threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Submission: On October 08 via api (October 8th 2020, 4:15:57 pm UTC) from US

Summary HTTP 177 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 56 IPs in 9 countries across 41 domains to perform 177 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 10th 2020. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
3	99.86.243.112 99.86.243.112	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700:e0:... 2606:4700:e0::ac40:6826	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 5	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
8	2600:9000:215... 2600:9000:2156:f800:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
11	2600:9000:20e... 2600:9000:20eb:9e00:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
1	172.217.23.130 172.217.23.130	15169 (GOOGLE) (GOOGLE)
3	99.86.240.180 99.86.240.180	16509 (AMAZON-02) (AMAZON-02)
1 17	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:816::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:824::2003	15169 (GOOGLE) (GOOGLE)
5	18.224.152.82 18.224.152.82	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:81e::200e	15169 (GOOGLE) (GOOGLE)
1 3	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1	2600:9000:206... 2600:9000:206e:e400:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
1	64.140.160.2 64.140.160.2	18450 (WEBNX) (WEBNX)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	199.232.53.140 199.232.53.140	54113 (FASTLY) (FASTLY)
2 10	104.111.215.135 104.111.215.135	16625 (AKAMAI-AS) (AKAMAI-AS)
1 7	37.252.173.62 37.252.173.62	29990 (ASN-APPNEX) (ASN-APPNEX)
5	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	100.24.218.250 100.24.218.250	14618 (AMAZON-AES) (AMAZON-AES)
1	52.212.5.193 52.212.5.193	16509 (AMAZON-02) (AMAZON-02)
1	178.128.135.80 178.128.135.80	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	52.58.26.10 52.58.26.10	16509 (AMAZON-02) (AMAZON-02)
10 15	2606:2800:233... 2606:2800:233:97b6:26be:138a:cba8:bb01	15133 (EDGECAST) (EDGECAST)
4	69.173.144.140 69.173.144.140	26667 (RUBICONPR...) (RUBICONPROJECT)
3	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1 3	216.52.2.48 216.52.2.48	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
2	3.124.44.162 3.124.44.162	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:815::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81b::2001	15169 (GOOGLE) (GOOGLE)
6	52.14.222.78 52.14.222.78	16509 (AMAZON-02) (AMAZON-02)
3	104.111.215.68 104.111.215.68	16625 (AKAMAI-AS) (AKAMAI-AS)
3	104.111.215.51 104.111.215.51	16625 (AKAMAI-AS) (AKAMAI-AS)
5	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2 2	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
2 6	52.57.10.248 52.57.10.248	16509 (AMAZON-02) (AMAZON-02)
2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
2 3	52.48.46.226 52.48.46.226	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	172.217.22.34 172.217.22.34	15169 (GOOGLE) (GOOGLE)
1	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2620:1ec:29::10 2620:1ec:29::10	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	134.209.131.220 134.209.131.220	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	205.185.216.42 205.185.216.42	20446 (HIGHWINDS3) (HIGHWINDS3)
1	52.29.69.255 52.29.69.255	16509 (AMAZON-02) (AMAZON-02)
3	18.210.170.92 18.210.170.92	14618 (AMAZON-AES) (AMAZON-AES)
1	37.157.3.30 37.157.3.30	198622 (ADFORM) (ADFORM)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1400	41041 (VCLK-EU-) (VCLK-EU-)
177	56

18 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.243.112 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-243-112.vie50.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:e0::ac40:6826 (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:2156:f800:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:20eb:9e00:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s18-in-f130.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.240.180 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-240-180.vie50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 151.101.194.137 (United States) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.224.152.82 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-224-152-82.us-east-2.compute.amazonaws.com

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:f916:5049:f87f:108e (United States) 1 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206e:e400:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.140.160.2 (Los Angeles, United States)

ASN18450 (WEBNX, US)
PTR: threatintelligenceplatform.com

geo.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.53.140 (United States)

ASN54113 (FASTLY, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.111.215.135 (Netherlands) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-135.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.173.62 (Ascension Island) 1 redirects

ASN29990 (ASN-APPNEX, US)

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 100.24.218.250 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.5.193 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.128.135.80 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.58.26.10 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-26-10.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:2800:233:97b6:26be:138a:cba8:bb01 (United States) 10 redirects

ASN15133 (EDGECAST, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (United States)

ASN15169 (GOOGLE, US)

teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.52.2.48 (United States) 1 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.44.162 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

237be589fae8b4cff8daa29793f14f33.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.14.222.78 (Columbus, United States)

ASN16509 (AMAZON-02, US)

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.215.68 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-68.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.215.51 (Netherlands)

ASN16625 (AKAMAI-AS, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.244.159.8 (Mountain View, United States)

ASN15169 (GOOGLE, US)

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.57.10.248 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (United States)

ASN16509 (AMAZON-02, US)

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.48.46.226 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.34 (United States) 1 redirects

ASN15169 (GOOGLE, US)

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.230.142 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:29::10 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.209.131.220 (North Bergen, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

sync.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

serverbid-sync.nyc3.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.69.255 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.210.170.92 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.3.30 (Denmark)

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1400 (Sweden)

ASN41041 (VCLK-EU-, SE)

aol-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	threatpost.com threatpost.com assets.threatpost.com media.threatpost.com	683 KB
28	connatix.com 1 redirects cd.connatix.com cds.connatix.com capi.connatix.com vid.connatix.com img.connatix.com	2 MB
23	advertising.com 12 redirects adserver-us.adtech.advertising.com ads.adaptv.advertising.com pixel.advertising.com	12 KB
10	adnxs.com 1 redirects ib.adnxs.com acdn.adnxs.com	8 KB
8	openx.net teachingaids-d.openx.net u.openx.net eu-u.openx.net	2 KB
8	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	407 B
8	google.com www.google.com adservice.google.com	3 KB
7	casalemedia.com 2 redirects htlb.casalemedia.com as-sec.casalemedia.com ssum.casalemedia.com	3 KB
7	admetricspro.com qd.admetricspro.com	290 KB
5	rubiconproject.com fastlane.rubiconproject.com eus.rubiconproject.com	8 KB
5	doubleclick.net 3 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	98 KB
4	a-mo.net prebid.a-mo.net	1 KB
3	adsrvr.org 2 redirects match.adsrvr.org	1 KB
3	yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	3 KB
3	indexww.com js-sec.indexww.com
3	lijit.com 1 redirects ap.lijit.com	1 KB
3	quantserve.com 1 redirects secure.quantserve.com pixel.quantserve.com	9 KB
3	google-analytics.com www.google-analytics.com	19 KB
3	amazon-adsystem.com c.amazon-adsystem.com	32 KB
3	adlightning.com tagan.adlightning.com	55 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net	649 B
2	googlesyndication.com 237be589fae8b4cff8daa29793f14f33.safeframe.googlesyndication.com tpc.googlesyndication.com
2	3lift.com tlx.3lift.com eb2.3lift.com	476 B
2	serverbid.com 1 redirects e.serverbid.com sync.serverbid.com	267 B
2	servenobid.com ads.servenobid.com public.servenobid.com	3 KB
2	google.de www.google.de adservice.google.de	1 KB
2	gstatic.com www.gstatic.com	267 KB
1	dotomi.com aol-match.dotomi.com	104 B
1	adform.net c1.adform.net	187 B
1	digitaloceanspaces.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	reddit.com www.reddit.com	1 KB
1	linkedin.com www.linkedin.com
1	facebook.com graph.facebook.com	586 B
1	twitter.com analytics.twitter.com	651 B
1	ipify.org geo.ipify.org	1 KB
1	t.co t.co	449 B
1	quantcount.com rules.quantcount.com	348 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googletagmanager.com www.googletagmanager.com	48 KB
1	kasperskycontenthub.com kasperskycontenthub.com	399 B
1	googletagservices.com www.googletagservices.com	18 KB
177	41

	Domain	Requested by
17	threatpost.com	threatpost.com
15	adserver-us.adtech.advertising.com	10 redirects threatpost.com
11	vid.connatix.com	cd.connatix.com
11	capi.connatix.com	cd.connatix.com
11	media.threatpost.com	threatpost.com
8	assets.threatpost.com	threatpost.com assets.threatpost.com
7	ib.adnxs.com	1 redirects qd.admetricspro.com cds.connatix.com
7	www.google.com	threatpost.com tagan.adlightning.com
7	qd.admetricspro.com	threatpost.com qd.admetricspro.com
6	pixel.advertising.com	2 redirects
5	teachingaids-d.openx.net	qd.admetricspro.com cds.connatix.com
5	hbopenbid.pubmatic.com	qd.admetricspro.com cds.connatix.com
4	as-sec.casalemedia.com	cds.connatix.com
4	fastlane.rubiconproject.com	qd.admetricspro.com
4	prebid.a-mo.net	qd.admetricspro.com
3	cm.g.doubleclick.net	3 redirects
3	match.adsrvr.org	2 redirects
3	js-sec.indexww.com	cds.connatix.com qd.admetricspro.com
3	acdn.adnxs.com	cds.connatix.com qd.admetricspro.com
3	ads.pubmatic.com	cds.connatix.com qd.admetricspro.com
3	ap.lijit.com	1 redirects qd.admetricspro.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com threatpost.com
3	cds.connatix.com	threatpost.com tagan.adlightning.com cd.connatix.com
3	c.amazon-adsystem.com	qd.admetricspro.com c.amazon-adsystem.com
3	tagan.adlightning.com	threatpost.com tagan.adlightning.com
2	ssum.casalemedia.com	2 redirects
2	ups.analytics.yahoo.com
2	sync-tm.everesttech.net	2 redirects
2	u.openx.net	cds.connatix.com
2	ads.adaptv.advertising.com	cds.connatix.com
2	pixel.quantserve.com	1 redirects threatpost.com
2	img.connatix.com	threatpost.com
2	www.gstatic.com	www.google.com
1	aol-match.dotomi.com
1	c1.adform.net
1	eb2.3lift.com	qd.admetricspro.com
1	serverbid-sync.nyc3.cdn.digitaloceanspaces.com	qd.admetricspro.com
1	sync.serverbid.com	1 redirects
1	public.servenobid.com	qd.admetricspro.com
1	eu-u.openx.net	qd.admetricspro.com
1	eus.rubiconproject.com	qd.admetricspro.com
1	pr-bh.ybp.yahoo.com
1	tpc.googlesyndication.com	tagan.adlightning.com
1	237be589fae8b4cff8daa29793f14f33.safeframe.googlesyndication.com	tagan.adlightning.com
1	adservice.google.com	tagan.adlightning.com
1	adservice.google.de	tagan.adlightning.com
1	tlx.3lift.com	qd.admetricspro.com
1	e.serverbid.com	qd.admetricspro.com
1	ads.servenobid.com	qd.admetricspro.com
1	htlb.casalemedia.com	qd.admetricspro.com
1	www.reddit.com	threatpost.com
1	www.linkedin.com	threatpost.com
1	graph.facebook.com	threatpost.com
1	analytics.twitter.com	tagan.adlightning.com
1	geo.ipify.org	qd.admetricspro.com
1	www.google.de	threatpost.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	t.co	threatpost.com
1	rules.quantcount.com	secure.quantserve.com
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.googletagmanager.com	threatpost.com
1	kasperskycontenthub.com	threatpost.com
1	cd.connatix.com	1 redirects
1	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
1	www.googletagservices.com	threatpost.com
177	66

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
www.intego.com
attendee.gotowebinar.com
akismet.com
t.co
indd.adobe.com
spotlight.threatpost.com

