ETag
"59C12C5B-39BE-0648593F"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Keep-Alive
timeout=15
Expires
Mon, 18 Sep 2017 14:40:27 GMT
p
b.scorecardresearch.com/ Frame 825. 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://b.scorecardresearch.com/p?c1=2&c2=3000023&ns_type=hidden&ns_st_sv=4.1412.05&ns_st_it=r&ns_st_id=1505832024714_1&ns_st_ec=1&ns_st_sp=1&ns_st_sq=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=31000&ns_st_pb=1&ns_st_mp=streamsense&ns_st_mv=4.1412.05&ns_st_pn=1&ns_st_tp=1&ns_st_ad=1&ns_st_ci=3711097&ns_ts=1505832027749&ns_st_bt=0&ns_st_bp=0&ns_st_br=0&ns_st_ub=0&ns_st_pr=Hackers%20Release%20More%20HBO%20Files%2C%20Demand%20Ransom&ns_st_ep=Hackers%20Release%20More%20HBO%20Files%2C%20Demand%20Ransom&ns_st_ct=va&ns_st_ge=*null&ns_st_st=*null&ns_st_pu=*null&c3=philadelphia.cbslocal.com&c4=*null&c6=*null&c7=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&c8=&c9=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&ns_st_sn=*null&ns_st_en=*null&ns_st_ti=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_ce=*null
Protocol
HTTP/1.1
Server
95.100.248.105 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a95-100-248-105.deploy.akamaitechnologies.com
Software
/
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:27 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 01 Jan 1990 00:00:00 GMT
cbs.min.js
cdn.babator.com/layouts/external/ 		61 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.babator.com/layouts/external/cbs.min.js?version=5
Requested by
Host: services.babator.com
URL: https://services.babator.com/tags/init?apiKey=b7508330-5368-11e6-b9b6-b5368b08d969&userUUID=777c7220-9d48-11e7-9327-47290f0c4e1a&userId=777c7221-9d48-11e7-9327-47290f0c4e1a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.192.54.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-54-240.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d513f376f68609cc7ed1cffeacd220585fbc67cfb0e7e912621fb1b5b7eac3b7

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Mon, 19 Jun 2017 14:04:54 GMT
Content-Encoding
gzip
Last-Modified
Mon, 19 Jun 2017 14:00:55 GMT
Server
AmazonS3
Age
181188
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 f19281f08e79aa6c6634266c50732dd5.cloudfront.net (CloudFront)
Cache-Control
public, max-age=604800
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
GR6ZPSlUXJpk7f3_HDvl1Crit4EpcxARQX-EqICeQtf8G5fxfm039Q==
events
services.babator.com/ 		13 B
13 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/events
Requested by
Host: cdn.babator.com
URL: https://cdn.babator.com/customers/cbs/Babator-Connector.min.js?version=5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
13212dd00db0953c536cd4b4feb15bac1bb65761d235ee0ca65bdb975be6a662

Request headers

Access-Control-Request-Method
POST
Origin
http://philadelphia.cbslocal.com
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Access-Control-Request-Headers
content-type,x-api-key,x-user-uuid

Response headers

Date
Tue, 19 Sep 2017 14:40:27 GMT
Server
nginx/1.10.1
X-Powered-By
Express
ETag
W/"d-hXhJBegAzPe2v3FerP2DCw"
Allow
POST,GET,HEAD
Access-Control-Allow-Methods
POST, PUT, DELETE
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
13
events
services.babator.com/ 		13 B
13 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/events
Requested by
Host: cdn.babator.com
URL: https://cdn.babator.com/customers/cbs/Babator-Connector.min.js?version=5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
13212dd00db0953c536cd4b4feb15bac1bb65761d235ee0ca65bdb975be6a662

Request headers

Access-Control-Request-Method
POST
Origin
http://philadelphia.cbslocal.com
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Access-Control-Request-Headers
content-type,x-api-key,x-user-uuid

Response headers

Date
Tue, 19 Sep 2017 14:40:27 GMT
Server
nginx/1.10.1
X-Powered-By
Express
ETag
W/"d-hXhJBegAzPe2v3FerP2DCw"
Allow
POST,GET,HEAD
Access-Control-Allow-Methods
POST, PUT, DELETE
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
13
s86469627951851
cbsdigitalmedia.d1.sc.omtrdc.net/b/ss/cbslocal-global-unified/1/JS-1.4.3/ Frame 825. 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbsdigitalmedia.d1.sc.omtrdc.net/b/ss/cbslocal-global-unified/1/JS-1.4.3/s86469627951851?AQB=1&ndh=1&pf=1&t=19%2F8%2F2017%2014%3A40%3A27%202%200&mid=90189725204722946433263558871443104714&aamlh=6&ce=UTF-8&ns=philadelphia.cbslocal.com-p0&pageName=Hackers%20Have%20Successfully%20Hidden%20Malware%20In%20Popular%20PC%20Cleanup%20Tool%20%C2%AB%20CBS%20Philly&g=http%3A%2F%2Fphiladelphia.cbslocal.com%2F2017%2F09%2F18%2Fhackers-malware-pc-ccleaner%2F&c.&videoShowName=CBS%202%20News%20Morning&videoSeason=0&startType=auto&videoCategory=Stations%5CSpoken%20Word%5CKCBSTV%2CSyndication%5CNDN%2CSyndication%5CMSN%2CSyndication%5CAOL%2CSyndication%5CYahoo%2CSyndication%5CTribune%2CSyndication%5CCurb.tv%2CContent%5CNews&a.&contentType=vod&media.&name=3711097&playerName=Anvato%20Universal%20Player-p0&channel=philadelphia.cbslocal.com&ad.&name=ad_0_0&friendlyName=CBS.PHILLY&podFriendlyName=ad_break_0&length=31&playerName=Anvato%20Universal%20Player&pod=fcd12c574f219b901155d83d212610e4_1&podPosition=1&podSecond=0.0&view=true&.ad&.media&.a&.c&pe=msa_s&pev3=videoAd&aamb=cIBAx_aQzFEHcPoEv0GwcQ&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=624&bh=351&AQE=1
Protocol
HTTP/1.1
Server
66.235.148.64 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
*.d1.sc.omtrdc.net
Software
Omniture DC /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:27 GMT
X-C
ms-5.5.0
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
43
Pragma
no-cache
Last-Modified
Wed, 20 Sep 2017 14:40:27 GMT
Server
Omniture DC
xserver
www195
ETag
"59C12C5B-EB88-6B1EDD07"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Keep-Alive
timeout=15
Expires
Mon, 18 Sep 2017 14:40:27 GMT
truncated
/ Frame 825. 		363 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
372b6c7ce38915dfe1e414a5e3d0cb0ce53829b5622f3b970bd73d10366dfef3

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
truncated
/ Frame 825. 		636 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6c132befc502b9d2517765894a21e91b237dd21cbda5b77d459787a090b4aad0

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
925dde4bc770529a33279a03f958ec90.jpg
cdn.babator.com/customers/cbs/strips/video/ Frame 825. 		614 KB
614 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.babator.com/customers/cbs/strips/video/925dde4bc770529a33279a03f958ec90.jpg
Requested by
Host: cdn.babator.com
URL: https://cdn.babator.com/layouts/external/cbs.min.js?version=5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.192.54.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-54-240.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f5b5d6beba335c9704679c312c80a4e8305573f333415db919f4d3d7cd03fcc5

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Sat, 16 Sep 2017 17:25:04 GMT
Via
1.1 f19281f08e79aa6c6634266c50732dd5.cloudfront.net (CloudFront)
Last-Modified
Sat, 16 Sep 2017 03:22:22 GMT
Server
AmazonS3
Age
249324
ETag
"4d96feb82b8f7161f59d69e9dab093b5"
X-Cache
Hit from cloudfront
Content-Type
image/jpg
Cache-Control
public, max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
628937
X-Amz-Cf-Id
nqjglbXJdwPLjGX6bJ7bM9zRp8JSN6YsRxF2vtM8N_9dbiqG2JiijQ==
/
philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/ Frame 825. 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Requested by
Host: cdn.babator.com
URL: https://cdn.babator.com/layouts/external/cbs.min.js?version=5
Protocol
HTTP/1.1
Server
192.0.79.33 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

X-Pingback
http://philadelphia.cbslocal.com/xmlrpc.php
X-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Date
Tue, 19 Sep 2017 14:40:27 GMT
Content-Encoding
gzip
Last-Modified
Tue, 19 Sep 2017 14:37:48 GMT
Server
nginx
Vary
Accept-Encoding, Cookie
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
X-nc
HIT dfw 159
Cache-Control
max-age=300, must-revalidate
Transfer-Encoding
chunked
X-nananana
Batcache
X-ac
4.fra _dfw
Link
<http://wp.me/p11qnw-3SvM>; rel=shortlink
7506efc56638a05d652edf91b0208145.jpg
cdn.babator.com/customers/cbs/strips/video/ Frame 825. 		823 KB
823 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.babator.com/customers/cbs/strips/video/7506efc56638a05d652edf91b0208145.jpg
Requested by
Host: cdn.babator.com
URL: https://cdn.babator.com/layouts/external/cbs.min.js?version=5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.192.54.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-54-240.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5f4b59785ca2951f45ac50d5061e340b6a433cf825bbda32871f37a1c1205a89