Subject Issuer	Validity	Valid
threatpost.com DigiCert SHA2 Secure Server CA	`2020-06-10` - `2021-06-15`	a year	crt.sh
*.adlightning.com Amazon	`2020-07-22` - `2021-08-22`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-10` - `2021-08-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
assets.threatpost.com Amazon	`2020-03-04` - `2021-04-04`	a year	crt.sh
media.threatpost.com Amazon	`2020-03-04` - `2021-04-04`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2020-09-29` - `2021-10-19`	a year	crt.sh
kasperskycontenthub.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2021-06-09`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
www.google.de GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
*.ipify.org COMODO RSA Domain Validation Secure Server CA	`2018-01-24` - `2021-01-23`	3 years	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2020-10-02` - `2021-04-02`	6 months	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2020-08-26` - `2021-02-22`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.a-mo.net Amazon	`2020-08-24` - `2021-09-24`	a year	crt.sh
*.servenobid.com Amazon	`2020-03-12` - `2021-04-12`	a year	crt.sh
e.serverbid.com Let's Encrypt Authority X3	`2020-09-18` - `2020-12-17`	3 months	crt.sh
*.3lift.com Amazon	`2020-07-04` - `2021-08-05`	a year	crt.sh
*.adtech.advertising.com DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-07-29` - `2021-01-25`	6 months	crt.sh
*.google.de GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-05-27` - `2020-11-23`	6 months	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2020-10-04` - `2021-03-31`	6 months	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-06-02` - `2020-11-29`	6 months	crt.sh
public.servenobid.com DigiCert SHA2 Secure Server CA	`2020-08-26` - `2021-08-25`	a year	crt.sh
*.nyc3.cdn.digitaloceanspaces.com DigiCert SHA2 Secure Server CA	`2020-03-11` - `2021-04-14`	a year	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh

This page contains 23 frames:

Primary Page: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Frame ID: C2181FE174BDABC353229D3644F23565
Requests: 109 HTTP requests in this frame

Frame: https://cds.connatix.com/p/65408/connatix.player.dc.js
Frame ID: 7FBC5D399AE28EAC03BA17ED5638C9D6
Requests: 43 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=48TunWH-ZrLteSwFVbw6tVnx&theme=standard&size=normal&cb=eyrx0gmv4sil
Frame ID: DBF77BB15601FF16E414190AA54C2C1F
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=48TunWH-ZrLteSwFVbw6tVnx&theme=light&size=normal&cb=f61a3blg97n4
Frame ID: 03AD2A884D67147047B02CA2567F80DF
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=48TunWH-ZrLteSwFVbw6tVnx&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=7vxyay2aeac
Frame ID: 2081B395CF13EF931BF2E133D81B7B93
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=48TunWH-ZrLteSwFVbw6tVnx&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=6y46mjjjvxm8
Frame ID: 4AAEECBD83FB52A3D0CADD17AD6254BB
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 8E6C8C52F8AE2916522F67E29D4D0A75
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 9A2D261E44B7F27B4BB9A30CE6A781E3
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 92A7CDFF94D33968CEF6FDBE8616A5E1
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: BF3DAA1927C8888E571A63CD87ABBF4B
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 2856A1060703CD778FA6FE30F446FB81
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: FA7B4A0D77C13B5BB5986533A51548A3
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 55209F401BBDC4A44A17706B78A092A3
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 86F42163DB73D186AFF3EB359EA3528B
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 1A9DE9860733EF90AB7FCF41706BC894
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 687F1218E2092F034278D26FF9115DA5
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: CAEE47637CA179B1854973A1810DADA0
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Frame ID: 48F6B21D8552EF6E0EFC316BA52F987E
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: F26F9D0A062D96A159202EE6349A1F31
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: AAC49C0D70470FA12A1BF9B33E4FA295
Requests: 1 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: 7E136D1B2959F35F8C7E5CC8CF3FC50E
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: CDF573141D325B5F0537F8A49CC448DC
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 450E8D4BF0318923AAFAE364FCCDD99E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

177
Requests

99 %
HTTPS

36 %
IPv6

41
Domains

66
Subdomains

56
IPs

9
Countries

3139 kB
Transfer

6456 kB
Size

2
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://www.intego.com/mac-security-blog/new-mac-malware-reveals-google-searches-can-be-unsafe/
Title: a posting

Search URL Search Domain Scan URL

URL: https://attendee.gotowebinar.com/register/3265005683762389007?source=ART
Title: June 24 at 2 p.m. ET

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23PrimeDay
Title: #PrimeDay

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23Amazon
Title: #Amazon

Search URL Search Domain Scan URL

URL: https://t.co/UBrpNalB1P
Title: https://t.co/UBrpNalB1P

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost
Title: Follow @threatpost

Search URL Search Domain Scan URL

URL: https://indd.adobe.com/view/01579c19-a6ca-4cb0-8106-ed4d5d02a292
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://spotlight.threatpost.com/
Title: HackerOne Spotlight

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://cd.connatix.com/connatix.player.js HTTP 302
https://cds.connatix.com/p/65408/connatix.player.dc.js

Request Chain 90

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=575f34fd7d2667d;misc=1602173737636; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=575f34fd7d2667d;misc=1602173737636 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A80ac8e54-0981-11eb-8c4d-126145921f52;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=575f34fd7d2667d;misc=1602173737636

Request Chain 91

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=58e15d3efe7994f;misc=1602173737636; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=58e15d3efe7994f;misc=1602173737636 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=58e15d3efe7994f;misc=1602173737636

Request Chain 92

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=5927432132557b7;misc=1602173737636; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=5927432132557b7;misc=1602173737636 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A80ab8a4a-0981-11eb-be92-120b32d93760;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=5927432132557b7;misc=1602173737636

Request Chain 93

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=600a83dd993b42a;misc=1602173737636; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=600a83dd993b42a;misc=1602173737636 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A80ac98e0-0981-11eb-907e-12998b4eae46;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=600a83dd993b42a;misc=1602173737636

Request Chain 94

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=6190c69f7a0cea6;misc=1602173737636; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=6190c69f7a0cea6;misc=1602173737636 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1A80a363ec-0981-11eb-9c45-1212911483a0;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=6190c69f7a0cea6;misc=1602173737636

Request Chain 138

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_test=X387LQAAAIPQn0rE HTTP 302
https://pixel.advertising.com/ups/55986/sync?uid=X387LQAAAIPQn0rE&_origin=0&gdpr=0&gdpr_consent=&_test=X387LQAAAIPQn0rE HTTP 302
https://ups.analytics.yahoo.com/ups/55986/sync?uid=X387LQAAAIPQn0rE&_origin=0&gdpr=0&gdpr_consent=&_test=X387LQAAAIPQn0rE&apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88

Request Chain 139

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://pixel.advertising.com/ups/55953/sync?uid=2319d1dc-3fb8-43f4-9a0b-05c529247d98&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=2319d1dc-3fb8-43f4-9a0b-05c529247d98

Request Chain 141

https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm=&google_sc=&google_tc= HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEPBHj3O4luBicluM7CEhkVs&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEPBHj3O4luBicluM7CEhkVs&google_cver=1&apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88

Request Chain 148

https://sync.serverbid.com/ss/2000891.html HTTP 302
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Request Chain 151

https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3Df222e1c0-b524-4512-ab99-e84c96de5542%26D%3D%26bidder%3Dappnexus%26uid%3D%24UID HTTP 302
https://prebid.a-mo.net/setuid?A=f222e1c0-b524-4512-ab99-e84c96de5542&D=&bidder=appnexus&uid=7253945076828680577

Request Chain 153

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3Df222e1c0-b524-4512-ab99-e84c96de5542%26D%3D%26bidder%3Dsovrn%26uid%3D%24UID HTTP 307
https://prebid.a-mo.net/setuid?A=f222e1c0-b524-4512-ab99-e84c96de5542&D=&bidder=sovrn&uid=35de274892228f7c463f4a5f

Request Chain 154

https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=OrwVNzy4EGgiuxVoaukPaT_vFWkivhEzOuqD8LQr

Request Chain 155

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_hm=MUE4MGFjOThlMC0wOTgxLTExZWItOTA3ZS0xMjk5OGI0ZWFlNDY%3D&gdpr=1&gdpr_consent=&_origin=0 HTTP 302
https://pixel.advertising.com/ups/55946/sync?uid=CAESEE4xmGXojffiKB3ViyOPUUg&gdpr=1&gdpr_consent=&_origin=0&google_cver=1

Request Chain 158

https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3Df222e1c0-b524-4512-ab99-e84c96de5542%26D%3D%26bidder%3Dindex_rtb%26uid%3D HTTP 302
https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3Df222e1c0-b524-4512-ab99-e84c96de5542%26D%3D%26bidder%3Dindex_rtb%26uid%3D&C=1 HTTP 302
https://prebid.a-mo.net/setuid?A=f222e1c0-b524-4512-ab99-e84c96de5542&D=&bidder=index_rtb&uid=X387LblQJWIAAA1bMy4AAADO%26646

177 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/ 79 KB
21 KB 1634ms
1352ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

a49d1360eb68f89031cc73518837c14f24de83086aef3ed0cfe8a7c62c3e42e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatpost.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Thu, 08 Oct 2020 16:15:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/?p=156669>; rel=shortlink
X-Frame-Options: SAMEORIGIN
X-Debug-Auth: off
X-Request-Host: threatpost.com
x-cache-hit: MISS
Content-Encoding: gzip

GET
H/1.1 200
OK main.css
threatpost.com/wp-content/themes/threatpost-2018/assets/css/ 253 KB
39 KB 380ms
190ms Stylesheet
text/css 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 41f3222c29889fb48f5dca1d481858e5339a759655510c256ef4edf56c80f7f5

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 05 Oct 2020 13:31:26 GMT
Server: nginx
ETag: W/"5f7b202e-3f2b8"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 15 Oct 2020 16:15:36 GMT

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 37 KB
13 KB 64ms
22ms Script
application/javascript 99.86.243.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-112.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e8909c244d0bcb262bae9f88c1c9f9066e1a412a69ffc96951940a5f7064ee99

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: FgXXJRr5tFEWyzR9Wnz2UU62D8TSoPwk
content-encoding: gzip
etag: "555f0feb3dcdc64331ae78916a3f534f"
age: 1349
x-cache: Hit from cloudfront
status: 200
content-length: 13315
x-amz-meta-git_commit: 9a4f7ce
last-modified: Thu, 08 Oct 2020 14:51:27 GMT
server: AmazonS3
date: Thu, 08 Oct 2020 15:53:07 GMT
content-type: application/javascript
via: 1.1 96b3f0ca359697e92cd090a37a2e3bf4.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
x-amz-cf-id: KCe5zPYGQChgoD3KbW2Dd8kufFnagezEv3seBAzcNAXACzFYxG4Lig==

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 22 KB
3 KB 184ms
155ms Script
application/javascript 2606:4700:e0::ac40:6826
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6826 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e2b472509d9e149690aba45c5917ebdd2f52471b98d414c2726301b90e08f21

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
cf-request-id: 05aa982ba200000eb7bbac2200000001
last-modified: Thu, 06 Aug 2020 02:14:13 GMT
server: cloudflare
etag: W/"579e-5ac2c0b6aa2e7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1602173736"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5df1295908fb0eb7-FRA
expires: Thu, 08 Oct 2020 16:24:55 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 52 KB
18 KB 64ms
42ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52c3042def4556ec5587f055207a1272237bd5cc88c4d92644511c176e742b6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "656 / 472 of 1000 / last-modified: 1602156020"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 17635
x-xss-protection: 0
expires: Thu, 08 Oct 2020 16:15:35 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 305 KB
82 KB 243ms
215ms Script
application/javascript 2606:4700:e0::ac40:6826
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6826 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d89d98593ac65c9f002b856f3e22a1479f3aea866f7fd15c85903c0a6d66f0e3

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
cf-request-id: 05aa982ba200000eb7bbac3200000001
last-modified: Tue, 25 Aug 2020 22:57:08 GMT
server: cloudflare
etag: W/"4c455-5adbb9f62c25a-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1602173736"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5df1295908fd0eb7-FRA
expires: Thu, 08 Oct 2020 16:24:55 GMT