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Mon, 18 Sep 2017 08:36:58 GMT
Via
1.1 641a0f932299b827b56d2560405082d5.cloudfront.net (CloudFront)
Last-Modified
Mon, 18 Sep 2017 03:36:37 GMT
Server
AmazonS3
Age
108211
ETag
"d4b40f3a0a5c4d4939a1cb2d82ec7b21"
X-Cache
Hit from cloudfront
Content-Type
image/jpg
Cache-Control
public, max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
842771
X-Amz-Cf-Id
mUvTKbQ6qvVpxZOvTUTzy1Ppv11Vw8ia8pcpTsxv6HhCfYnZ4IJG1Q==
eb437e5bcfcb8a184b973751f3a0fb7d.jpg
cdn.babator.com/customers/cbs/strips/video/ Frame 825. 		588 KB
588 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.babator.com/customers/cbs/strips/video/eb437e5bcfcb8a184b973751f3a0fb7d.jpg
Requested by
Host: cdn.babator.com
URL: https://cdn.babator.com/layouts/external/cbs.min.js?version=5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.192.54.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-54-240.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3c52267e9ff41ff68e5acc0f217266e58da7c8e582153455b9190b51407abad0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Mon, 18 Sep 2017 08:36:57 GMT
Via
1.1 2ebc0bd350ce03ac7549d526b72cae8e.cloudfront.net (CloudFront)
Last-Modified
Mon, 18 Sep 2017 03:04:11 GMT
Server
AmazonS3
Age
108212
ETag
"b303300e0a5e83b6c0c717734d1df1ef"
X-Cache
Hit from cloudfront
Content-Type
image/jpg
Cache-Control
public, max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
601874
X-Amz-Cf-Id
Xc2QF144PQ0yJTcgoNuwNLovTHqxU7Sb3yOzja5zDinFrQblFGfVFA==
5e1bde0e4c41f94ce618ee6cce0eb9c7.jpg
cdn.babator.com/customers/cbs/strips/video/ Frame 825. 		528 KB
528 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.babator.com/customers/cbs/strips/video/5e1bde0e4c41f94ce618ee6cce0eb9c7.jpg
Requested by
Host: cdn.babator.com
URL: https://cdn.babator.com/layouts/external/cbs.min.js?version=5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.192.54.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-54-240.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
52d1da2c5847dd17a417856446d90133a94183e904c122ef4be223cf85d2be7c

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Fri, 15 Sep 2017 00:25:08 GMT
Via
1.1 9865fbd5c61131fde861cc79a5ba4ead.cloudfront.net (CloudFront)
Last-Modified
Thu, 14 Sep 2017 23:37:21 GMT
Server
AmazonS3
Age
396921
ETag
"896082706e3f9ba808d1b92000ba87b8"
X-Cache
Hit from cloudfront
Content-Type
image/jpg
Cache-Control
public, max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
540169
X-Amz-Cf-Id
t2x2jGM4BbQgt9j1LPwOvxFSwX-ZpW_sBgFHGuZ-iEkNj6ukTFjiOQ==
f9d782990544801a1b5909d0804151e9.jpg
cdn.babator.com/customers/cbs/strips/video/ Frame 825. 		409 KB
409 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.babator.com/customers/cbs/strips/video/f9d782990544801a1b5909d0804151e9.jpg
Requested by
Host: cdn.babator.com
URL: https://cdn.babator.com/layouts/external/cbs.min.js?version=5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.192.54.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-54-240.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3a6793113bc327e12b7bba0672d6125287254ed2048e6f73a9f0f9aef3e442e8

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Mon, 18 Sep 2017 20:23:29 GMT
Via
1.1 1c618ea0f595386e66803b2a07e0f4dc.cloudfront.net (CloudFront)
Last-Modified
Tue, 12 Sep 2017 23:33:49 GMT
Server
AmazonS3
Age
65820
ETag
"611565c06b45a8bdc913fbcf3d4f9719"
X-Cache
Hit from cloudfront
Content-Type
image/jpg
Cache-Control
public, max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
418384
X-Amz-Cf-Id
c0i4EsYmpW94-t-SMmzsPekoIFntJfouY98O5SSd_5uDXjDm7Cfc5Q==
867778c9124f9f6eccfee4f7eeb20c04.jpg
cdn.babator.com/customers/cbs/strips/video/ Frame 825. 		539 KB
539 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.babator.com/customers/cbs/strips/video/867778c9124f9f6eccfee4f7eeb20c04.jpg
Requested by
Host: cdn.babator.com
URL: https://cdn.babator.com/layouts/external/cbs.min.js?version=5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.192.54.240 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-192-54-240.jfk6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bb3e5ab171231b7311e9002bc8864e3b0ef796e0aba5a4e0536d9f2ad133b358

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Mon, 18 Sep 2017 23:28:05 GMT
Via
1.1 0cd6949155fdc875b62d453c5f6c0005.cloudfront.net (CloudFront)
Last-Modified
Mon, 18 Sep 2017 22:25:51 GMT
Server
AmazonS3
Age
54744
ETag
"dbdced10bfa1a7fd50fbce266fb54749"
X-Cache
Hit from cloudfront
Content-Type
image/jpg
Cache-Control
public, max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
551521
X-Amz-Cf-Id
QjWSvboquYJwpMyorumk2g8vqlSfsqGtaghZA9Vp44qohqwL4c3bzA==
C6925CAB5EB54E9DA499A1B6A6936CA5.jpg
cbslocal-uploads.s3.amazonaws.com/captures/C69/25C/ 		238 KB
238 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/captures/C69/25C/C6925CAB5EB54E9DA499A1B6A6936CA5.jpg
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
362a5455df68219b78f0e73a9d90d61a34b08e80c998ebe1318e67484580f4b5

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:28 GMT
Last-Modified
Mon, 18 Sep 2017 22:13:38 GMT
Server
AmazonS3
x-amz-request-id
68D10D458CE7258B
ETag
"3b1870311b6e00f3b57bdb1c0a6b1daa"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
244051
x-amz-id-2
4dL9Xe15eaK88w1bfs1USw1bfxV470e6h9zXySlYoPfYyx8XcM7j2GEzoj4pbfuOV0tUl7AAPRk=
296EAD3D7AB442B894706CEA5A80B715.jpg
cbslocal-uploads.s3.amazonaws.com/captures/296/EAD/ 		184 KB
184 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/captures/296/EAD/296EAD3D7AB442B894706CEA5A80B715.jpg
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
0a05dd0bb4ff54c451d707778ee20553d8e1d62ece737a6e8291242bf7d4fa5e

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:28 GMT
Last-Modified
Tue, 12 Sep 2017 21:50:04 GMT
Server
AmazonS3
x-amz-request-id
83CCE66E2B869E5B
ETag
"546838038c63584ea02945c51d508ab4"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
188509
x-amz-id-2
IzaejfLids+NUlB6t43E82Q3i04ZIxwMkdPaI5FjdSWqLIXI+Fqqp+e3+ksswpFp4xg9xBTChes=
EAECB4A4CEA14818A5D9773D216296CF.jpg
cbslocal-uploads.s3.amazonaws.com/captures/EAE/CB4/ 		232 KB
232 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/captures/EAE/CB4/EAECB4A4CEA14818A5D9773D216296CF.jpg
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
34020ad2687f1fd00d7a74457a676f3449021c5800b87266881feea3c99f3be0

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:29 GMT
Last-Modified
Thu, 14 Sep 2017 22:53:43 GMT
Server
AmazonS3
x-amz-request-id
07DAA3CC342FBFFE
ETag
"db9599fcbc326e8014944f8deac89184"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
237812
x-amz-id-2
zVi4/FIcn8pi3GXjrBRCYVfDClitWVPGBtQc0kntC/eg3lnAj7NSYv/xXJYqzkZqijahXOyTBRg=
FCCA2F1A57CA464A9CA16CB21C3A67C0.jpg
cbslocal-uploads.s3.amazonaws.com/captures/FCC/A2F/ 		213 KB
213 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/captures/FCC/A2F/FCCA2F1A57CA464A9CA16CB21C3A67C0.jpg
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
28d1a669a4544bf78a592a9ea039defec710e3b9a5205041cd49528c8fd621ed

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:29 GMT
Last-Modified
Mon, 18 Sep 2017 02:33:19 GMT
Server
AmazonS3
x-amz-request-id
4334E0DC4BBC6014
ETag
"837a2217486df4056eec412e07bc5cd9"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
218300
x-amz-id-2
y3/LGzlH7XYeXnrsZsikut/vvCxXPQDqfUqfxehENiUjSk6w8E21KkxbCzemPYOWe8vBAzZ7pJ8=
652D32D6F91F4B80A7DB3E7F28B871DB.jpg
cbslocal-uploads.s3.amazonaws.com/captures/652/D32/ 		374 KB
374 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/captures/652/D32/652D32D6F91F4B80A7DB3E7F28B871DB.jpg
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
5ce3c6866d05727e7ad397e2e1ec65b20e9bae002fc2fe544d9b75e15bab2f89

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:29 GMT
Last-Modified
Mon, 18 Sep 2017 03:33:38 GMT
Server
AmazonS3
x-amz-request-id
2464DFEBC1B7529F
ETag
"3ddc997ead5772bffeae5ff37f0a77c6"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
383184
x-amz-id-2
47KYBjZ2z/LXaH0zY9qfLZ9trcM7g/3oMTmNXW4lhp3ZuaRm6wk57U7cDqo1rVGEngAq9pvOnxw=
5CA00D90233E4C56B2CD93DDCB92B218.jpg
cbslocal-uploads.s3.amazonaws.com/captures/5CA/00D/ 		280 KB
280 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/captures/5CA/00D/5CA00D90233E4C56B2CD93DDCB92B218.jpg
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
87565e806657769d813d39200e134d70e911b86acec06148b9c9a8258337e183

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:29 GMT
Last-Modified
Sat, 16 Sep 2017 03:10:12 GMT
Server
AmazonS3
x-amz-request-id
C030CA9039C034A3
ETag
"97362daf00a27906fc217217c56bd8ab"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
287098
x-amz-id-2
BX5Bjxnsw2umj207sQ75FjQOsu+E5oUBqcXj83iFqaPFl+5Ygmq8p4cAxKjjxgOWm7ffswBroAc=
events
services.babator.com/ 		14 B
14 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/events
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
7cd85494eb375cc958155aca095fd0bae01e24f777c4ce4059e2edb82324618c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
x-user-uuid
777c7220-9d48-11e7-9327-47290f0c4e1a
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
x-api-key
b7508330-5368-11e6-b9b6-b5368b08d969
Content-Type
application/json

Response headers

Date
Tue, 19 Sep 2017 14:40:27 GMT
X-Content-Type-Options
nosniff
Server
nginx/1.10.1
X-Powered-By
Express
Access-Control-Allow-Methods
POST, PUT, DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
14
ETag
W/"e-+3Pmmp/QERKiJq3DueGVYg"
events
services.babator.com/ 		342 B
268 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.babator.com/events
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.202.58.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-58-138.compute-1.amazonaws.com
Software
nginx/1.10.1 / Express
Resource Hash
f9d7d858e312e05ae8ac88b709302bd45092649963177f0f18e1485bcf0d2b5f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com
x-user-uuid
777c7220-9d48-11e7-9327-47290f0c4e1a
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
x-api-key
b7508330-5368-11e6-b9b6-b5368b08d969
Content-Type
application/json

Response headers

Date
Tue, 19 Sep 2017 14:40:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx/1.10.1
X-Powered-By
Express
Access-Control-Allow-Methods
POST, PUT, DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
http://philadelphia.cbslocal.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Set-Cookie, x-api-key, x-user-uuid, x-is-native
Content-Length
268
ETag
W/"156-NJIRHOuh6JStYospDedJPQ"
/
cbsdigitalmedia.hb.omtrdc.net/ Frame 825. 		0
0 		XHR
General
Check archive.org
Download Go to
Full URL
http://cbsdigitalmedia.hb.omtrdc.net/?s:sc:rsid=cbslocal-global-unified&s:sc:tracking_server=cbsdigitalmedia.d1.sc.omtrdc.net&h:sc:ssl=0&s:user:mid=90189725204722946433263558871443104714&s:sp:sdk=Anvato%20Universal%20Player&s:sp:channel=philadelphia.cbslocal.com&s:sp:player_name=Anvato%20Universal%20Player-p0&s:sp:hb_version=js-1.5.1.1-bf08a7e&l:sp:hb_api_lvl=3&s:event:sid=15058320277438121217&s:event:type=start&l:event:duration=4&l:event:playhead=0&l:event:ts=1505832027747&l:event:prev_ts=-1&s:asset:type=main&s:asset:video_id=3711097&s:asset:publisher=823BA0335567497F7F000101%40AdobeOrg&l:asset:duration=24&s:stream:type=vod&l:stream:bitrate=0&l:stream:fps=0&l:stream:dropped_frames=0&l:stream:startup_time=4&s:meta:videoShowName=CBS%202%20News%20Morning&s:meta:videoSeason=0&s:meta:startType=auto&s:meta:videoCategory=Stations%5CSpoken%20Word%5CKCBSTV%2CSyndication%5CNDN%2CSyndication%5CMSN%2CSyndication%5CAOL%2CSyndication%5CYahoo%2CSyndication%5CTribune%2CSyndication%5CCurb.tv%2CContent%5CNews
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/lib/VideoHeartbeat.min.js
Protocol
HTTP/1.1
Server
52.22.138.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-22-138-219.compute-1.amazonaws.com
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Sep 2017 14:40:28 GMT
Server
openresty
Connection
keep-alive
/
cbsdigitalmedia.hb.omtrdc.net/ Frame 825. 		0
0 		XHR
General
Check archive.org
Download Go to
Full URL
http://cbsdigitalmedia.hb.omtrdc.net/?s:sc:rsid=cbslocal-global-unified&s:sc:tracking_server=cbsdigitalmedia.d1.sc.omtrdc.net&h:sc:ssl=0&s:user:mid=90189725204722946433263558871443104714&s:sp:sdk=Anvato%20Universal%20Player&s:sp:channel=philadelphia.cbslocal.com&s:sp:player_name=Anvato%20Universal%20Player-p0&s:sp:hb_version=js-1.5.1.1-bf08a7e&l:sp:hb_api_lvl=3&s:event:sid=15058320277438121217&s:event:type=start&l:event:duration=1&l:event:playhead=0&l:event:ts=1505832027748&l:event:prev_ts=-1&s:asset:type=ad&s:asset:video_id=3711097&s:asset:publisher=823BA0335567497F7F000101%40AdobeOrg&l:asset:duration=24&s:asset:ad_id=ad_0_0&s:asset:ad_sid=1505832027747899167809&s:asset:resolver=Anvato%20Universal%20Player&s:asset:pod_id=fcd12c574f219b901155d83d212610e4_1&s:asset:pod_position=1&s:stream:type=vod&l:stream:bitrate=0&l:stream:fps=0&l:stream:dropped_frames=0&l:stream:startup_time=4&s:meta:videoShowName=CBS%202%20News%20Morning&s:meta:videoSeason=0&s:meta:startType=auto&s:meta:videoCategory=Stations%5CSpoken%20Word%5CKCBSTV%2CSyndication%5CNDN%2CSyndication%5CMSN%2CSyndication%5CAOL%2CSyndication%5CYahoo%2CSyndication%5CTribune%2CSyndication%5CCurb.tv%2CContent%5CNews
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/lib/VideoHeartbeat.min.js
Protocol
HTTP/1.1
Server
52.54.205.204 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-54-205-204.compute-1.amazonaws.com
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Sep 2017 14:40:28 GMT
Server
openresty
Connection
keep-alive
/
cbsdigitalmedia.hb.omtrdc.net/ Frame 825. 		0
0 		XHR
General
Check archive.org
Download Go to
Full URL
http://cbsdigitalmedia.hb.omtrdc.net/?s:sc:rsid=cbslocal-global-unified&s:sc:tracking_server=cbsdigitalmedia.d1.sc.omtrdc.net&h:sc:ssl=0&s:user:mid=90189725204722946433263558871443104714&s:sp:sdk=Anvato%20Universal%20Player&s:sp:channel=philadelphia.cbslocal.com&s:sp:player_name=Anvato%20Universal%20Player-p0&s:sp:hb_version=js-1.5.1.1-bf08a7e&l:sp:hb_api_lvl=3&s:event:sid=15058320277438121217&s:event:type=aa_start&l:event:duration=0&l:event:playhead=0&l:event:ts=1505832027758&l:event:prev_ts=-1&s:asset:type=main&s:asset:video_id=3711097&s:asset:publisher=823BA0335567497F7F000101%40AdobeOrg&l:asset:duration=24&s:stream:type=vod&l:stream:bitrate=0&l:stream:fps=0&l:stream:dropped_frames=0&l:stream:startup_time=4
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/lib/VideoHeartbeat.min.js
Protocol
HTTP/1.1
Server
34.231.142.135 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-231-142-135.compute-1.amazonaws.com
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Sep 2017 14:40:28 GMT
Server
openresty
Connection
keep-alive
/
cbsdigitalmedia.hb.omtrdc.net/ Frame 825. 		0
0 		XHR
General
Check archive.org
Download Go to
Full URL
http://cbsdigitalmedia.hb.omtrdc.net/?s:sc:rsid=cbslocal-global-unified&s:sc:tracking_server=cbsdigitalmedia.d1.sc.omtrdc.net&h:sc:ssl=0&s:user:mid=90189725204722946433263558871443104714&s:sp:sdk=Anvato%20Universal%20Player&s:sp:channel=philadelphia.cbslocal.com&s:sp:player_name=Anvato%20Universal%20Player-p0&s:sp:hb_version=js-1.5.1.1-bf08a7e&l:sp:hb_api_lvl=3&s:event:sid=15058320277438121217&s:event:type=aa_ad_start&l:event:duration=0&l:event:playhead=0&l:event:ts=1505832027758&l:event:prev_ts=-1&s:asset:type=ad&s:asset:video_id=3711097&s:asset:publisher=823BA0335567497F7F000101%40AdobeOrg&l:asset:duration=24&s:asset:ad_id=ad_0_0&s:asset:ad_sid=1505832027747899167809&s:asset:resolver=Anvato%20Universal%20Player&s:asset:pod_id=fcd12c574f219b901155d83d212610e4_1&s:asset:pod_position=1&s:stream:type=vod&l:stream:bitrate=0&l:stream:fps=0&l:stream:dropped_frames=0&l:stream:startup_time=4
Requested by
Host: w3.cdn.anvato.net
URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/lib/VideoHeartbeat.min.js
Protocol
HTTP/1.1
Server
52.54.205.204 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-54-205-204.compute-1.amazonaws.com
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36
Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
Origin
http://philadelphia.cbslocal.com

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 19 Sep 2017 14:40:28 GMT
Server
openresty
Connection
keep-alive
296EAD3D7AB442B894706CEA5A80B715.jpg
cbslocal-uploads.s3.amazonaws.com/captures/296/EAD/ Frame 825. 		184 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/captures/296/EAD/296EAD3D7AB442B894706CEA5A80B715.jpg
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
0a05dd0bb4ff54c451d707778ee20553d8e1d62ece737a6e8291242bf7d4fa5e

Request headers

Response headers

Date
Tue, 19 Sep 2017 14:40:28 GMT
Last-Modified
Tue, 12 Sep 2017 21:50:04 GMT
Server
AmazonS3
x-amz-request-id
83CCE66E2B869E5B
ETag
"546838038c63584ea02945c51d508ab4"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
188509
x-amz-id-2
IzaejfLids+NUlB6t43E82Q3i04ZIxwMkdPaI5FjdSWqLIXI+Fqqp+e3+ksswpFp4xg9xBTChes=
C6925CAB5EB54E9DA499A1B6A6936CA5.jpg
cbslocal-uploads.s3.amazonaws.com/captures/C69/25C/ Frame 825. 		238 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/captures/C69/25C/C6925CAB5EB54E9DA499A1B6A6936CA5.jpg
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
362a5455df68219b78f0e73a9d90d61a34b08e80c998ebe1318e67484580f4b5

Request headers

Response headers

Date
Tue, 19 Sep 2017 14:40:28 GMT
Last-Modified
Mon, 18 Sep 2017 22:13:38 GMT
Server
AmazonS3
x-amz-request-id
68D10D458CE7258B
ETag
"3b1870311b6e00f3b57bdb1c0a6b1daa"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
244051
x-amz-id-2
4dL9Xe15eaK88w1bfs1USw1bfxV470e6h9zXySlYoPfYyx8XcM7j2GEzoj4pbfuOV0tUl7AAPRk=
FCCA2F1A57CA464A9CA16CB21C3A67C0.jpg
cbslocal-uploads.s3.amazonaws.com/captures/FCC/A2F/ Frame 825. 		213 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/captures/FCC/A2F/FCCA2F1A57CA464A9CA16CB21C3A67C0.jpg
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
28d1a669a4544bf78a592a9ea039defec710e3b9a5205041cd49528c8fd621ed