GET
H2 200 uspcmp.js Show response
qd.admetricspro.com/js/threatpost/ 148 KB
55 KB 187ms
159ms Script
application/javascript 2606:4700:e0::ac40:6826
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6826 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
cf-request-id: 05aa982ba200000eb7bbac4200000001
last-modified: Sat, 08 Aug 2020 22:40:07 GMT
server: cloudflare
etag: W/"24e50-5ac65673cef1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1602173736"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5df1295908fe0eb7-FRA
expires: Thu, 08 Oct 2020 16:24:55 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 275 B
712 B 175ms
147ms Script
application/javascript 2606:4700:e0::ac40:6826
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6826 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
cf-request-id: 05aa982ba200000eb7bbac7200000001
last-modified: Sat, 08 Feb 2020 20:49:18 GMT
server: cloudflare
etag: W/"113-59e16a3cfb471-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1602173736"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5df1295909030eb7-FRA
expires: Thu, 08 Oct 2020 16:24:55 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 399 KB
113 KB 401ms
373ms Script
application/javascript 2606:4700:e0::ac40:6826
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6826 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25d6fd3b4dcdc05593cab2b4157e21194ada84e5b0de832011246e65d15fe8a9

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
cf-request-id: 05aa982ba200000eb7bbac6200000001
last-modified: Fri, 02 Oct 2020 04:32:28 GMT
server: cloudflare
etag: W/"63c0e-5b0a89ec6a525-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1602173736"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5df1295909020eb7-FRA
expires: Thu, 08 Oct 2020 16:24:55 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 25 KB
7 KB 193ms
165ms Script
application/javascript 2606:4700:e0::ac40:6826
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6826 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa90c2d77583dd25e7fbdc1411c8d718f29d9665ab48f985ffe6f3a38b34b6a7

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
cf-request-id: 05aa982ba200000eb7bbac5200000001
last-modified: Wed, 26 Aug 2020 03:04:19 GMT
server: cloudflare
etag: W/"637a-5adbf1363c190-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1602173736"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5df1295909010eb7-FRA
expires: Thu, 08 Oct 2020 16:24:55 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 89 KB
18 KB 515ms
478ms Stylesheet
text/css 2600:9000:2156:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=60380d88

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

15e9840f31982980328598c38e5c60434072901f2c902713ef9c4d4900e05307

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 18049
x-cache-hit: HIT
last-modified: Mon, 05 Oct 2020 13:31:31 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: hMsk_0-FSRMtFr-fTfwUujSSrE1pfN88S_duF77yXc0teFDvd1BxBg==
expires: Fri, 09 Oct 2020 15:30:42 GMT

GET
H/1.1 200
OK jquery.js Show response
threatpost.com/wp-includes/js/jquery/ 95 KB
37 KB 285ms
95ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Jun 2020 22:05:38 GMT
Server: nginx
ETag: W/"5ee15932-17a69"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 15 Oct 2020 16:15:36 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 177 KB
55 KB 427ms
391ms Script
application/x-javascript 2600:9000:2156:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/themes/threatpost-2018/assets/js/main.js,wp-content/themes/threatpost-2018/assets/js/loadmore.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=60380d88

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b0209d39595432d762f6ba2a81dc0bffa6a6e1ed9021ba24ffa06c3c7e4bcb02

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 56256
x-cache-hit: HIT
last-modified: Mon, 05 Oct 2020 13:31:26 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: H685vzVJb3qF0X4PpyMBZcBUv2BSeyU0C2FCceMprtIMKyvjC_AKCA==
expires: Fri, 09 Oct 2020 15:30:42 GMT

GET
H2 200 trojan-malware.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/01/22100148/ 126 KB
126 KB 61ms
19ms Image
image/jpeg 2600:9000:20eb:9e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/01/22100148/trojan-malware.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4edf4e4d19fa8ec8abf42e728012fb704a7d8e49a25bbf778b77abd20d90b8ce

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 12 Aug 2020 09:22:42 GMT
via: 1.1 9d27077cd67d98c0474b05ec9d68df4a.cloudfront.net (CloudFront), 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
last-modified: Wed, 22 Jan 2020 15:01:49 GMT
server: AmazonS3
age: 4949574
etag: "3f035e1c9c491a99670f6755b2e8e29f"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA2-C1
accept-ranges: bytes
content-length: 128905
x-amz-cf-id: RxYId7VE14v2eClFptHnK_Lw4Ki9p96RORW5YZgn538eS_FjmNWr4g==
expires: Thu, 21 Jan 2021 15:01:48 GMT

GET
H2 200 Tara-headshot.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/08/15114841/ 13 KB
13 KB 57ms
15ms Image
image/jpeg 2600:9000:20eb:9e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/08/15114841/Tara-headshot.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89ce08431545cd3c6d42419d99ee0152027a68c1d0c7c82838cc9a51d9d52451

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 01 Oct 2020 00:04:39 GMT
via: 1.1 eb1a8c1b1275e33a016e623478052111.cloudfront.net (CloudFront), 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
last-modified: Fri, 17 Aug 2018 16:22:08 GMT
server: AmazonS3
age: 663058
etag: "dee18dfeea6de13bec60c1e5237eb723"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA2-C1
accept-ranges: bytes
content-length: 13097
x-amz-cf-id: TdEnXlOpqp1Mjbw1RohvoR5IItr1ER0CvzCyvJNa4wifYJU9EODLig==
expires: Sat, 17 Aug 2019 16:22:07 GMT

GET
H2 200 subscribe2.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/ 8 KB
9 KB 50ms
9ms Image
image/jpeg 2600:9000:20eb:9e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 22 Sep 2020 08:11:35 GMT
via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront), 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
last-modified: Tue, 19 Feb 2019 20:14:58 GMT
server: AmazonS3
age: 1411442
etag: "5ba45563f793f39ef6baf02645651654"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA2-C1
accept-ranges: bytes
content-length: 8281
x-amz-cf-id: AQgXKSwurgXQtjd5k90uvgZh793clmJ8BfmKs52cNQmWDOBlLd_FoQ==
expires: Wed, 19 Feb 2020 20:14:57 GMT

GET
H2 200 shakespeare-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/04/16155639/ 26 KB
26 KB 52ms
11ms Image
image/jpeg 2600:9000:20eb:9e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/04/16155639/shakespeare-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8abe657ed3aba0c1b5f81802aeb28df3f35d4aafb98b701bca745e5f1606140e

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 07 Oct 2020 13:26:04 GMT
via: 1.1 80d90c7955dda88e3912960ead8e99d6.cloudfront.net (CloudFront), 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
last-modified: Thu, 16 Apr 2020 19:56:43 GMT
server: AmazonS3
age: 96573
etag: "0ee1073dac1eed8a80b29e370b9fcfc2"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA2-C1
accept-ranges: bytes
content-length: 26494
x-amz-cf-id: T74UfBgIgp3mMIi7q5USWaHo4n0CBRR7Dd30Kma-lUUayDBF98yYiQ==
expires: Fri, 16 Apr 2021 19:56:42 GMT

GET
H2 200 maze-ransomware--540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/04/20153609/ 31 KB
32 KB 66ms
25ms Image
image/jpeg 2600:9000:20eb:9e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/04/20153609/maze-ransomware--540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: baef9f6e65a97c84941f5887e072c0644bdfac30692b513cd0f8be7a495cfee5

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 00:57:18 GMT
via: 1.1 1f5757b46371746e677236d4fc67d364.cloudfront.net (CloudFront), 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
last-modified: Mon, 20 Apr 2020 19:36:14 GMT
server: AmazonS3
age: 1696699
etag: "46aa5e940a2c84b1eeb584024c290434"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA2-C1
accept-ranges: bytes
content-length: 31900
x-amz-cf-id: M03fOvHBGn8QHVoEUg7-Cdg9eZ-MYGx2T3nqCF6Efy7V9FV-cc4hAw==
expires: Tue, 20 Apr 2021 19:36:13 GMT

GET
H2 200 zeppelin-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/09/09162237/ 28 KB
29 KB 58ms
17ms Image
image/jpeg 2600:9000:20eb:9e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/09/09162237/zeppelin-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 67b5257f432c5230f6a5e8494ac01da1afe28c263d7ce06ad5aaa3b94509c014

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 19 Sep 2020 03:42:19 GMT
via: 1.1 1764af62d635a1a6ee51aabc37405452.cloudfront.net (CloudFront), 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
last-modified: Wed, 09 Sep 2020 20:22:52 GMT
server: AmazonS3
age: 1686798
etag: "5143befa6a86882fe2166e323e39e924"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA2-C1
accept-ranges: bytes
content-length: 28992
x-amz-cf-id: mLaB4AVhvTJYwyAAetK-8RUcSHUXOglKR57hxM09wcTwXqFkTTfG6g==
expires: Thu, 09 Sep 2021 20:22:48 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
1011 B 39ms
19ms Script
text/javascript 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7148f1285575a0733bb2fb07aff9a0b99e775c2fcc5f29c44698e73086b49e8c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 554
x-xss-protection: 1; mode=block
expires: Thu, 08 Oct 2020 16:15:36 GMT

GET
H2 200 QR-Code-64x64.png
media.threatpost.com/wp-content/uploads/sites/103/2020/09/15133828/ 8 KB
9 KB 16ms
14ms Image
image/png 2600:9000:20eb:9e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/09/15133828/QR-Code-64x64.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9f4d5cca9c79886cc27246836d97c89aaf7853b2a42b09801660cb9a3df67424

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 19:19:50 GMT
via: 1.1 06d36e78e8dfd9468327f09115761a9e.cloudfront.net (CloudFront), 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
last-modified: Tue, 15 Sep 2020 17:58:41 GMT
server: AmazonS3
age: 1976147
etag: "f2a1360e4c2d784aff00a9f87f6bb703"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA2-C1
accept-ranges: bytes
content-length: 8421
x-amz-cf-id: yv3b5viv24VTsoIP0nB4kSK4AhzBJHy_QeuJqCu39YuYT6MlkwNsag==
expires: Wed, 15 Sep 2021 17:58:37 GMT

GET
H2 200 botnet-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/11/14090552/ 2 KB
2 KB 19ms
17ms Image
image/jpeg 2600:9000:20eb:9e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/11/14090552/botnet-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6ceb2be119d08740867f19d7f3e5c2230050de29e4eb48a588b86af1a5b7db57

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 17:17:17 GMT
via: 1.1 50f438df6dbb947f3e4702890bc9cc06.cloudfront.net (CloudFront), 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
last-modified: Thu, 14 Nov 2019 14:06:22 GMT
server: AmazonS3
age: 773900
etag: "985f90dddb9367ad3b074a54645a8bc3"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1, FRA2-C1
accept-ranges: bytes
content-length: 1866
x-amz-cf-id: GD6KmK01PdWRKXA4fivEVAuyummZApmX-OqYY6S1EIPQ2JY_M9Xqxg==
expires: Fri, 13 Nov 2020 14:06:19 GMT

GET
H2 200 work-from-home-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/09/18135511/ 2 KB
2 KB 18ms
16ms Image
image/jpeg 2600:9000:20eb:9e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/09/18135511/work-from-home-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3435531b595fb1b2b529346e1df8c979a1fd727f56ea8c0d792316035440cac5

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 17:57:04 GMT
via: 1.1 8033f9c6b87a03b2eca7c2db5157e10e.cloudfront.net (CloudFront), 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
last-modified: Fri, 18 Sep 2020 17:55:32 GMT
server: AmazonS3
age: 1721913
etag: "fd4942a0704785b24b44d177f4a57d86"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1, FRA2-C1
accept-ranges: bytes
content-length: 2098
x-amz-cf-id: WWFA7Z8TMg_oB8OllSSJl1LLjALi-koK9V8exW65Vkged7VsXMfy-g==
expires: Sat, 18 Sep 2021 17:55:28 GMT

GET
H2 200 zero-trust-b_w-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/09/07100716/ 3 KB
3 KB 17ms
14ms Image
image/jpeg 2600:9000:20eb:9e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/09/07100716/zero-trust-b_w-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 039f2a12a4fefd4b33bcae31f1f2f17d12cf51f4e6301792ada3885f412a2761