Request headers

Response headers

Date
Tue, 19 Sep 2017 14:40:29 GMT
Last-Modified
Mon, 18 Sep 2017 02:33:19 GMT
Server
AmazonS3
x-amz-request-id
4334E0DC4BBC6014
ETag
"837a2217486df4056eec412e07bc5cd9"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
218300
x-amz-id-2
y3/LGzlH7XYeXnrsZsikut/vvCxXPQDqfUqfxehENiUjSk6w8E21KkxbCzemPYOWe8vBAzZ7pJ8=
EAECB4A4CEA14818A5D9773D216296CF.jpg
cbslocal-uploads.s3.amazonaws.com/captures/EAE/CB4/ Frame 825. 		232 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/captures/EAE/CB4/EAECB4A4CEA14818A5D9773D216296CF.jpg
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
34020ad2687f1fd00d7a74457a676f3449021c5800b87266881feea3c99f3be0

Request headers

Response headers

Date
Tue, 19 Sep 2017 14:40:29 GMT
Last-Modified
Thu, 14 Sep 2017 22:53:43 GMT
Server
AmazonS3
x-amz-request-id
07DAA3CC342FBFFE
ETag
"db9599fcbc326e8014944f8deac89184"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
237812
x-amz-id-2
zVi4/FIcn8pi3GXjrBRCYVfDClitWVPGBtQc0kntC/eg3lnAj7NSYv/xXJYqzkZqijahXOyTBRg=
5CA00D90233E4C56B2CD93DDCB92B218.jpg
cbslocal-uploads.s3.amazonaws.com/captures/5CA/00D/ Frame 825. 		280 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/captures/5CA/00D/5CA00D90233E4C56B2CD93DDCB92B218.jpg
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
87565e806657769d813d39200e134d70e911b86acec06148b9c9a8258337e183

Request headers

Response headers

Date
Tue, 19 Sep 2017 14:40:29 GMT
Last-Modified
Sat, 16 Sep 2017 03:10:12 GMT
Server
AmazonS3
x-amz-request-id
C030CA9039C034A3
ETag
"97362daf00a27906fc217217c56bd8ab"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
287098
x-amz-id-2
BX5Bjxnsw2umj207sQ75FjQOsu+E5oUBqcXj83iFqaPFl+5Ygmq8p4cAxKjjxgOWm7ffswBroAc=
652D32D6F91F4B80A7DB3E7F28B871DB.jpg
cbslocal-uploads.s3.amazonaws.com/captures/652/D32/ Frame 825. 		374 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://cbslocal-uploads.s3.amazonaws.com/captures/652/D32/652D32D6F91F4B80A7DB3E7F28B871DB.jpg
Protocol
HTTP/1.1
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
5ce3c6866d05727e7ad397e2e1ec65b20e9bae002fc2fe544d9b75e15bab2f89

Request headers

Response headers

Date
Tue, 19 Sep 2017 14:40:29 GMT
Last-Modified
Mon, 18 Sep 2017 03:33:38 GMT
Server
AmazonS3
x-amz-request-id
2464DFEBC1B7529F
ETag
"3ddc997ead5772bffeae5ff37f0a77c6"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
383184
x-amz-id-2
47KYBjZ2z/LXaH0zY9qfLZ9trcM7g/3oMTmNXW4lhp3ZuaRm6wk57U7cDqo1rVGEngAq9pvOnxw=
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&h=60&w=120&fy=0&gp=0&zMoatPS=header&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222415708&f=0&j=&o=3&t=1505832024067&de=628471575348&cu=1505832024067&m=5608&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=5113&an=1313&gi=1&gf=5113&gg=1313&ez=1&ck=1113&kw=1024&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5113&bx=1313&ci=1113&jz=1024&dj=1&aa=1&ad=4983&cn=1183&gn=1&gk=4983&gl=1183&co=1183&cp=1170&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=4970&cd=1170&ah=4970&am=1170&rf=0&re=0&wb=2&cl=0&at=0&d=147452668%3A489132028%3A436875628%3A138201817661&zMoatNonPlayer=true&bo=24653668&bp=222415708&bd=header&gw=cbslocal166502539715&dfp=0%2C1&la=222415708&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=1301894646&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:29 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:29 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&h=31&w=88&fy=0&gp=0&zMoatPS=Position%20Not%20Identified&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222164788&f=0&j=&o=3&t=1505832024122&de=689640579158&cu=1505832024122&m=5603&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=5100&an=1100&gi=1&gf=5100&gg=1100&ez=1&ck=1100&kw=924&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5100&bx=1100&ci=1100&jz=924&dj=1&aa=1&ad=5015&cn=1015&gn=1&gk=5015&gl=1015&co=1015&cp=924&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=4919&cd=924&ah=4919&am=924&rf=0&re=0&wb=2&cl=0&at=0&d=148848988%3A492008428%3A440564428%3A138204132162&zMoatNonPlayer=true&bo=24653668&bp=222164788&bd=Position%20Not%20Identified&gw=cbslocal166502539715&dfp=0%2C1&la=222164788&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=483692952&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:29 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:29 GMT
pixel.gif
px.moatads.com/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&kq=1&lo=1&qs=1&ak=-&i=CBSLOCAL1&ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5D%5B%3B1RX%25lQMV9%22W6~P6Jn)s)%3Ee3wW0uC%2BA5%3Deu!LfBB2%2B%7BLT7%25%40qwMoI3%2B%3BggqhB3U4(%5B*rUo81C%24k%25zrI81V5.NO)Wx%7C*K%24%3D!L2mxgk3M%3C1z%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3ClF&qp=00000&qq=000000000000&qr=0&is=OpmksCBC2mm2gCBMsfCMCK1h3SCLCBBCtZCPi2lusSCyfCBPM82CKeCBCC0YktCBBBBCKoessCMCeGBCBBCLCCCGsWnBBBBRkCCCD689gCeW4koCCBCCKMYClmvDCCQQCQBCBBKKckmEIyICBmgymn8nXDUyeDDIUCCCMqXSNCCCCCCCCCBBBhPBCcCwC6rCeOCCBGCCBCBCBBSaMVeCBBaC&iv=1&gz=0&hh=0&hn=0&qt=0&bq=0&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&h=250&w=300&fy=0&gp=0&zMoatPS=adhesion&zMoatST=Site%20Not%20Defined&zMoatOrigSlicer1=24653668&zMoatOrigSlicer2=222239308&f=0&j=&o=3&t=1505832024323&de=209710007744&cu=1505832024323&m=5610&ar=44605d6-clean&cb=0&ll=2&lm=0&ln=1&r=0&dl=0&dm=1000&dn=0&gh=1&td=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1200&lk=undefined&lb=2925&le=1&gm=1&io=1&ch=0&as=1&ag=5123&an=1320&gi=1&gf=5123&gg=1320&ez=1&ck=1120&kw=951&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5123&bx=1320&ci=1120&jz=951&dj=1&aa=1&ad=4961&cn=1158&gn=1&gk=4961&gl=1158&co=1158&cp=1149&cq=1&im=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&bu=4951&cd=1149&ah=4951&am=1149&rf=0&re=0&wb=2&cl=0&at=0&d=4403365912%3A2099624806%3A4351794217%3A138205913720&zMoatNonPlayer=true&bo=24653668&bp=222239308&bd=adhesion&gw=cbslocal166502539715&dfp=0%2C1&la=222239308&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&fs=122435&na=671403828&cs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.53.175.46 Cambridge, United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-53-175-46.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 19 Sep 2017 14:40:29 GMT
Last-Modified
Fri, 20 May 2016 15:16:00 GMT
Server
Apache
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Tue, 19 Sep 2017 14:40:29 GMT
sfp.js
native.sharethrough.com/assets/ 		368 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://native.sharethrough.com/assets/sfp.js
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJy1kdEOwiAMRX9Ixjajb8ZvQdYxsBQcMLO/ly0anQ9mezAhaUrvuaWF3z3TJDE1ELjJ55agH5+hMGHHfwmY1aoXEQqr6SWWjiJQ5LEDm5FBey4vgaGTAvmnU5tIRu0obCa9w7HViJtBs4rwmJSmwK1rEuaqaGY4BzbUqxzee2pBZEWPWnVxkaxe2fdrZhGzgoSCfuq0uGB50mt0/h/WgDmjOP3X2Z6qQ7k/llVVl+YBShjYvw==
Protocol
HTTP/1.1
Server
52.84.26.47 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-84-26-47.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3c7fce72a2c412cdec655ce117eb5f389ac0f54a27e33caa9993377666a6f4e8

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Mon, 18 Sep 2017 19:51:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 Sep 2017 19:51:57 GMT
Server
AmazonS3
Age
2912
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 7fa7088cca668218fbd8b325f55fba9b.cloudfront.net (CloudFront)
Cache-Control
public, max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
bM_nYq3q3inyZyTfJB2bLfrXmuUqLmO4K5J7yUBwKU0M_pDnec0t0A==
Expires
Mon, 18 Sep 2017 20:51:55 GMT
/
loadus.exelator.com/load/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://loadus.exelator.com/load/?j=d&p=279&g=016&global=cbslocal&interface=site&station=http%3A%2F%2Fphiladelphia.cbslocal.com&ctg1=news&category=news%2Ctalkers&ctg2=talkers&location=philadelphia&type=local&group=swtv&tit=hackers-malware-pc-ccleaner
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJy1kdEOwiAMRX9Ixjajb8ZvQdYxsBQcMLO/ly0anQ9mezAhaUrvuaWF3z3TJDE1ELjJ55agH5+hMGHHfwmY1aoXEQqr6SWWjiJQ5LEDm5FBey4vgaGTAvmnU5tIRu0obCa9w7HViJtBs4rwmJSmwK1rEuaqaGY4BzbUqxzee2pBZEWPWnVxkaxe2fdrZhGzgoSCfuq0uGB50mt0/h/WgDmjOP3X2Z6qQ7k/llVVl+YBShjYvw==
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
216.52.1.12 , United States, ASN30282 (AS-INAPCDN-OCY - Internap Network Services Corporation, US),
Reverse DNS
Software
nginx/1.10.1 / Undertow/1
Resource Hash
5137a1dcad7f6ad750d66c13561ea9dbc825094127f9c5bccb0699132927f44a

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:29 GMT
Server
nginx/1.10.1
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
P3P
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/x-javascript;charset=UTF-8
net.php
loadus.exelator.com/load// Frame 825. 		0
0
pixel.gif
load.s3.amazonaws.com/
Redirect Chain
  • https://ib.adnxs.com/getuidnb?https://loadm.exelator.com/load/?p=204&g=014&bi=$UID&j=0
  • https://loadm.exelator.com/load/?p=204&g=014&bi=5160562550509235139&j=0
  • https://load.s3.amazonaws.com/pixel.gif
43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://load.s3.amazonaws.com/pixel.gif
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.128.43 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
http://philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Tue, 19 Sep 2017 14:40:31 GMT
Last-Modified
Mon, 14 Feb 2011 11:09:26 GMT
Server
AmazonS3
x-amz-request-id
593CD127C83420C9
ETag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
Content-Type
image/gif
x-amz-meta-s3fox-filesize
43
x-amz-meta-s3fox-modifiedtime
1297679395316
Accept-Ranges
bytes
Content-Length
43
x-amz-id-2
YRE/dCxdICZmmVwWjCArpB7V18uMQtxfHzNOyc0syJZML7+SfYe88vhkbM9mIwq2OHJsNCzqOPk=

Redirect headers

Date
Tue, 19 Sep 2017 14:40:29 GMT
Server
nginx/1.10.1
X-Powered-By
Undertow/1
P3P
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Location
https://load.s3.amazonaws.com/pixel.gif
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fast.cbs-local.demdex.net
URL
http://fast.cbs-local.demdex.net/dest5.html?d_nsid=0
Domain
my.cbslocal.com
URL
https://my.cbslocal.com/mycbslocal/pages/Login.aspx
Domain
platform.twitter.com
URL
https://platform.twitter.com/widgets/twitter_cookies.html?namespace=twttr%3Acookies&origin=http%3A%2F%2Fphiladelphia.cbslocal.com
Domain
staticxx.facebook.com
URL
https://staticxx.facebook.com/connect/xd_arbiter/r/5oivrH7Newv.js?version=42
Domain
staticxx.facebook.com
URL
https://staticxx.facebook.com/connect/xd_arbiter/r/5oivrH7Newv.js?version=42
Domain
sync.rhythmxchange.com
URL
https://sync.rhythmxchange.com/usersync2/sonobi
Domain
d3135glefggiep.cloudfront.net
URL
http://d3135glefggiep.cloudfront.net/anvtp.html?pinstance=p0&tsoffset=1505832022750
Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvHO9aH-Xtin7uIvWAKdShm5kLaPEm4svQGAI-t_k8TVmJinspKH5s22JA4vcopojlIjsi8PduPGTNKvhVFkrEAmEgd_IfE75VkSAquaV_RKsb88WKDAcEbbSIiVavu-ulRw0VVxpcNbutpwlPS0xgm-7bc_hsFIivR5gexF6816PCYJD-TVYnKSCyiHX0anMcommrW-SuP1OQYBBzFVdTgNlUdHfhEmS-t1u_1TITAyaZiL4gyV9rRN3_3Z0d3qwNFVpez8bpz4Uv_masfqzuDV-7sQszYsC0&sig=Cg0ArKJSzJdF2kE2RUx8EAE&urlfix=1&adurl=
Domain
sync.teads.tv
URL
http://sync.teads.tv/iframe/redirect
Domain
imasdk.googleapis.com
URL
http://imasdk.googleapis.com/js/core/bridge3.179.0_en.html
Domain
u.connatix.com
URL
https://u.connatix.com/iframes%5C44720f84-21ae-4882-bf37-0450bb4a1f13.html
Domain
loadus.exelator.com
URL
https://loadus.exelator.com/load//net.php?n=PGltZyB3aWR0aD0iMSIgYWx0PSJFeGVsYXRlRGF0YSIgc3JjPSJodHRwczovL3N5bmMubWF0aHRhZy5jb20vc3luYy9pbWc%2FbXRfZXhpZD0xMDAwOCZyZWRpcj1odHRwcyUzQSUyRiUyRmxvYWRtLmV4ZWxhdG9yLmNvbSUyRmxvYWQlMkYlM0ZwJTNEMjA0JTI2ZyUzRDEwMSUyNmolM0QwJTI2YnVpZD1bTU1fVVVJRF0iIGhlaWdodD0iMSI%2BPC9pbWc%2BPGltZyB3aWR0aD0iMSIgYWx0PSJFeGVsYXRlRGF0YSIgc3JjPSJodHRwczovL21hdGNoLmFkc3J2ci5vcmcvdHJhY2svY21mL2dlbmVyaWM%2FdHRkX3BpZD1leGVsYXRlIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgd2lkdGg9IjEiIGFsdD0iRXhlbGF0ZURhdGEiIHNyYz0iaHR0cHM6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9nb29nbGVfbmlkPWV4ZWxhdGUmZ29vZ2xlX2NtJmdvb2dsZV9zYyIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHdpZHRoPSIxIiBhbHQ9IkV4ZWxhdGVEYXRhIiBzcmM9Imh0dHBzOi8vc3luYy50aWRhbHR2LmNvbS9HZW5lcmljVXNlclN5bmMuYXNoeD9kcGlkPTQiIGhlaWdodD0iMSI%2BPC9pbWc%2BPGltZyB3aWR0aD0iMSIgYWx0PSJFeGVsYXRlRGF0YSIgc3JjPSJodHRwczovL21hdGNoLnJ1bmRzcC5jb20vbWF0Y2guZ2lmP3BhcnRuZXI9bmllbHNlbiZpZD0zMmFkZDI2NzEyZjUyNjdiNzUwYmNkN2Q0MDRiZDkwOSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=9dd239f3554381ae97d55ffd665c4f4f

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Domain/Path Name / Value
.connatix.com/ Name: _gid
Value: GA1.2.1649351676.1505832025
.connatix.com/ Name: _ga
Value: GA1.2.1837768786.1505832025
.teads.tv/ Name: tt_viewer
Value: 929dfefe-c5b3-4f29-9fe7-a27a2b986ea7
.teads.tv/iframe Name: tt_emetriq
Value:
.teads.tv/iframe Name: tt_bluekai
Value:
my.cbslocal.com/ Name: AWSALB
Value: /wvztv60npC0JD/8Nk29FHzlfpMK8JAdPfEAg7noAUfJyOuUjvQmnXJNLsAzpHLl66PrBqBmjS2luxV7YaHNsGIR9CGS7CDCiyWVBl8FTA2B8rNN0u4xPuceayVG
.cbslocal.com/ Name: __gads
Value: ID=43cd44a28744763c:T=1505832023:S=ALNI_MY90SxLlxGikFQSzHCWHkOpKas85Q
.cbslocal.com/ Name: sso-sessionid
Value: donotdisturb
.cbslocal.com/ Name: stsess
Value: t1505832023.324_aff858994100f4c7fa7c5de1a823c0d5
.cbslocal.com/ Name: __qca
Value: P0-1725652699-1505832023245
philadelphia.cbslocal.com/ Name: ndn_uut
Value: 77b846a3-9d48-11e7-9011-0a4e33a29963
philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner Name: IS_TOKENIZED_FFFABEE9C2175E2146989B039EAFF514
Value: false
philadelphia.cbslocal.com/ Name: __ybotu
Value: j7rpi8pfsbd9ot9ddc
.connatix.com/ Name: _gat
Value: 1
philadelphia.cbslocal.com/ Name: __ybotb
Value: f606
.cbslocal.com/ Name: AMCV_823BA0335567497F7F000101%40AdobeOrg
Value: 1256414278%7CMCIDTS%7C17429%7CMCMID%7C90189725204722946433263558871443104714%7CMCAAMLH-1506436824%7C6%7CMCAAMB-1506436824%7CcIBAx_aQzFEHcPoEv0GwcQ%7CMCOPTOUT-1505831964.753%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-17436%7CvVersion%7C2.1.0
.philadelphia.cbslocal.com/ Name: __utmb
Value: 116927303.2.10.1505832023
philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner Name: IS_TOKENIZED_B1ABDEC1112E660DE45482E659E95156
Value: false
.philadelphia.cbslocal.com/ Name: __utmt
Value: 1
.teads.tv/iframe Name: tt_exelate
Value:
philadelphia.cbslocal.com/ Name: trc_cookie_storage
Value: cbslocaltv-philadelphia%253Asession-data%3Dv2_8bb0c8239e324eafed9151f670c17435_d6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6_1505832022_1505832022_CNawjgYQkrNBGPzm1NTpKyABKAEwOA%7Ctaboola%2520global%253Alocal-storage-keys%3D%255B%2522cbslocaltv-philadelphia%253Asession-data%2522%252C%2522taboola%2520global%253Auser-id%2522%255D%7Ctaboola%2520global%253Auser-id%3Dd6790c4e-3cdb-4c42-b623-b3419f9597bb-tuctbab1d6
philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner Name: DEVICE_ID
Value: 973A2633-DA77-4E34-BABA-E66791FEDC58
.connatix.com/ Name: cuid
Value: 6ddbcc11-cbd5-4018-bb14-d9b25e5d686f
.demdex.net/ Name: demdex
Value: 90184013968691222523261840264850251765
.philadelphia.cbslocal.com/ Name: __utmc
Value: 116927303
.cbslocal.com/ Name: sp_cmd
Value: /mms/get_site_js?v=1&account_id=323&abp=false&referrer=&jv=1.7.812&t%5Bx%5D=y&cdc=window._sp_.mms._internal.cdc1
philadelphia.cbslocal.com/ Name: __atuvs
Value: 59c12c558db6ba75000
philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner Name: sbi_debug
Value: false
.philadelphia.cbslocal.com/ Name: __utmt_~1
Value: 1
philadelphia.cbslocal.com/2017/09/18/hackers-malware-pc-ccleaner Name: trctestcookie
Value: ok
.philadelphia.cbslocal.com/ Name: __utma
Value: 116927303.784117593.1505832023.1505832023.1505832023.1
philadelphia.cbslocal.com/ Name: __ybots
Value: j7rpi8pf1j9lw7t8e3.1.j7rpi8pfwvybkpsk9t.1
.philadelphia.cbslocal.com/ Name: __utmz
Value: 116927303.1505832023.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
philadelphia.cbslocal.com/ Name: __ybotv
Value: 1505832022419
philadelphia.cbslocal.com/ Name: __ybotc
Value: http%3A//ads-adseast-vpc.yldbt.com/m/
.cbslocal.com/ Name: AMCVS_823BA0335567497F7F000101%40AdobeOrg
Value: 1
philadelphia.cbslocal.com/ Name: sbi_user_sync_complete
Value: true
philadelphia.cbslocal.com/ Name: __atuvc
Value: 1%7C38
philadelphia.cbslocal.com/ Name: __ybotn
Value: 1
.cbslocal.com/ Name: s_cc
Value: true