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 10:30:08 GMT
via: 1.1 c5c25772c7f14e267596e0f8ce51d9bc.cloudfront.net (CloudFront), 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
last-modified: Mon, 07 Sep 2020 14:07:21 GMT
server: AmazonS3
age: 1748729
etag: "5fb2f76c4c77c7e774eb0dc933ab39f0"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA2-C1
accept-ranges: bytes
content-length: 2602
x-amz-cf-id: h34LK3HQ8YdExbZ6uOVpee-QQhEKSUV_4SjGPcevgcblX44K1tfwHw==
expires: Tue, 07 Sep 2021 14:07:19 GMT

GET
H2 200 social_media-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/08/26112855/ 3 KB
3 KB 17ms
15ms Image
image/jpeg 2600:9000:20eb:9e00:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/08/26112855/social_media-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:9e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 791135f98b21bbd99c1cbcd56e2827cab155856c144602a8749a57acaa5aa813

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Sep 2020 17:54:56 GMT
via: 1.1 16dc09493f48bbc1fd2cdd6e175a94f7.cloudfront.net (CloudFront), 1.1 7a3193ebce69450274ae629ce856b09d.cloudfront.net (CloudFront)
last-modified: Mon, 26 Aug 2019 15:29:14 GMT
server: AmazonS3
age: 1722041
etag: "fcf0de78ef3c45c8f8256c7cec2c35c0"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, FRA2-C1
accept-ranges: bytes
content-length: 2834
x-amz-cf-id: D5-D7ie41unhl0iusxqUqWgeGcmj-yTdfTue76Nu2QaIv9RU8DtL8w==
expires: Tue, 25 Aug 2020 15:29:11 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 367ms
365ms Script
application/x-javascript 2600:9000:2156:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/jquery.json.min.js&ver=60380d88

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 926
x-cache-hit: HIT
last-modified: Mon, 05 Oct 2020 13:31:24 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: YrfgWNzf9d0UN0ZCjafofFVxh05U-DbQZBfUK4_7J0NZ0ce5LuT6mQ==
expires: Fri, 09 Oct 2020 15:30:53 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 34 KB
12 KB 683ms
94ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.4.17.15
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Last-Modified: Mon, 05 Oct 2020 13:31:30 GMT
Server: nginx
ETag: W/"5f7b2032-88c2"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 15 Oct 2020 16:15:37 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 7 KB
3 KB 291ms
287ms Script
application/x-javascript 2600:9000:2156:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/conditional_logic.min.js&ver=60380d88

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 2685
x-cache-hit: HIT
last-modified: Mon, 05 Oct 2020 13:31:24 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: FkmqBNnhxw7IEpXg4Wu0l7yVRrXCjtpes_ETuS2Phw1Hxmr_Jglj-g==
expires: Fri, 09 Oct 2020 15:30:43 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 5 KB
2 KB 293ms
289ms Script
application/x-javascript 2600:9000:2156:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/placeholders.jquery.min.js&ver=60380d88

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 1747
x-cache-hit: HIT
last-modified: Mon, 05 Oct 2020 13:31:24 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: Jdli6hROjqOOhAfwMOB3xYhrBBEp3uZ66zVG8WATvlX9TTJeaFBXEg==
expires: Fri, 09 Oct 2020 15:30:49 GMT

GET
H3-Q050 200 api.js Show response
www.google.com/recaptcha/ 852 B
658 B 22ms
18ms Script
text/javascript 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=5.4.2

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c1bb9e412bbbb1c7027687a0b244564a41891353502dc8d909cb1e68b1f9a796

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 554
x-xss-protection: 1; mode=block
expires: Thu, 08 Oct 2020 16:15:36 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 386ms
382ms Script
application/x-javascript 2600:9000:2156:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/js/wp-embed.min.js,wp-content/plugins/akismet/_inc/form.js&ver=60380d88

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

21e46fe44c6929876f5a413c843ae516c0ddfd1aad3e8e33446b7bc0a6781b08

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 973
x-cache-hit: HIT
last-modified: Wed, 10 Jun 2020 22:05:38 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: ejsQswLYU9LCr4eKiBvTYgxSJCK6omuXKpzAu_QMXlC8QVdgFPWe9A==
expires: Fri, 09 Oct 2020 15:30:52 GMT

GET
H2 200 b-9a4f7ce-a7f6098c.js Show response
tagan.adlightning.com/math-aids-threatpost/ 61 KB
21 KB 26ms
23ms Script
application/javascript 99.86.243.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-9a4f7ce-a7f6098c.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-112.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0119689800eadf6270855a19b65d74251e7da6be5e4686f36c15bf81281ddb4c

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Sep 2020 01:26:46 GMT
content-encoding: gzip
age: 1954131
x-cache: Hit from cloudfront
status: 200
content-length: 20808
x-amz-meta-git_commit: 9a4f7ce
last-modified: Tue, 18 Aug 2020 17:45:57 GMT
server: AmazonS3
etag: "98ae1c21c96b68b5f173604d82c35d5d"
x-amz-version-id: PzdVsYQ0bdCd7Kp..jKBw4vE53Z4BW7z
via: 1.1 96b3f0ca359697e92cd090a37a2e3bf4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: HaL6_Rw2IH_zsN6jLi3kdeI-2Dmjkblz7cpmUHqCMwRf6zNXgRlglQ==

GET
H2 200 bl-04a3385-9c947366.js Show response
tagan.adlightning.com/math-aids-threatpost/ 72 KB
21 KB 134ms
132ms Script
application/javascript 99.86.243.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-04a3385-9c947366.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.243.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-243-112.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6093512522b5494940e9ade7c7c01312e7a31e600824874686588f4e448e4dad

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 14:52:31 GMT
content-encoding: gzip
age: 4986
x-cache: Hit from cloudfront
status: 200
content-length: 20837
x-amz-meta-git_commit: 04a3385
last-modified: Thu, 08 Oct 2020 14:51:08 GMT
server: AmazonS3
etag: "2350c3ba3236528aec39ed1b33cb4d6d"
x-amz-version-id: PGX7Buq5vGchsZ3S1dZR5Qz4PBelsTst
via: 1.1 96b3f0ca359697e92cd090a37a2e3bf4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: p9HV_NIcDbw1MQfHmh6iqixWaADB8Igbyq5h9I6TChvIe_DL7kQUOg==

GET
H2 200 pubads_impl_2020100501.js Show response
securepubads.g.doubleclick.net/gpt/ 271 KB
96 KB 35ms
15ms Script
text/javascript 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020100501.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

sffe /

Resource Hash

ce9fc9f45a3f5d71caa5b1cb264f152f8d1a1aad40d91fe4247c083521340ff5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 05 Oct 2020 08:42:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97451
x-xss-protection: 0
expires: Thu, 08 Oct 2020 16:15:36 GMT

GET
H2 200 vendor-list.json Show response
qd.admetricspro.com/js/cmp2/ 286 KB
30 KB 565ms
549ms XHR
application/json 2606:4700:e0::ac40:6826
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6826 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec95a631650981cd2ff2eecd07118042dee23fc0a3fd6ed70926fa3d94e4e5d3

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
cf-request-id: 05aa982d9800002b6591be2200000001
last-modified: Tue, 06 Oct 2020 19:31:27 GMT
server: cloudflare
etag: W/"4773b-5b105a5302c6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1602173737"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 5df1295c2eeb2b65-FRA
expires: Thu, 08 Oct 2020 16:25:36 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 109 KB
28 KB 59ms
19ms Script
application/javascript 99.86.240.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.180 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-180.vie50.r.cloudfront.net
Software: Server /
Resource Hash: 5876f68bf30a82eb99d9ec29e561f5c925ea347243c3e022021dd87823c65813

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 07 Oct 2020 18:11:14 GMT
content-encoding: gzip
server: Server
age: 79461
etag: 0ef1f140246b7e0337b522d7332711d3
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=86400
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: F_h6z7uxYK9-JyH9IoinMNZcNS3nnkiHvKXgBFzx8_hV7wXPUUJl9w==
via: 1.1 d88e262cb7d055ed4daf7466b2147af1.cloudfront.net (CloudFront)

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/65408/ Frame 7FBC
Redirect Chain

https://cd.connatix.com/connatix.player.js
https://cds.connatix.com/p/65408/connatix.player.dc.js

888 KB
219 KB

8ms
6ms

Script
application/javascript

151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/65408/connatix.player.dc.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6c2a5033d986aab2ca7dd5cd08ce5b731e162f3663470b66ad05898880bba4b2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
age: 7283
x-cache: HIT, HIT
status: 200
content-length: 223922
x-served-by: cache-dca17726-DCA, cache-hhn4051-HHN
access-control-allow-origin: *
last-modified: Thu, 08 Oct 2020 13:53:21 GMT
x-timer: S1602173736.418141,VS0,VE0
etag: "a51cf9b35c87fc1ba32d4fa6a6040fd3"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 1, 1063

Redirect headers

date: Thu, 08 Oct 2020 16:15:36 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-served-by: cache-hhn4051-HHN
status: 302
x-cache: HIT
location: https://cds.connatix.com/p/65408/connatix.player.dc.js
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
x-timer: S1602173736.410239,VS0,VE0
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
399 B 472ms
153ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=319065036&back=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 08 Oct 2020 16:15:36 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: MISS
Transfer-Encoding: chunked
X-Debug-Auth: off
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Request-Host: kasperskycontenthub.com
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 150 KB
48 KB 38ms
17ms Script
application/javascript 2a00:1450:4001:816::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a0f5fa6a8f13f599bd10e08442109f4b54217a242617b3b45b0a55f3de7c340a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48844
x-xss-protection: 0
last-modified: Thu, 08 Oct 2020 15:59:27 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 08 Oct 2020 16:15:36 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 13 KB
5 KB 282ms
94ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 01864580e1f385dc4512aed0de4b324cc1a04812709e7020e857612fc0ce9f4c

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Last-Modified: Mon, 05 Oct 2020 13:31:26 GMT
Server: nginx
ETag: W/"5f7b202e-3496"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 15 Oct 2020 16:15:37 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 13 KB
5 KB 281ms
94ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 01864580e1f385dc4512aed0de4b324cc1a04812709e7020e857612fc0ce9f4c

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Last-Modified: Mon, 05 Oct 2020 13:31:31 GMT
Server: nginx
ETag: W/"5f7b2033-3496"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 15 Oct 2020 16:15:37 GMT

GET
H/1.1 200
OK logo.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 594ms
188ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:37 GMT
Last-Modified: Mon, 05 Oct 2020 13:31:31 GMT
Server: nginx
ETag: "5f7b2033-4a32"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 18994
Expires: Thu, 15 Oct 2020 16:15:37 GMT

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 265ms
95ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:36 GMT
Last-Modified: Mon, 05 Oct 2020 13:31:26 GMT
Server: nginx
ETag: "5f7b202e-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20900
Expires: Fri, 08 Oct 2021 16:15:36 GMT

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 377ms
187ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:36 GMT
Last-Modified: Mon, 05 Oct 2020 13:31:31 GMT
Server: nginx
ETag: "5f7b2033-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20680
Expires: Fri, 08 Oct 2021 16:15:36 GMT

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 284ms
94ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:36 GMT
Last-Modified: Mon, 05 Oct 2020 13:31:26 GMT
Server: nginx
ETag: "5f7b202e-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20920
Expires: Fri, 08 Oct 2021 16:15:36 GMT

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 285ms
95ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:36 GMT
Last-Modified: Mon, 05 Oct 2020 13:31:26 GMT
Server: nginx
ETag: "5f7b202e-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20884
Expires: Fri, 08 Oct 2021 16:15:36 GMT

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 378ms
188ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:36 GMT
Last-Modified: Mon, 05 Oct 2020 13:31:31 GMT
Server: nginx
ETag: "5f7b2033-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 15820
Expires: Fri, 08 Oct 2021 16:15:36 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/48TunWH-ZrLteSwFVbw6tVnx/ 341 KB
134 KB 24ms
6ms Script
text/javascript 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/48TunWH-ZrLteSwFVbw6tVnx/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68575ad691a70cbdbe9e806567291969d2813ac54ae3a6e26f4778ba568b522e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:10:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 330
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136438
x-xss-protection: 0
last-modified: Mon, 05 Oct 2020 17:20:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Oct 2021 16:10:06 GMT