3 Console Messages

Source Level URL
Text
console-api log URL: https://s0.wp.com/_static/??-eJy1kdEOwiAMRX9Ixjajb8ZvQdYxsBQcMLO/ly0anQ9mezAhaUrvuaWF3z3TJDE1ELjJ55agH5+hMGHHfwmY1aoXEQqr6SWWjiJQ5LEDm5FBey4vgaGTAvmnU5tIRu0obCa9w7HViJtBs4rwmJSmwK1rEuaqaGY4BzbUqxzee2pBZEWPWnVxkaxe2fdrZhGzgoSCfuq0uGB50mt0/h/WgDmjOP3X2Z6qQ7k/llVVl+YBShjYvw==(Line 9)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1
console-api warning URL: http://w3.cdn.anvato.net/player/prod/v3/0lu3h1hjh95o07l4/scripts/anvplayer.min.js(Line 165)
Message:
adsManager can not determine if preroll exists or not
console-api log URL: http://native.sharethrough.com/assets/sfp.js(Line 1)
Message:
SHARETHROUGH'S TAG.JS IS ALREADY DEFINED ON PAGE

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
0914.global.ssl.fastly.net
a.teads.tv
aa.agkn.com
ad.afy11.net
ad.crwdcntrl.net
ad.doubleclick.net
anvato-api-config.s3.amazonaws.com
apex.go.sonobi.com
api.connatix.com
api.wunderground.com
apis.google.com
assets.adobedtm.com
b.scorecardresearch.com
b.sharethrough.com
bh.contextweb.com
c.amazon-adsystem.com
c.newsinc.com
cbsdigitalmedia.d1.sc.omtrdc.net
cbsdigitalmedia.hb.omtrdc.net
cbslocal-download.s3.amazonaws.com
cbslocal-uploads.s3.amazonaws.com
cbsphilly.files.wordpress.com
cdn.babator.com
cdn.connatix.com
cdn.taboola.com
cdn.teads.tv
cdn.yldbt.com
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
d.agkn.com
d1marr3m5x4iac.cloudfront.net
d3135glefggiep.cloudfront.net
d5i9o0tpq9sa1.cloudfront.net
dbg52463.moatads.com
dpm.demdex.net
e.nexac.com
edge.quantserve.com
ev.cbslocal.com
eventful.com
fast.cbs-local.demdex.net
fonts.googleapis.com
fonts.gstatic.com
gum.criteo.com
i.liadm.com
i.yldbt.com
ib.adnxs.com
idsync.rlcdn.com
images.intellitxt.com
images.taboola.com
imasdk.googleapis.com
keymaker.go.sonobi.com
launch.newsinc.com
load.s3.amazonaws.com
loadm.exelator.com
loadus.exelator.com
m.addthisedge.com
match.adsrvr.org
match.taboola.com
maxcdn.bootstrapcdn.com
ml314.com
mms.cbslocal.com
mtrx.go.sonobi.com
my.cbslocal.com
native.sharethrough.com
p.adsymptotic.com
p.cpx.to
pagead2.googlesyndication.com
philadelphia.cbslocal.com
philadelphia_cbslocal.us.intellitxt.com
pixel.quantserve.com
pixel.tapad.com
pixel.wp.com
platform-cdn.sharethrough.com
platform.twitter.com
px.moatads.com
pxl.connexity.net
r-login.wordpress.com
rt.analytics.anvato.net
rtax.criteo.com
s.cpx.to
s0.2mdn.net
s0.wp.com
s1.2mdn.net
s1.wp.com
s7.addthis.com
secure.adnxs.com
securepubads.g.doubleclick.net
services.babator.com
ssum.casalemedia.com
staticxx.facebook.com
stats.wp.com
sync.go.sonobi.com
sync.mathtag.com
sync.rhythmxchange.com
sync.teads.tv
t.teads.tv
tags.bluekai.com
tkx2-prod.anvato.net
tpc.googlesyndication.com
trc.taboola.com
tru.am
u.connatix.com
us-u.openx.net
vodtv.cbslocal.com.edgesuite.net
w3.cdn.anvato.net
wayne.cbslocal.com
wsidata.weather.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.summerhamster.com
x.bidswitch.net
x.dlx.addthis.com
z.moatads.com
d3135glefggiep.cloudfront.net
fast.cbs-local.demdex.net
imasdk.googleapis.com
loadus.exelator.com
my.cbslocal.com
platform.twitter.com
securepubads.g.doubleclick.net
staticxx.facebook.com
sync.rhythmxchange.com
sync.teads.tv
u.connatix.com
104.155.1.176
104.16.16.35
104.16.25.235
107.22.197.53
130.211.42.235
151.101.112.166
151.101.112.249
151.101.113.198
151.101.114.2
151.101.114.49
162.217.198.29
172.217.17.130
172.217.22.34
173.241.240.143
178.250.0.100
178.250.0.67
184.169.142.67
184.72.35.80
185.29.133.58
185.33.223.206
185.33.223.208
185.57.60.185
192.0.72.21
192.0.73.2
192.0.76.3
192.0.77.32
192.0.78.19
192.0.79.33
198.232.125.123
205.185.208.126
216.52.1.12
216.58.210.6
23.53.173.136
23.53.174.16
23.53.174.233
23.53.174.58
23.53.175.42
23.53.175.46
2400:cb00:2048:1::6819:a322
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:816::2003
2a00:1450:4001:816::2006
2a00:1450:4001:816::200a
2a00:1450:4001:816::200e
2a00:1450:4001:81e::2002
2a00:1450:4001:81f::2002
2a00:1450:400e:807::2001
2a00:1450:401b:801::2004
2a02:26f0:78::5f64:f863
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
31.24.80.101
34.202.58.138
34.206.181.118
34.212.9.224
34.231.117.225
34.231.142.135
34.252.181.159
35.156.205.1
35.156.23.61
38.106.10.132
52.10.154.150
52.19.73.66
52.2.84.170
52.20.191.180
52.20.69.247
52.208.229.32
52.208.64.124
52.208.96.211
52.212.134.99
52.216.128.43
52.216.32.106
52.22.138.219
52.3.95.241
52.48.66.100
52.49.102.241
52.51.73.34
52.54.205.204
52.59.88.2
52.73.89.197
52.84.26.155
52.84.26.236
52.84.26.47
52.84.29.216
52.84.31.103
52.85.88.108
52.85.89.63
52.85.89.95
52.85.93.206
52.85.93.72
54.192.54.240
54.231.72.195
54.72.169.137
54.72.198.94
66.117.28.86
66.235.148.64
74.117.199.102
8.41.222.241
94.31.29.250
95.100.248.105
95.100.248.112
95.101.241.152
95.101.241.61
95.172.94.11
0240e5a7e9effb51056056ad21d9472702d35b525c89b3784bb2a03b8f3268af
0356044214bfbedb4744e88e7b07a853ac4fa09bb7381832e48886d6d4b7096e
05317cfcefe255d2a2543204d25f805f94e43446ba2de196f0e76292a8979d05
05d403761ddc938a66dc16d50ea6036159cc2b42f969e36575324502e13df5f4
06acc89ca7a0d8928e01f62ba3e213e2bdc362c327d5b65298d41e2fa7f6c5c2
0938393aec111020c6377a2199db7b1e427e2c4221ca0436f9bf60b71e121750
0a05dd0bb4ff54c451d707778ee20553d8e1d62ece737a6e8291242bf7d4fa5e
0a42d405c353edd15594d2ee30d099097ea995e7d7c990ecf81bec9a0ad90082
0b836d710aa46e062e43daadb0ba492244ba2155993d1bcbf22c1fd68bb8c258
0cc9c489ed53c8b8c8219a71a03e3c4fcfa657e9f33a301111040df08e2f7777
0d440d86df137beef732040ac89c61e275543c6e94f436ebab6f3ac6a08b7a72
0e337924ccb0b6bac0e260911b45e3a508668eaa237cebf67f5a32cba6224f3b
0e4e46fa1aa04c24e793912d7aabaa2f2b0f7dc03d73cf74fbe12cb84f062554
0f406b6a1470bec128a9ea4b474743f4f3f3cc6bbd79738aad5c6622a6dddd0d
112c6f20b46b407e71e54c0e3d611c423d818effc4b2830d3ac181d6fe430489
11643d61d70df561bc16a2bab9ebc74d0776b6f402f6ce7d3f2b6ad89b681097
12f3799c970a4b11af799379bb3f3a2647b750e57f5b67c83b15979a80fa4c07
13212dd00db0953c536cd4b4feb15bac1bb65761d235ee0ca65bdb975be6a662
14278d5af8efde9802d03dcdee00802683e45ab9ba28aac389c3366ff831ff83
18fb4e0dbc857feaf9c86da0e90053f98842c5dc71c7d65f77c843be5dd7e5bb
1a00afcf6794277c1db53fc76f13094cc94fb0fe498cc4e13cbfd7ea849ce314
1bc3050ed2fe13c304aa685037fdaf4e1c65baa779ab8b4de62e2db956357279
1db1ef9f35ba473be8b7f429f77ba021307591ed16c678258b420f2de3af2f7b
20e27fb192d58ea59a16f9b9b46759cdbf0f4ef93e57b781dd9d30916950e669
21c557180f1bd074974eb41ae4228b6aa9c41234ab1729d780bc8f05761110bb
22610d70041dc0dc2b17ce404982f36a00fbf5159b510befc4d4849b126857b1
23de362c60bd7a93bfae2af36d70bfac0afc6a530479acd69749fc53008d3daf
2465f67342841d5db9f96c3ec1d4428c00e6d62c10424d6f9262403d599e9e92
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
24f0c478c163116ebd58dba6c4ec5f9f6ca7bf6fe2def65c5d3ebd80c6e65769
256a19c60a8089b6468b4b981d722e5515fd4c5177477cab146c781766b3319c