GET
H/1.1 200
OK mail-plane-light.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
722 B 522ms
94ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Last-Modified: Mon, 05 Oct 2020 13:31:26 GMT
Server: nginx
ETag: W/"5f7b202e-33c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 15 Oct 2020 16:15:37 GMT

GET
H/1.1 200
OK twitter-blue.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
847 B 521ms
93ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Last-Modified: Mon, 05 Oct 2020 13:31:31 GMT
Server: nginx
ETag: W/"5f7b2033-364"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 15 Oct 2020 16:15:37 GMT

GET
H/1.1 200
OK museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 160ms
95ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:36 GMT
Last-Modified: Mon, 05 Oct 2020 13:31:26 GMT
Server: nginx
ETag: "5f7b202e-5bac"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 23468
Expires: Fri, 08 Oct 2021 16:15:36 GMT

GET
H2 200 connatix.player.css
cds.connatix.com/p/65408/ 53 KB
9 KB 6ms
6ms Stylesheet
text/css 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/65408/connatix.player.css
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 072ab2e24f8ac0a6f43c0c0214b33e72c1f80b4cdea9503a416483a3d4cee21f

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
age: 7291
x-cache: HIT, HIT
status: 200
content-length: 8784
x-served-by: cache-dca17740-DCA, cache-hhn4051-HHN
access-control-allow-origin: *
last-modified: Thu, 08 Oct 2020 13:53:21 GMT
x-timer: S1602173737.642729,VS0,VE0
etag: "3c5fd80775ec68e957c0f096c2c519f7"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 1, 1195

GET
H/1.1 200
OK mail-plane-large-dark.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
722 B 280ms
93ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Last-Modified: Mon, 05 Oct 2020 13:31:31 GMT
Server: nginx
ETag: W/"5f7b2033-32c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 15 Oct 2020 16:15:37 GMT

GET
H/1.1 200
OK logo-white.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 282ms
95ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1601904686
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Thu, 08 Oct 2020 16:15:37 GMT
Last-Modified: Mon, 05 Oct 2020 13:31:26 GMT
Server: nginx
ETag: "5f7b202e-260a"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 9738
Expires: Thu, 15 Oct 2020 16:15:37 GMT

POST
H/1.1 200
OK pls Show response
capi.connatix.com/core/ Frame 7FBC 6 KB
2 KB 445ms
120ms XHR
multipart/form-data 18.224.152.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=65408
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.224.152.82 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-224-152-82.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: 469ff55f31cca5679c40560c673e7bdcdc00e67b8df0c9294788a2a854499c31

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
transfer-encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 58ms
22ms XHR
application/javascript 99.86.240.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.180 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-180.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 07 Oct 2020 20:00:56 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 72881
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Wed, 30 Sep 2020 05:43:29 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 f78fee2989d34e40cb45ddfbcb9ba346.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: u5VyYP6VzXRBuKaQvQ6NKQ9eUbJcgUYFXiizXIWPFCKPOJlzAPbPug==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
19 KB 35ms
5ms Script
text/javascript 2a00:1450:4001:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 3597
date: Thu, 08 Oct 2020 15:15:39 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Thu, 08 Oct 2020 17:15:39 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 23 KB
9 KB 35ms
8ms Script
application/javascript 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 87d73170be9a2e277c57d324c4e05ec0ac60ed3c0191fa29e7a31133b4c4c119

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
etag: "O/+l6c17R2TQ0JQMJXOiXA=="
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Thu, 15 Oct 2020 16:15:36 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 31ms
6ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
age: 67390
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-hhn4054-HHN
last-modified: Mon, 10 Aug 2020 18:10:59 GMT
x-timer: S1602173737.827313,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 3 B
348 B 511ms
471ms Script
application/x-javascript 2600:9000:206e:e400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:e400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:09:59 GMT
via: 1.1 211cf9a99496c6338c640ec7552e07cb.cloudfront.net (CloudFront)
last-modified: Fri, 03 Mar 2017 23:52:35 GMT
server: AmazonS3
age: 339
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Error from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=300
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: mB7YJ-l9bYQwwu93FEYPJQaN-pDgMocBtRy5KlQsyLBhaU5HnB0zOA==

GET
H2 200 adsct
t.co/i/ 43 B
449 B 139ms
123ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 115
pragma: no-cache
last-modified: Thu, 08 Oct 2020 16:15:36 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: c88fee2890170726f59a4f888f38c342
x-transaction: 00460d68001f60b6
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
124 B 38ms
13ms XHR
text/plain 2a00:1450:4001:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&aip=1&a=1609403991&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&ul=en-us&de=UTF-8&dt=Shlayer%20Mac%20Malware%20Returns%20with%20Extra%20Sneakiness%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1556114476&gjid=668235594&cid=1870212433.1602173737&tid=UA-35676203-21&_gid=455384404.1602173737&_r=1&gtm=2wg9u1PM29HLF&z=1309860493

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
392 B 21ms
12ms Image
image/gif 2a00:1450:4001:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j86&aip=1&a=1609403991&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&ul=en-us&de=UTF-8&dt=Shlayer%20Mac%20Malware%20Returns%20with%20Extra%20Sneakiness%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=1870212433.1602173737&tid=UA-35676203-21&_gid=455384404.1602173737&gtm=2wg9u1PM29HLF&z=1995434306

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Oct 2020 22:05:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 65377
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
453 B 43ms
15ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-35676203-21&cid=1870212433.1602173737&jid=1556114476&gjid=668235594&_gid=455384404.1602173737&_u=YEBAAEAAAAAAAC~&z=1349644234

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 08 Oct 2020 16:15:36 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
295 B 30ms
29ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-35676203-21&cid=1870212433.1602173737&jid=1556114476&_u=YEBAAEAAAAAAAC~&z=2023033116

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
513 B 49ms
30ms Image
image/gif 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-35676203-21&cid=1870212433.1602173737&jid=1556114476&_u=YEBAAEAAAAAAAC~&z=2023033116

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/48TunWH-ZrLteSwFVbw6tVnx/ 341 KB
133 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/48TunWH-ZrLteSwFVbw6tVnx/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=5.4.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68575ad691a70cbdbe9e806567291969d2813ac54ae3a6e26f4778ba568b522e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://threatpost.com
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:10:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 331
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136438
x-xss-protection: 0
last-modified: Mon, 05 Oct 2020 17:20:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Oct 2021 16:10:06 GMT

GET
H/1.1 200
OK v1 Show response
geo.ipify.org/api/ 420 B
1 KB 651ms
332ms XHR
application/json 64.140.160.2
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL

https://geo.ipify.org/api/v1?apiKey=at_riPAQYz3EiQ6JhsH05bmtozma13RA

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

64.140.160.2 Los Angeles, United States, ASN18450 (WEBNX, US),

Reverse DNS

threatintelligenceplatform.com

Software

nginx /

Resource Hash

7851468a81d1ce63ee8beb5d286295021d82e8e366b79ef03ed686e18b74e949

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: nginx
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
567 B 278ms
278ms Image
image/svg+xml 2600:9000:2156:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=60380d88
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=60380d88
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 08 Oct 2020 16:15:37 GMT
content-encoding: gzip
last-modified: Mon, 05 Oct 2020 13:31:31 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: W/"5f7b2033-ec"
x-cache: Miss from cloudfront
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
x-amz-cf-id: SPWQyrFEsYqeX-ugY_kEh-qYQ1r_Vozr5zYtHDU8TW5XEN7QF7_HJw==
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
expires: Thu, 15 Oct 2020 16:15:37 GMT

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 393ms
373ms Font
font/woff2 2600:9000:2156:f800:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=60380d88
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:f800:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Origin: https://threatpost.com
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=60380d88
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:37 GMT
via: 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 77160
pragma: public
last-modified: Mon, 05 Oct 2020 13:31:26 GMT
server: nginx
etag: "5f7b202e-12d68"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: blUvD8JDBGbS-osoo4UEobeYnbi30nLhZ0iQXXjk0Q2EFXDxsmFngA==
expires: Fri, 08 Oct 2021 16:15:37 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
651 B 132ms
116ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 109
pragma: no-cache
last-modified: Thu, 08 Oct 2020 16:15:37 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 9f65fcb1ada67c0065a65fa505773599
x-transaction: 00136de000f47e10
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3-Q050 200 anchor
www.google.com/recaptcha/api2/ Frame DBF7 0
0 29ms
29ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=48TunWH-ZrLteSwFVbw6tVnx&theme=standard&size=normal&cb=eyrx0gmv4sil

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lVeVBRw25ReTUc5mqylGjQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=48TunWH-ZrLteSwFVbw6tVnx&theme=standard&size=normal&cb=eyrx0gmv4sil
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 08 Oct 2020 16:15:37 GMT
content-security-policy: script-src 'report-sample' 'nonce-lVeVBRw25ReTUc5mqylGjQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 11182
server: GSE
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 200
OK sr Show response
capi.connatix.com/tr/ Frame 7FBC 0
323 B 425ms
107ms XHR
multipart/form-data 18.224.152.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/sr?v=65408
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.224.152.82 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-224-152-82.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 3_media.bin Show response
vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/ Frame 7FBC 232 B
468 B 25ms
9ms XHR
application/octet-stream 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/3_media.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1e6cc52bffa814d7c7912cd64a2ef303e6a2f2387b428173dca05f032bfa5788

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:37 GMT
content-encoding: gzip
age: 883458
x-cache: HIT, HIT
status: 200
content-length: 204
x-served-by: cache-bwi5138-BWI, cache-hhn4041-HHN
last-modified: Thu, 17 Sep 2020 01:42:41 GMT
x-timer: S1602173737.407006,VS0,VE1
etag: "796c77896c9738780ae744fd3eb73483"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 1.png
img.connatix.com/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 4 KB
5 KB 14ms
7ms Image
image/webp 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 98170098ad5b9e0e27bc80b4fab39889cb6437246979ee85680f64bb77d03a08

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:37 GMT
via: 1.1 varnish, 1.1 varnish
age: 1144943
x-cache: HIT, HIT
fastly-io-info: ifsz=8114 idim=288x42 ifmt=png ofsz=4328 odim=288x42 ofmt=webp
status: 200
fastly-stats: io=1
content-encoding: gzip
content-length: 4351
x-served-by: cache-dca17721-DCA, cache-hhn4051-HHN
x-timer: S1602173737.404689,VS0,VE1
etag: "E00cBQTrMvE7BFKf7WtTa6oGFTVX3QMTXtfExBtu+i8"
vary: Accept
x-amz-request-id: 73558CDC7A440D38
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
content-type: image/webp
x-cache-hits: 1, 1

GET
H2 400 / Show response
graph.facebook.com/ 202 B
586 B 50ms
36ms XHR
application/json 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2664d4a135be03411365f11717209e528e5350672a688007a57fe4607085c2b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
status: 400
x-fb-rev: 1002790228
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 149
pragma: no-cache
x-fb-debug: 7H28ZWjOkw4w3AnBKOCf+TL4j6xnjMfeE1yEZGjExAHGUOk4xru5+iA5bRXV9JkLHk/1umYM9QiSv8gIIOACZA==
x-fb-trace-id: EPKDviescX0
date: Thu, 08 Oct 2020 16:15:37 GMT
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-fb-request-id: Alj1OYNbW0Hug2GCSIZWR6P
cache-control: no-store
facebook-api-version: v3.1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 share
www.linkedin.com/countserv/count/ 0
0 123ms
109ms Script
text/html 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin.com/countserv/count/share?url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F&format=jsonp&callback=jQuery112408502977795076032_1602173736400&_=1602173736401
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 info.json Show response
www.reddit.com/api/ 102 B
1 KB 185ms
139ms XHR
application/json 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.53.140 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

f4f2c0a4763f01ee2b13b4f8189e6fd5f32bd704d71fed8d0f11883de9724198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:37 GMT
via: 1.1 varnish
x-content-type-options: nosniff
status: 200
content-length: 102
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
x-moose: majestic
server: snooserv
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
accept-ranges: bytes
expires: -1