25dd8ef86a2a6f3af98f6db69607bfb39b77a0bcc50f67b4a6b0033f3831541e
27b46ea060aac85e06d29dbfb378a9d2219f8710375ee7ae346c9bdb02a88977
288fa7491b981b64411d2dad9310801c9cbf660c24fbc6a107976f3648cb0f26
28d1a669a4544bf78a592a9ea039defec710e3b9a5205041cd49528c8fd621ed
2953060dfc62638c45464def96b9c432c954f31756aae2fdcfd7d8b75ce36252
29b96bc547f42cb2d5f3662151cd8b304801cc4ab0816f757dfae350ce1c20c4
2ae27e72ed08b5b603a98339e6e7f05b0f85c8076112cdba799f1a8b5ae2b093
2b1450c37241c5cdf593d7ef02caee6f6c0b4ad8945b98e84e7ece4e300172ad
2b500902a3650ddd33e245bf2780d29efb7e38e586441d8b64d40c2751960904
2b750170407fa58eb36575284c2d88754ee8c0ba862777156aca1a6b0fbeb561
2c32b8cb0f5599ed3e8201f9dec8584371af008a6f91fad87dbba54f7d736617
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3018bfbafb684f6cca9b8512605bfe28e8e9facafdba948c4367c7ee090bcf33
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32c1c76d0d27a0102d67e70587d03cd9eb9d627c5b92f221c43285d937b48f71
3355c923370ecc8ee9058b750ab449bf53bd0ce1a969650c6806dc17cada5e22
34020ad2687f1fd00d7a74457a676f3449021c5800b87266881feea3c99f3be0
362a5455df68219b78f0e73a9d90d61a34b08e80c998ebe1318e67484580f4b5
369131ad65e220d28be48bdb840c9505ffce18f825fec27ae8a0c611253ecf7e
36acf72304a9bb850b5b16c25606446349be3de58666c04a405872922d1bdc79
372b6c7ce38915dfe1e414a5e3d0cb0ce53829b5622f3b970bd73d10366dfef3
3745e4e7777dccf20f02466c3f449faa99ce1b6141a23a8a69cd263097dd8b11
391898afef2cfdb94dfdcc232f1143e0da2cf6c93b3fe41147c1b8e398ca71f6
3a6793113bc327e12b7bba0672d6125287254ed2048e6f73a9f0f9aef3e442e8
3b0436812fae61083977ba5fdf52896d4a9378d2d36fa20a5269caf752d2e42b
3c10d08e6f27ea56a917e165c8a86663c09cc382d4e5dd99c47c2970696ec584
3c52267e9ff41ff68e5acc0f217266e58da7c8e582153455b9190b51407abad0
3c7fce72a2c412cdec655ce117eb5f389ac0f54a27e33caa9993377666a6f4e8
3d87e898c4d82cc05eeb0a6c1e6d39f6898a8b550366564ae6e7b57bd74d566f
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ebf690d45694c4f61fc88cc3cdb795519db89618fb7c6ef1545d8f430485d18
3f10442336cd9b12279a4662345ca628aa1dc48b9993a7cc75c2077b6ecbaf6b
41b43dfcaa5df5653cbe987467ce3e0248b4f92e32af3f0d000aced1ad73d383
451cbd70f84bc89a26574f674d893b96d2e6e09141418b285f8233fe80741e7a
45a4c895b82ba3b2ddf8593ed2b43f568f6158b2667b8c6df5c194c05d9a834d
4615a4a92840551fd358ba6b5eb576def91076dd2ec62d505af7d1a166960065
46f2146f11986c2e812380e113d75b65fcf506174e59490fb2963da4727a4734
47109b8930a0453870e5f0d19fa81b9c7e9d174c9c606bbf61f05ed4645af1c9
48098da7b08a94c3c3c814c6c7f1ec8caf664c16fd02771b86ea4a88469ba11e
497cab21efb9858138031b7be7b5e459580f11e307e1b865ee58aaf80c59ac6b
4a3d17b20312cc1f6af7fb7cbf5fa7b8d762d2bd7663b0f4cc773d0756ee647b
4c2388ac6a4eaada86eb12a6cf7152f661a40c7357ec6abcef4ab11abbb7be31
4c5cfcbb493c57e4e601aa0b6e6704c45809a7d16a217b22c83a40eb96d709b9
4c9e52498dc6c0afe8657a9b95ef6417d33e15bd17fd4b4b6301ef908ffe7ea1
4cfa24182cd229513995eefdbaaa46f4c478bb0cd3580cd8d873bc6865c81658
4dc10d61a7d456c118c0b7751423253badbc69c55dce398b5224933b9f96bed6
4f82d304a482f1b45e00d92e1de3768fc53bcabfa88a29b4da1360b38dbf19b6
508676ec97ad501029e1e6ccbc60d712b3b64ab8991e5d12abfee5022ff33e9b
5137a1dcad7f6ad750d66c13561ea9dbc825094127f9c5bccb0699132927f44a
51c4be3b629a685f298e9fa0bb5c7c92bf197db2818325b26acc34918004d9c4
51fe1cce811705c84c2ef697bed69b048e97450789bd9bf9e53d1270e6747750
527bef1acdaa37b82242bd83c72c79631426be2ee795ed33d7391bee7087df35
528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187
5294904674d025ab60f5d8aa71ec5243fc11e0f32bd5caaf7087392e5f1ddf8b
52d1da2c5847dd17a417856446d90133a94183e904c122ef4be223cf85d2be7c
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a57761d893d7076c0f4bd161f4f2fc89305660764b5a3f217c349056e18e35
55ca5bfda3d140e229e329d321a7467a04d475a983d6b09f4a8ec2ce18837347
55e6fdbd184bbca59a57c7c32bfc775b593f50d44504de376dd6f9a0cb07a10d
561bf48852c16969c1f41edbc655616e52483958db2036c72defeba4575f8904
57d9ab90395db464ed881ca21d111e1f4c628b8cd5e7c9665f9ca57b0dcb4256
5929626ff06ed21c984b22e425141b1b88334b84a41f4f0fa5dfdac5ef314033
5959998bae947898273c1e130ba96e8b9102fae7b4ad767bebc891e0101f5b01
5992908e117ac8cbeb87adea5cc922b2786fde5a72d9344411f6831c1b414675
5ce3c6866d05727e7ad397e2e1ec65b20e9bae002fc2fe544d9b75e15bab2f89
5d371c7efc035183b53407f79202e717f42f682562bb615415e5d3c757f7109d
5d893b7b97cb4c532b2d92f433154adf88aa5cf027357948a8052231481c5e6a
5dc92d1dc9c91dfd6bce725cdf4d337ab3ecf75df58ea05da70ee04634f10e81
5e36a6b6cb423796253de1d5c1143630b2ae309cee2b536a7dd2e4eaeda73f60
5ef84b1a0a8d9157bff658978588c84017999699f7939088fa63a1566b841069
5f4b59785ca2951f45ac50d5061e340b6a433cf825bbda32871f37a1c1205a89
61a51731a561aecb5c8c2f0823b6ef2b4d7ca85837be27f0d1b9ec628495f641
62e170fa9e06291ee084074053999dfe31bd53eb7a9d89263ffb5e20129ce84a
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
644009ce044802780e83cd4393861847469d3a21943e4db6693d52bbe486b6ef
66c5c7d64c6b9c179207bd6fb125d6ab4969701c283f9e1a9a8dcb484ff0c03b
67d4f3f8d9c0768f77bfd0796651fa625959555dbc73074dd723651c5c0b47b0
6c132befc502b9d2517765894a21e91b237dd21cbda5b77d459787a090b4aad0
6ceda6f5bf6bebafb5e62d7ed90a96799acc5371cf3a9cb0d975be93dc87c13e
6d1743a4b9cd803083da5fd65626a4e92edebe73a40ee18f60276c96492b4afd
7072d09f85a1a561d54e1dd85f19f20a1f85e27d05959421fcf7a75cacba03d0
727480010e3bafc0a9a6aaf3492b76f4c3f5f5277792c0a7d51bf8257ad449bc
73077d06f3c15d17cc40f91db7ecdbdd7922e6a94e7b89788f623fe9154bd72c
73d7258cedfd0cefd42f730c57a35c9b5c1e5585165397ad1fac689ff769c1f5
74233cf6804cf1d4b0a6b4fdfe4603da8f29c1f938c0c8dda1f849cff4a81c40
78d30fedf8e1ab1b55e5c53635fde8257a32681af8e351d9a05f0b444d3e1f08
78dc634e82386865c401dc0e10134edf08c8a9f5092743ad2e9fa9a40c0ed402
78e5d358e5369513a02da5ed62ec2d8001bc8285ee897663d0cb596bea3e84af
7900f85fa6a718540dc6e675e981971a95bf18983b5db832a0f341dc05f0686e
7c5ae1bd431e3b6cbde770cd04334ff3c4634013ca25d7cdd71283b1e8fb8b4f
7cd85494eb375cc958155aca095fd0bae01e24f777c4ce4059e2edb82324618c
7dcf791b617dfaaa148592c51c58e7b9dcee2c98f919f8f05e478ba2a4f3d02e
7fc3865699520a9bdb77f8f0424132f677011e8b814046078822b634db28ed2b
7fe867c9d3d936e12b154ba57eb92ca3ae5814a8b80869c003fde03c36eefccf
820843548d5c894cbd65134da0144f9fe0b1795e596a915535d5ac537fef17d9
8293a8a245e1aaa1b1e52d3c7c61dcc407a2bfcabc33e62e005d578d3a32673c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85a45358aad2071d1964c65da9afd84c51828674480e6b27033a7bdae7ed89d6
8624fc2f3f5bdea8997cb41d70c7ac6c4b46d9c05992542aa6ba11905c352ea8
87565e806657769d813d39200e134d70e911b86acec06148b9c9a8258337e183
875befe7cefc0715a17dc737f9514dda981f79a3c9f174badcae5bd1cc2425fe
87ca0be3d1a93c191201c266c354b1615fba9ed618770d370c2f47fcad00953e
88bf52e4dd09def6dd69cb8715bfcc76b096af7757b89e605da7e4255a372cbb
88cdc306dc9124b87fe1876c32738a49dbfbe9d316e2d92e3591748a04f5afe0
8cdb0d2102ac2902544ca73b554b0596758ac3c4f396396d1a94d1959664c0f5