GET
H3-Q050 200 anchor
www.google.com/recaptcha/api2/ Frame 03AD 0
0 35ms
34ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=48TunWH-ZrLteSwFVbw6tVnx&theme=light&size=normal&cb=f61a3blg97n4

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-iMUQhq8PC0xZwWLcaxKYvA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=48TunWH-ZrLteSwFVbw6tVnx&theme=light&size=normal&cb=f61a3blg97n4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 08 Oct 2020 16:15:37 GMT
content-security-policy: script-src 'report-sample' 'nonce-iMUQhq8PC0xZwWLcaxKYvA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10919
server: GSE
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 200
OK e Show response
capi.connatix.com/tr/ Frame 7FBC 0
323 B 344ms
108ms XHR
multipart/form-data 18.224.152.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/e
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.224.152.82 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-224-152-82.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK ps Show response
capi.connatix.com/tr/ Frame 7FBC 0
323 B 321ms
107ms XHR
multipart/form-data 18.224.152.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ps?v=65408
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.224.152.82 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-224-152-82.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK ao Show response
capi.connatix.com/tr/ Frame 7FBC 0
323 B 320ms
107ms XHR
multipart/form-data 18.224.152.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/ao?v=65408
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.224.152.82 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-224-152-82.us-east-2.compute.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 1_th.jpg
img.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/ 2 KB
2 KB 8ms
7ms Image
image/webp 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3773223dc3f0b2c5f4ba6310b5eb478b52db9c305623545b0723b10a1e636b14

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:37 GMT
via: 1.1 varnish, 1.1 varnish
age: 1185152
x-cache: HIT, HIT
fastly-io-info: ifsz=36645 idim=2560x1440 ifmt=jpeg ofsz=2098 odim=400x225 ofmt=webp
status: 200
fastly-stats: io=1
content-encoding: gzip
content-length: 2066
x-served-by: cache-dca17720-DCA, cache-hhn4051-HHN
x-timer: S1602173737.476186,VS0,VE1
etag: "iDhG33Z1a+GgxtfhSqjNbZ1Iz0hjRhSMeN4Q5WPVjm0"
vary: Accept
x-amz-request-id: 9718C29D2B1AEC8D
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
content-type: image/webp
x-cache-hits: 1, 1

GET
H2 200 prebid3.25.0-1.js Show response
cds.connatix.com/p/plugins/ Frame 7FBC 286 KB
89 KB 7ms
7ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b3e65f5bc65f920ed835a1329e8e585275e7c0e93de8a5c5642eab6300a11cef

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:37 GMT
content-encoding: gzip
age: 2097093
x-cache: HIT, HIT
status: 200
content-length: 90468
x-served-by: cache-dca17730-DCA, cache-hhn4051-HHN
access-control-allow-origin: *
last-modified: Mon, 14 Sep 2020 09:43:49 GMT
x-timer: S1602173738.607520,VS0,VE0
etag: "9c38c88a790efaae20de0f5391a27029"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 2, 592

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 24 B
257 B 235ms
219ms XHR
application/json 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=438654&v=7.2&r=%7B%22id%22%3A%221a3a55bd3e7116%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22283ce37603ba12%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%223c4c30bc950eed%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22451425e2c9e826%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22283ce37603ba12%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22970x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22283ce37603ba12%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%223c4c30bc950eed%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22sid%22%3A%22336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22451425e2c9e826%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 19642183c7216202f8585c8a953db9be798207e5092cd5ab2b156fdf3cb8f9d3

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:37 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 44
expires: Thu, 08 Oct 2020 16:15:37 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 371 B
1 KB 76ms
39ms XHR
application/json 37.252.173.62
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

fa96345fcb3efdc63fe2d47ff53d79abd4578db2d3455dd97f63d98bde78e748

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:37 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.14:80
AN-X-Request-Uuid: 703637a1-ffc4-45dc-9cc0-6283457ab94f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 371
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
115 B 135ms
80ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Thu, 08 Oct 2020 16:15:37 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

POST
H2 200 c Show response
prebid.a-mo.net/a/ 655 B
834 B 441ms
206ms XHR
application/json 100.24.218.250
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.218.250 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 3b1883ee76f59c128399604a19c4e29c99098c9845d519366bd097c5c36c753e

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 08 Oct 2020 16:15:38 GMT
content-encoding: gzip
server: Cowboy
status: 200
x-amzn-trace-id: Bids=0;Placement=dGhyZWF0cG9zdC5jb20
vary: origin, accept-encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 325

POST
H2 200 adreq Show response
ads.servenobid.com/ 10 KB
3 KB 126ms
64ms XHR
application/json 52.212.5.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=8307
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.5.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 428e9929861f2c8e4d46e098f38f9e7b6d3188e8dffb1442f6a98e26c5cf9507

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 08 Oct 2020 16:15:37 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
status: 200
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
access-control-allow-credentials: true

POST
H2 200 v2 Show response
e.serverbid.com/api/ 16 B
168 B 327ms
98ms XHR
application/json 178.128.135.80
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.128.135.80 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Thu, 08 Oct 2020 16:15:37 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com
content-length: 16
vary: Origin
content-type: application/json

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
476 B 126ms
92ms XHR
application/json 52.58.26.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=4.10.0&referrer=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&tmax=1200&gdpr=false

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.58.26.10 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-58-26-10.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:37 GMT
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2

200

ADTECH;apid=1A80ac8e54-0981-11eb-8c4d-126145921f52;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=575f34fd7d2667d;misc=1602173737636 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=575f34fd7d2667d;misc=1602173737636;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=575f34fd7d2667d;misc=1602173737636
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A80ac8e54-0981-11eb-8c4d-126145921f52;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=575f34fd7d2667d;misc=16...

1 KB
2 KB

152ms
148ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A80ac8e54-0981-11eb-8c4d-126145921f52;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=575f34fd7d2667d;misc=1602173737636
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 308e1d0bf8d9f9ca518436965729d5398a87fba21a9cb04a15cc65a715e1a519

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:38 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 1469
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:37 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A80ac8e54-0981-11eb-8c4d-126145921f52;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=575f34fd7d2667d;misc=1602173737636
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=58e15d3efe7994f;misc=1602173737636 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=58e15d3efe7994f;misc=1602173737636;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=58e15d3efe7994f;misc=1602173737636
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=58e15d3efe7994f;misc=16...

1 KB
2 KB

134ms
131ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=58e15d3efe7994f;misc=1602173737636
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: a4f281c13aa2a73483633b5c6cc079a74059d1f1f5d44de8cd25f37c489335a3

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:38 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 1469
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:37 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=58e15d3efe7994f;misc=1602173737636
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1A80ab8a4a-0981-11eb-be92-120b32d93760;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=5927432132557b7;misc=1602173737636 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=5927432132557b7;misc=1602173737636;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=5927432132557b7;misc=1602173737636
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A80ab8a4a-0981-11eb-be92-120b32d93760;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=5927432132557b7;misc=16...

1 KB
2 KB

150ms
145ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A80ab8a4a-0981-11eb-be92-120b32d93760;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=5927432132557b7;misc=1602173737636
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 8437af4436a1008eb1d73b9fcb156f3005fdd02c0fe620f2b2e65b38bb027f0a

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:38 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 1468
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:37 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A80ab8a4a-0981-11eb-be92-120b32d93760;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=5927432132557b7;misc=1602173737636
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1A80ac98e0-0981-11eb-907e-12998b4eae46;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=600a83dd993b42a;misc=1602173737636 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=600a83dd993b42a;misc=1602173737636;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=600a83dd993b42a;misc=1602173737636
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A80ac98e0-0981-11eb-907e-12998b4eae46;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=600a83dd993b42a;misc=16...

1 KB
2 KB

137ms
132ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A80ac98e0-0981-11eb-907e-12998b4eae46;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=600a83dd993b42a;misc=1602173737636
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 559a8023730d7c14cf1f02032a2a7dca710e3cf77abaa10ade6db613c0ece4eb

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:38 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/json
content-length: 1468
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:37 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A80ac98e0-0981-11eb-907e-12998b4eae46;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=600a83dd993b42a;misc=1602173737636
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1A80a363ec-0981-11eb-9c45-1212911483a0;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=6190c69f7a0cea6;misc=1602173737636 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=6190c69f7a0cea6;misc=1602173737636;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=6190c69f7a0cea6;misc=1602173737636
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1A80a363ec-0981-11eb-9c45-1212911483a0;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=6190c69f7a0cea6;misc=16...

1 KB
2 KB

152ms
143ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1A80a363ec-0981-11eb-9c45-1212911483a0;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=6190c69f7a0cea6;misc=1602173737636
Requested by: Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 5481f30ba9d01f44fe7726f2f72acf887c9ea90631f66c6937f6df3464c6e5fa

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:38 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 1468
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:37 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;apid=1A80a363ec-0981-11eb-9c45-1212911483a0;cfp=1;rndc=1602173737;v=2;cmd=bid;cors=yes;alias=6190c69f7a0cea6;misc=1602173737636
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 379 B
1 KB 65ms
36ms XHR
application/json 37.252.173.62
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

a912e70538e92fb1e7970a59f67b43615584959f6c0a96d0ca2ed68e7fe62c3a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:37 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.49:80
AN-X-Request-Uuid: 1643fdb5-b1be-47b5-b128-aa76ff4abc98
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 379
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 3 KB
3 KB 111ms
85ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&tk_flint=pbjs_lite_v4.10.0&x_source.tid=d7c566d2-72ef-41f3-8486-4d485f960623&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.12203508870287938
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 136aa09e9cb1f433a76e9f805a8c6559bdfe8f8e947351d75139daf2214ca398

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 1505
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
2 KB 119ms
93ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&tk_flint=pbjs_lite_v4.10.0&x_source.tid=fa54d39b-689c-4396-946c-82ef02fa56e8&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8933634065472187
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 3c516be42ddfa658cff16692483335d1b7c48425bfc8448504928590701e697d

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:37 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
2 KB 121ms
89ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&tk_flint=pbjs_lite_v4.10.0&x_source.tid=bbd5bdf4-3359-4b1d-ad9f-faff6dc39681&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.11055742565764537
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: d93cf39705c0bc6c7a9dd7b9533ecd7b20d771a4ee03a565e3aa6b51543490a0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:37 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
2 KB 145ms
111ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&tk_flint=pbjs_lite_v4.10.0&x_source.tid=bbd5bdf4-3359-4b1d-ad9f-faff6dc39681&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9206976980434494
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e106abbef218a2ed4209a20156878f88540ac5db9df431978cad768027d60d55

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:37 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 arj Show response
teachingaids-d.openx.net/w/1.0/ 173 B
560 B 99ms
65ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=d7c566d2-72ef-41f3-8486-4d485f960623%2Cd7c566d2-72ef-41f3-8486-4d485f960623%2Cfa54d39b-689c-4396-946c-82ef02fa56e8%2Cbbd5bdf4-3359-4b1d-ad9f-faff6dc39681%2Cbbd5bdf4-3359-4b1d-ad9f-faff6dc39681&nocache=1602173737659&gdpr=0&x_gdpr_f=1&pubcid=cff17c0d-c32b-43ee-a7bc-b97c265c6989&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divIds=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.194.0 /
Resource Hash: 357d9c288830c6aca87a5031448d47ee2db800f809ed0b2f85a45abd9cb4e8ec

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:37 GMT
content-encoding: gzip
server: OXGW/16.194.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 96 B
760 B 139ms
106ms XHR
application/json 216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.10.0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: c8c1db4b20beaa9321f0918115c515c4ed019d8b31ce657e0d28951f7af75ee7

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 08 Oct 2020 16:15:37 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 101

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
368 B 96ms
96ms XHR
text/javascript 99.86.240.180
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&pid=GHqZ5RBSXoPwu&cb=0&ws=1600x1200&v=7.55.00&t=1200&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F21707124336%2FThreatPost-970x250-ATF%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F21707124336%2FThreatPost-300x250-ATF%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F21707124336%2FThreatPost-300x600-ATF%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%222x2%22%5D%2C%22sn%22%3A%22%2F21707124336%2FThreatPost-2x2-Skin%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.240.180 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-240-180.vie50.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:37 GMT
via: 1.1 d88e262cb7d055ed4daf7466b2147af1.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: VIE50-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: bcztglnDGTpiMmogUnP5PpIKYPHty583c9F1n0aOcsdn9vbo7TgL4w==

GET
H2 200 pixel;r=327056760;source=gtm;rf=0;uh=65ce955d6ae6;uht=2;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue;fpan=1;fpa=P0-1177959...
pixel.quantserve.com/ 35 B
372 B 17ms
8ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=327056760;source=gtm;rf=0;uh=65ce955d6ae6;uht=2;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue;fpan=1;fpa=P0-1177959967-1602173737671;ns=0;ce=1;qjs=1;qv=3364aec3-20201006003021;cm=;gdpr=0;ref=;d=threatpost.com;je=0;sr=1600x1200x24;dst=1;et=1602173737671;tzo=-120;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2020%2F01%2F22100148%2Ftroja%2Ctype.article%2Ctitle.Shlayer%20Mac%20Malware%20Returns%20with%20Extra%20Sneakiness%2Cdescription.Spreading%20via%20poisoned%20Google%20search%20results%252C%20this%20new%20version%20of%20Mac's%20No%252E%201%20th%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:37 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
status: 200
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050 200 bframe
www.google.com/recaptcha/api2/ Frame 2081 0
0 80ms
80ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=48TunWH-ZrLteSwFVbw6tVnx&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=7vxyay2aeac

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4NoRAM8b4q2SlNMTMIzdCg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=48TunWH-ZrLteSwFVbw6tVnx&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=7vxyay2aeac
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 08 Oct 2020 16:15:37 GMT
content-security-policy: script-src 'report-sample' 'nonce-4NoRAM8b4q2SlNMTMIzdCg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1174
server: GSE
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 bframe
www.google.com/recaptcha/api2/ Frame 4AAE 0
0 22ms
22ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=48TunWH-ZrLteSwFVbw6tVnx&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=6y46mjjjvxm8

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-q5M7IoRpJoJpzFMZ+DrgDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=48TunWH-ZrLteSwFVbw6tVnx&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=6y46mjjjvxm8
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 08 Oct 2020 16:15:37 GMT
content-security-policy: script-src 'report-sample' 'nonce-q5M7IoRpJoJpzFMZ+DrgDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1173
server: GSE
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 7FBC 143 B
1 KB 66ms
66ms XHR
application/json 37.252.173.62
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

6a40bb7520e8da8ddbd6bd4814a9438eed29cf2244dc19002edf09a8c4dc106a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:37 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.37:80
AN-X-Request-Uuid: a545dcd9-328e-458e-ad26-ed8b9bb26e0f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame 7FBC 92 B
285 B 23ms
23ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=480c7dff-a519-45b1-8a98-b1da959a1133&nocache=1602173737898&auid=540882778&vwd=400&vht=225
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.194.0 /
Resource Hash: 004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:37 GMT
via: 1.1 google
server: OXGW/16.194.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 92
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 7FBC 142 B
1 KB 60ms
60ms XHR
application/json 37.252.173.62
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

103619a1e9ed4f73bde0d6ac618a257188e606e125d045e280f3dc186c47d9b2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:37 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.152:80
AN-X-Request-Uuid: 011cc364-ee23-4051-936e-3df3a6b25d22
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 142
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 7FBC 0
59 B 67ms
67ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Thu, 08 Oct 2020 16:15:37 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame 7FBC 92 B
282 B 21ms
21ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=772593fb-6d3b-4aef-a217-c51ad7741cdb&nocache=1602173737905&auid=540882779&vwd=400&vht=225
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.194.0 /
Resource Hash: 004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:37 GMT
via: 1.1 google
server: OXGW/16.194.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 92
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cygnus Show response
as-sec.casalemedia.com/ Frame 7FBC 25 B
258 B 466ms
464ms XHR
application/json 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?t=900&s=435870&v=8.1&r=%7B%22id%22%3A%2211469df1d37b1c7%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2212ca8b213fc9bf4%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22400x225%22%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180000%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%7D&ac=j&sd=1&nf=1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 3bd629d40665df70560408ef15ba85935c03c676d8408cd53bab4a78f66fdc9b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:38 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 45
expires: Thu, 08 Oct 2020 16:15:38 GMT

GET
H2 200 cygnus Show response
as-sec.casalemedia.com/ Frame 7FBC 25 B
258 B 404ms
401ms XHR
application/json 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?t=900&s=435871&v=8.1&r=%7B%22id%22%3A%2213663e735884312%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2214093ce9281d125%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22400x225%22%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180000%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%7D&ac=j&sd=1&nf=1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8a80d3dcbb76cc81900852f3f017919b1db8bf9d1f84a6c277c4529feca16b2c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:38 GMT
content-encoding: gzip
server: Apache
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 45
expires: Thu, 08 Oct 2020 16:15:38 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 7FBC 0
59 B 56ms
55ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Thu, 08 Oct 2020 16:15:37 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 7FBC 0
215 B 244ms
186ms XHR
application/json 3.124.44.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.44.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

GET
H2 200 playlist.m3u8 Show response
vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/ Frame 7FBC 309 B
296 B 16ms
7ms XHR
application/x-mpegurl 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/playlist.m3u8
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:37 GMT
content-encoding: gzip
age: 53478
x-cache: HIT, HIT
status: 200
content-length: 164
x-served-by: cache-bwi5138-BWI, cache-hhn4041-HHN
last-modified: Mon, 07 Sep 2020 18:49:42 GMT
x-timer: S1602173738.973844,VS0,VE1
etag: "8a966507b13615ecdc1330a4bc9dcfe1"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 0.m3u8 Show response
vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/ Frame 7FBC 5 KB
1 KB 7ms
7ms XHR
application/x-mpegurl 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/0.m3u8
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ac1eed21fdddd6a981458cc46e79523f77a9b44b9b639d9df405c0d9827cc552

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:38 GMT
content-encoding: gzip
age: 888214
x-cache: HIT, HIT
status: 200
content-length: 959
x-served-by: cache-bwi5137-BWI, cache-hhn4041-HHN
last-modified: Mon, 07 Sep 2020 18:49:41 GMT
x-timer: S1602173738.011033,VS0,VE1
etag: "3a71266b043248350b2f39a55da8294e"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 1, 1

OPTIONS
H2 200 0.mp4
vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/ Frame 0
0 53ms
4ms Other 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/0.mp4
Protocol: H2
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

status: 200
retry-after: 0
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Thu, 08 Oct 2020 16:15:38 GMT
x-served-by: cache-hhn4041-HHN
x-cache: HIT
x-cache-hits: 0
x-timer: S1602173738.071086,VS0,VE0
cache-control: max-age=31557600
content-length: 0

GET
H2 206 0.mp4 Show response
vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/ Frame 7FBC 1 KB
2 KB 7ms
7ms XHR
video/mp4 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e8c207773b5b242229f77be9cde555a9cf5ced8288409f80da3d5192706e40e3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-1428

Response headers

date: Thu, 08 Oct 2020 16:15:38 GMT
last-modified: Mon, 07 Sep 2020 18:49:41 GMT
age: 888212
etag: "7e14a97a9fd99818d5080eb2d1b8cc43-7"
x-served-by: cache-bwi5129-BWI, cache-hhn4041-HHN
status: 206
x-cache: HIT, HIT
content-type: video/mp4
Content-Range: bytes 0-1428/32479190
cache-control: max-age=31557600
accept-ranges: bytes
x-timer: S1602173738.080402,VS0,VE1
access-control-allow-origin: *
Content-Length: 1429
x-cache-hits: 1, 1

OPTIONS
H2 200 0.mp4
vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/ Frame 0
0 6ms
6ms Other 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/0.mp4
Protocol: H2
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

status: 200
retry-after: 0
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Thu, 08 Oct 2020 16:15:38 GMT
x-served-by: cache-hhn4041-HHN
x-cache: HIT
x-cache-hits: 0
x-timer: S1602173738.090484,VS0,VE0
cache-control: max-age=31557600
content-length: 0

GET
H2 206 0.mp4 Show response
vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/ Frame 7FBC 444 KB
445 KB 7ms
7ms XHR
video/mp4 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: dd7d093a1d67babe8e574f94231253e281cf71195d34d8d7035329c655915c90

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=1429-456334

Response headers

date: Thu, 08 Oct 2020 16:15:38 GMT
last-modified: Mon, 07 Sep 2020 18:49:41 GMT
age: 888212
etag: "7e14a97a9fd99818d5080eb2d1b8cc43-7"
x-served-by: cache-bwi5129-BWI, cache-hhn4041-HHN
status: 206
x-cache: HIT, HIT
content-type: video/mp4
Content-Range: bytes 1429-456334/32479190
cache-control: max-age=31557600
accept-ranges: bytes
x-timer: S1602173738.097454,VS0,VE0
access-control-allow-origin: *
Content-Length: 454906
x-cache-hits: 1, 2

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
890 B 38ms
17ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 08 Oct 2020 16:15:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
890 B 36ms
15ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 08 Oct 2020 16:15:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET ads
securepubads.g.doubleclick.net/gampad/ 0
0

GET
H2 200 container.html
237be589fae8b4cff8daa29793f14f33.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 112ms
43ms Other
text/html 2a00:1450:4001:815::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://237be589fae8b4cff8daa29793f14f33.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:815::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 66ms
45ms Other
text/html 2a00:1450:4001:81b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:81b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

OPTIONS
H2 200 0.mp4
vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/ Frame 0
0 7ms
7ms Other 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/0.mp4
Protocol: H2
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

status: 200
retry-after: 0
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Thu, 08 Oct 2020 16:15:38 GMT
x-served-by: cache-hhn4041-HHN
x-cache: HIT
x-cache-hits: 0
x-timer: S1602173738.273036,VS0,VE0
cache-control: max-age=31557600
content-length: 0

GET
H2 206 0.mp4 Show response
vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/ Frame 7FBC 390 KB
390 KB 7ms
7ms XHR
video/mp4 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 91e8f81ef3c99be20d905536aa719b1fd716ce7760080c3ca6b0cd552723535d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=456335-855191

Response headers

date: Thu, 08 Oct 2020 16:15:38 GMT
last-modified: Mon, 07 Sep 2020 18:49:41 GMT
age: 888212
etag: "7e14a97a9fd99818d5080eb2d1b8cc43-7"
x-served-by: cache-bwi5129-BWI, cache-hhn4041-HHN
status: 206
x-cache: HIT, HIT
content-type: video/mp4
Content-Range: bytes 456335-855191/32479190
cache-control: max-age=31557600
accept-ranges: bytes
x-timer: S1602173738.281334,VS0,VE0
access-control-allow-origin: *
Content-Length: 398857
x-cache-hits: 1, 3

POST
H/1.1 200
OK mq Show response
capi.connatix.com/tr/ Frame 7FBC 0
323 B 425ms
106ms XHR
multipart/form-data 52.14.222.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/mq?v=65408
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.14.222.78 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 08 Oct 2020 16:15:38 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST sv
capi.connatix.com/tr/ Frame 7FBC 0
0

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 8E6C 0
0 215ms
93ms Document
text/html 104.111.215.68
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.68 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-68.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Last-Modified: Sat, 01 Aug 2020 14:58:34 GMT
ETag: "13006b6-94fd-5abd223c2ac92"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=65707
Expires: Fri, 09 Oct 2020 10:30:48 GMT
Date: Thu, 08 Oct 2020 16:15:41 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame 9A2D 0
0 190ms
67ms Document
text/html 104.111.215.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.51 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=7253945076828680577; icu=ChgI8ppIEAoYASABKAEwqfb8-wU4AUABSAEKGAjMsmEQChgBIAEoATCp9vz7BTgBQAFIARCp9vz7BRgB
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: "5e7a2cb3-cefd"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17037
Cache-Control: max-age=86402
Expires: Fri, 09 Oct 2020 16:15:43 GMT
Date: Thu, 08 Oct 2020 16:15:41 GMT
Connection: keep-alive