8d9f3fd8ef2b5a7332a0a2b390ce0082566854395b144923c7bbaa6cc9290b7b
8dd0bdc749c5cfd480d2b199c88a4b98acaac36cfcc0f7fda8aa0ef56143162b
8e57a028de6f926c3a5b6110fcb3b551ff864199da1155e8f6cb477db33db316
8efae33edaa72eb2105babb6e71dd6c517b3bcf942b7137916fa1896aa38c5aa
8effcb8fa6d9ead4cf7d6b9565716b6a5ba807af7fed8780d8ff0a4deed26b97
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
910f5b2364b0735baef5caec3d3cbcd905225bad464c960d612ba3f3487d5bd3
9141c38507af972c99d0e619e1712019230168c3cdd4ff11d2fe7462e80a40ab
91806d58e630ae1e95f565eafba59c85cce0533041590c9e7df421cb86bda14a
9203cb53baf18e72097b29dcfd6ddffeb535c38fba00321ba24f8e751bfa5aa6
920c9189a522af2214445b9b592232c64c6bcb262bd4bcf1e1abad27c5cbe606
93ba4169030bf588865ec43c2c0f7a4e58a9ee4f49f9948ee2ad0ec2e827898a
9af9c48a50baa8b6a5fde8ac9256673f29cdd94973a3f2c3a0fa817e060f599c
9b671498b1e5c3ca830b99ec00116a19e56b8cca7ac1274065e6786377a0834a
9c4ca60bc3bb40e5341bb85fccc8e7e82bf7897beaf07d7a18d4252b22e6d435
9d6e845430f65cb543ce6df053f686d92f8f943308e291da828bbd2e40753c4e
9d87e0654c986ddbe2c833eee1d08ec63bb9ceeecac5f439a7700b4439d43ba9
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0f6e98115314b6b05f2cdce7d18087d15ee5c4dd5d0a9a1500b80f592939394
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a294f92a30d7ed82a2288c3d85decb868681c0e0b4d7902406ea94285b4ea647
a2dc98c830c130be3596ea84a4bc4182c90f9b264fd4e88c9f0019ac346f8e44
a3d343d7aedbace7ce3d606ae5088be81a185ea8a56c06c20c582a36ae7bd32d
a58e3a7f70f9ff30b74124150cfdd6ecf164baffe00eea93cb1c3f26f5d058b9
a5cfcce5e0edfea1fde9a3beed87a26838aa089aeb567043ec0628dbf86c74ef
a74f3ea8ae82f41379562a8afb769cfda1cb4f450246c1e5ebafdc1ae0c14893
a821ef2e57f7a813859e0757693071df87135628c3d8f017bc499d0322afeba6
a96fb43e00479651d742bad1719193a42852c8c58583666d41cd773379eb7bb6
aa60d90b04ace5c2abf0333ccb4f5b084ffa61d743e677ee15c8df9e2663a0de
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
ab7e2ffdc04169e144920d681f782403d86113dd0a50dee1eb0522fb4c92375b
adfa481bc55c932426f1476b8a24f39ccd6891d8e7659f9e95a898f7f4ae1e4f
b0717853725bb4db2e5cfb4ad931983c7d95f63bcf23314ed5f40792341431f4
b1425e0c189dba2306bb19b416a50e4f5477d918307760ad32461a0e874ac044
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4f8d6b87b6711d6e939720574bce29063fcfe40332f175b91cd749fd81b153c
b5f289360436cf795697b32e938de7c89406d48b4a5fedecd59c39a5218f36f9
b6f5a5ca7a0aec1132a68f63759c0077a9f7957bd4265ae7ba5e750e54d70502
b782897879d54d9c5a40b46b89d67d1da224ec1bc785592e22f193738a202f2b
b7bb94c28ae12339a1162eec6f542b04a35fbcadcc04c3f9d7a8097ee9a0cc15
b95ee45fab47b3dcb266a49bc85245cade5275f56b7d944ff36f7af7944e6bfa
ba50104b6663bec9023159cf2976ce54f99585f37fd2d8138055badba1401acd
ba74a07c8adea8db18115f0b830210f4022b6564aad6014030ae8583c0d8af0f
bb3e5ab171231b7311e9002bc8864e3b0ef796e0aba5a4e0536d9f2ad133b358
bb5c6b02ee0243036502f68b407956718bb6e9caa3b5d8ee1b174bb6b68b621e
bcb42c4f5eb5b4c7ee08632af417513c6f6002fdf7d4b8d2dea6376f0cadd563
bd903d5296d114c5ab5ae885efc6894d071762e526a88033cddf211b7134cc71
bf2263f8c2dc7fd848d8910a3627865e7d90f00bc09827db9b34d1653517c75b
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
bfbd058b5c7ef220c83f818b1af7446e7b4486d722dea610ab690a3af3852c5f
c313ddc656eae4cd800acbd32be98450fdb60a243d373c9f423b0633849bc1ce
c3489947fc90b32f27b9c45c2b45c4d77fffdee11c1217326e3434c65189c5e6
c5c6ab925099b4e9fc70617dd3b48d2a5de19604db5e5de3cbb37dae9292de4d
c704513755ff550eee749d7c8048963c838f1b2575bf51364231b3b1802560d0
c7c316f00019d8113c7d552faead3a04a04a1dd95b743376b2859d2d526b7559
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cdc8c55ca6691e247e93f0c0158b3d65e94f14cff596fb46ef603d09e763a636
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0fd74148f4cbe78bd0e6328dc5ce5955f0a0ecdb1eb2919da4a7e596ac65912
d3144685266b247815ecc318e4f448ab68b9c19171d91b0f6635344ca1366ae5
d3729411d27ecc4aeca0a52c1909a51f54c51ed7785c0872217769ba7d8940f5
d3afc63326e40e4ad5a55c99f01f87c0fab47d956a449fe916f2bf274ebbe57f
d3c27a1ef52426453d93545aeb6c4a21227c858688adf4ad05ee985642786e5d
d3c2a992dfe77b415b64cf341febfab3b20a1f1dd440ff7daca9171dbcbce466
d513f376f68609cc7ed1cffeacd220585fbc67cfb0e7e912621fb1b5b7eac3b7
d525aa743ce7f3b30d0c7fffa0951e9a7cabbe5262a329d6527a83ccfaa7ddbe
d73c6199818383f6c0bf53264a7969017971e3cb74b779f1b86aaaf101e92ff1
d90ac6f212959c9cc3d6a339fd6a97b91bc71bb5ee2d61ec707bdd874d306cff
d99a3261f439fde3e1464f5591003554afe8ffa6590989f47da896019e55097e
da426d879d898eae1aa7bcd680302b7d306af706dd3b90d5a1feddf7b83bd3ad
dd101f8ca5335a2f8a867faf2ecf94f8b8baa2d79d233bb463d7da7d32c5e605
e0f8dceb516151e70891cb4ed02aac4b5800b37c13d8328a35919472efe0f93e
e26797260ed4109f2240adc8c331e9e614b15b659cadfe4669b0ffbddfb030a0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53283eb9ab1693e934d59c929d477ad8cb551de8809e2c78d143a9faf8caf30
e583da929ecb865c907022be66bf7e53d0bcb4b85de0f15459fc559acbe9eb03
e72869792b4ac976b786af3fdebe0bddd713b9229016063f583070b3e9741a70
e7f6a232138a2992064e3f39aae317a816a4b892340be34695e42089e0e95cdc
e85daa68372e63102834a942cdcc263a8c920f6535850cc3651964ea5e649660
e9934068671c74710373a482bacab1fedb6964e88b905c3d96ed8e903eb5f208
e9a965688e07f4b22a02ddeee0d71ba6b1133e03b664c7d0ee08ec41c4f78bfd
eadd077e035c284bfff0ca6ed59f4f40ceea2cdf42d6d9cbe85ab6a3aadf87b0
eb8f22ca3f9c19eee63229b27a816a162a65a1fae4e67bbd88e14f7c3924d8f5
ed7458e8c75e368d60bfbb83771cc76ef35cb4585bab4445613c431753f4aea5
ee2e197163ea8dc8beead7fa0ee5651995bbd5beedeae2fee03d1bc1866ac935
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2336a8a02ca37397e9264a18034fe2c5be773e257f6656ae643a66775259b9
efd6a9a0b39437917cb3701d987285a12a00b17e8e7f5175547534142be6c455
f11f9e7a7b43ec2de3ea9137553669010def8299f808b5e4348db56f6b050982
f17443dd0c9d8ae52a5c4f7827be975df847b84826c52f1600d693bda980bf97
f1dff8f9a8c4d8c82441bef57e2267253e5c7a9a09ba8300499e7d6d601bd473
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f3eb62448c9c839b400104bc5dbc13ed178b99b61cc4c34ad2fe7caa3b811369
f4224cd383f9d61f584f2afe33b36fcbe2b3f1338ab9e3582c38f86f91992c4e
f48381677f418400751e118cc68d5ab525cc301306ee69c18b1159d6ac266883
f4a37d5988830b8f1b2b5ec95379ee337726c3e2e6571413538a2dfb719d9af7
f5b5d6beba335c9704679c312c80a4e8305573f333415db919f4d3d7cd03fcc5
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f7f7a88a7061445f0045d78ed5375ceb11fad21e45cb917e68eed5180c098620
f8c3176c8ad6e0c0367ab7236b4e086b7e4b7e97ea34c9e5ede87fac353e2212
f9d7d858e312e05ae8ac88b709302bd45092649963177f0f18e1485bcf0d2b5f
f9ef5a3067015c58a4f869ae2ac4b4003ad7bc88f28c09644cba4b75d80bedab
fb712771499c57cadd6e394f2c292ce5a9b9aff237baffe130a60217be8c20ca
fba7e638bec340f091b109c9a774911121534dd01b646753fee0ccaae3ac08b9
fd56267fab926cfd2d573a6d0ced044e69390709b814b82d6b01a5cd5bad9b8b
fded9e588536fa7e8b4fef446857e87cf38824a1760e9e703140196bd3d24656