GET
H/1.1 200
OK ixmatch.html
js-sec.indexww.com/um/ Frame 92A7 0
0 183ms
60ms Document
text/html 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: Apache
Last-Modified: Tue, 06 Oct 2020 14:04:48 GMT
ETag: "e20015-8f4-5b10114f2003a"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 08 Oct 2020 16:15:41 GMT
Content-Length: 1136
Connection: keep-alive

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame BF3D 0
0 185ms
64ms Document
text/html 104.111.215.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.51 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=7253945076828680577; icu=ChgI8ppIEAoYASABKAEwqfb8-wU4AUABSAEKGAjMsmEQChgBIAEoATCp9vz7BTgBQAFIARCp9vz7BRgB
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: "5e7a2cb3-cefd"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17037
Cache-Control: max-age=86402
Expires: Fri, 09 Oct 2020 16:15:43 GMT
Date: Thu, 08 Oct 2020 16:15:41 GMT
Connection: keep-alive

GET
H/1.1 200
OK ixmatch.html
js-sec.indexww.com/um/ Frame 2856 0
0 180ms
61ms Document
text/html 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: Apache
Last-Modified: Tue, 06 Oct 2020 14:04:48 GMT
ETag: "e20015-8f4-5b10114f2003a"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 08 Oct 2020 16:15:41 GMT
Content-Length: 1136
Connection: keep-alive

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame FA7B 0
0 189ms
67ms Document
text/html 104.111.215.68
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.68 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-68.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Last-Modified: Sat, 01 Aug 2020 14:58:34 GMT
ETag: "13006b6-94fd-5abd223c2ac92"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=65707
Expires: Fri, 09 Oct 2020 10:30:48 GMT
Date: Thu, 08 Oct 2020 16:15:41 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 pd
u.openx.net/w/1.0/ Frame 5520 0
0 153ms
80ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.194.0 /
Resource Hash

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=cff17c0d-c32b-43ee-a7bc-b97c265c6989|1602173737
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=cff17c0d-c32b-43ee-a7bc-b97c265c6989|1602173737; Version=1; Expires=Fri, 08-Oct-2021 16:15:41 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1602173741|gekin0vNiygu; Version=1; Expires=Fri, 23-Oct-2020 16:15:41 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.194.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 08 Oct 2020 16:15:41 GMT
content-type: text/html
content-length: 419
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 pd
u.openx.net/w/1.0/ Frame 86F4 0
0 140ms
69ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.194.0 /
Resource Hash

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=cff17c0d-c32b-43ee-a7bc-b97c265c6989|1602173737
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=cff17c0d-c32b-43ee-a7bc-b97c265c6989|1602173737; Version=1; Expires=Fri, 08-Oct-2021 16:15:41 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1602173741|gekin0vNiygu; Version=1; Expires=Fri, 23-Oct-2020 16:15:41 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.194.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 08 Oct 2020 16:15:41 GMT
content-type: text/html
content-length: 419
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55986/ Frame 7FBC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_...
https://pixel.advertising.com/ups/55986/sync?uid=X387LQAAAIPQn0rE&_origin=0&gdpr=0&gdpr_consent=&_test=X387LQAAAIPQn0rE
https://ups.analytics.yahoo.com/ups/55986/sync?uid=X387LQAAAIPQn0rE&_origin=0&gdpr=0&gdpr_consent=&_test=X387LQAAAIPQn0rE&apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88

0
963 B

594ms
62ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55986/sync?uid=X387LQAAAIPQn0rE&_origin=0&gdpr=0&gdpr_consent=&_test=X387LQAAAIPQn0rE&apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS/7.1.2.113 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 08 Oct 2020 16:15:42 GMT
Server: ATS/7.1.2.113
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Thu, 08 Oct 2020 16:15:41 GMT
location: https://ups.analytics.yahoo.com/ups/55986/sync?uid=X387LQAAAIPQn0rE&_origin=0&gdpr=0&gdpr_consent=&_test=X387LQAAAIPQn0rE&apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

sync
pixel.advertising.com/ups/55953/ Frame 7FBC
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
https://pixel.advertising.com/ups/55953/sync?uid=2319d1dc-3fb8-43f4-9a0b-05c529247d98&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=2319d1dc-3fb8-43f4-9a0b-05c529247d98

0
124 B

174ms
74ms

Image
text/plain

52.57.10.248
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55953/sync?uid=2319d1dc-3fb8-43f4-9a0b-05c529247d98&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=2319d1dc-3fb8-43f4-9a0b-05c529247d98

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.57.10.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Thu, 08 Oct 2020 16:15:41 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:41 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.advertising.com/ups/55953/sync?uid=2319d1dc-3fb8-43f4-9a0b-05c529247d98&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=2319d1dc-3fb8-43f4-9a0b-05c529247d98
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 369

GET
H2 200 %7Bcombo_uid%7D
pr-bh.ybp.yahoo.com/sync/adaptv_ortb/ Frame 7FBC 43 B
840 B 128ms
41ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/adaptv_ortb/%7Bcombo_uid%7D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 08 Oct 2020 16:15:41 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/57304/ Frame 7FBC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm=&google_sc=&google_tc=
https://pixel.advertising.com/ups/57304/sync?uid=CAESEPBHj3O4luBicluM7CEhkVs&google_cver=1
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEPBHj3O4luBicluM7CEhkVs&google_cver=1&apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88

0
963 B

532ms
63ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEPBHj3O4luBicluM7CEhkVs&google_cver=1&apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS/7.1.2.113 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 08 Oct 2020 16:15:42 GMT
Server: ATS/7.1.2.113
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Thu, 08 Oct 2020 16:15:41 GMT
location: https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEPBHj3O4luBicluM7CEhkVs&google_cver=1&apid=1A80ad92ae-0981-11eb-84ff-12ddab465c88
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK ixmatch.html
js-sec.indexww.com/um/ Frame 1A9D 0
0 97ms
96ms Document
text/html 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

Server: Apache
Last-Modified: Tue, 06 Oct 2020 14:04:48 GMT
ETag: "e20015-8f4-5b10114f2003a"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 08 Oct 2020 16:15:41 GMT
Content-Length: 1136
Connection: keep-alive

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 687F 0
0 283ms
81ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rsid=1|BdCsOVsH/a/fRiqn0c18Mxvc5rJaP5uXhxptBfrzPAh1r4H5OGjlRsLybbqMiOGkSHO3tj2oYW2peUXLM3KhKxP1tUBJlFYZ4hQ5JcvaexNK8Cn3X/UNbPWpJKXQKV//AbqBkxQPOEClmbteZ8c4; ses2=300372^1; vis2=300372^1; ses15=; vis15=300372^1; khaos=KG10VK05-I-A85H; audit=1|hLZGFuTafB2dounxi++45+99qzxPzGzoc2q8GGqXxnCS7+0enaOxS0D3pCcW8TpHcpj76PKZXj8oT2OqK/B16qwRNgFmLHdP
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Thu, 24 Sep 2020 16:43:28 GMT
Content-Encoding: gzip
Content-Length: 9446
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=67171
Expires: Fri, 09 Oct 2020 10:55:12 GMT
Date: Thu, 08 Oct 2020 16:15:41 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/dmp/ Frame CAEE 0
0 93ms
92ms Document
text/html 104.111.215.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.51 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=7253945076828680577; icu=ChgI8ppIEAoYASABKAEwqfb8-wU4AUABSAEKGAjMsmEQChgBIAEoATCp9vz7BTgBQAFIARCp9vz7BRgB
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

Last-Modified: Tue, 24 Mar 2020 15:52:19 GMT
ETag: "5e7a2cb3-cefd"
Server: nginx/1.13.10
Content-Type: text/html
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17037
Cache-Control: max-age=86402
Expires: Fri, 09 Oct 2020 16:15:43 GMT
Date: Thu, 08 Oct 2020 16:15:41 GMT
Connection: keep-alive

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 48F6 0
0 84ms
78ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.194.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=cff17c0d-c32b-43ee-a7bc-b97c265c6989|1602173737; pd=v2|1602173741|gekin0vNiygu
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=cff17c0d-c32b-43ee-a7bc-b97c265c6989|1602173737; Version=1; Expires=Fri, 08-Oct-2021 16:15:41 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1602173741|mWkigqiysLommOgevNgunsn0; Version=1; Expires=Fri, 23-Oct-2020 16:15:41 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.194.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 08 Oct 2020 16:15:41 GMT
content-type: text/html
content-length: 316
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame F26F 0
0 88ms
87ms Document
text/html 104.111.215.68
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.68 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-68.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

Last-Modified: Sat, 01 Aug 2020 14:58:34 GMT
ETag: "13006b6-94fd-5abd223c2ac92"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=65707
Expires: Fri, 09 Oct 2020 10:30:48 GMT
Date: Thu, 08 Oct 2020 16:15:41 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 sync.html
public.servenobid.com/ Frame AAC4 0
0 166ms
69ms Document
text/html 2620:1ec:29::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:29::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: public.servenobid.com
:scheme: https
:path: /sync.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

status: 200
cache-control: max-age=86400
content-type: text/html
content-encoding: br
last-modified: Mon, 05 Oct 2020 19:24:14 GMT
accept-ranges: bytes
etag: "4c283e1c2f7ded16fbd2588b41b9c3e3"
server: AmazonS3
x-cache: TCP_HIT
x-amz-id-2: cJHk38Gacj+WNvVQzgv0zVXLkQM0OBqwq3Ebh7IAEVqeIg06cM6k4iGRKVxWIaY1D6PQ7mlS1Jg=
x-amz-request-id: D4B0D82F1A878527
x-azure-ref-originshield: 0Lxh+XwAAAADPqwfKim29T6xULFhsfREyTE9OMjFFREdFMDExMgA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref: 0LTt/XwAAAAA547QzqOQeTZaQgX+nyWjGQlJVMzBFREdFMDQxOQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
date: Thu, 08 Oct 2020 16:15:40 GMT

GET
H/1.1

200
OK

2000891.html
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame 7E13
Redirect Chain

https://sync.serverbid.com/ss/2000891.html
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

0
0

3195ms
37ms

Document
text/html

205.185.216.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

Date: Thu, 08 Oct 2020 16:15:44 GMT
Connection: Keep-Alive
Cache-Control: max-age=9760
Content-Length: 4947
Content-Type: text/html
Last-Modified: Wed, 20 Nov 2019 20:29:05 GMT
Accept-Ranges: bytes
ETag: "1b0ebac83fe30af80513039edbdf566f"
x-amz-request-id: tx0000000000000029f90b1-005f7e0fd0-3ee9a51-nyc3a
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1602173744.dop020.sk1.t,1602173744.cds034.sk1.shn,1602173744.dop020.sk1.t,1602173744.cds036.sk1.c

Redirect headers

status: 302
content-length: 0
location: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
cache-control: no-cache

GET
H/1.1 204
No Content Cookie set beacon
ap.lijit.com/ Frame CDF5 0
0 256ms
58ms Document
text/plain 216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13394437
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D; ljt_reader=35de274892228f7c463f4a5f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

Server: nginx
Date: Thu, 08 Oct 2020 16:15:41 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Fri, 08-Oct-2021 16:15:41 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=35de274892228f7c463f4a5f;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap5ams1

GET
H2 200 sync
eb2.3lift.com/ Frame 450E 0
0 252ms
58ms Document
text/html 52.29.69.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.69.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tluid=8484455650222330578
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true

Response headers

status: 200
date: Thu, 08 Oct 2020 16:15:41 GMT
content-type: text/html; charset=utf-8
content-length: 496
set-cookie: sync=CgoIgQIQu9P8x9AuCgoIoQEQu9P8x9AuCgoI4gEQu9P8x9AuCgoI5gEQu9P8x9AuCgoIhwIQu9P8x9AuCgkIORC70_zH0C4KCQg6ELvT_MfQLgoJCAsQu9P8x9AuCgkIXxC70_zH0C4KCQgfELvT_MfQLg==; Max-Age=7776000; Expires=Wed, 06 Jan 2021 16:15:41 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=8484455650222330578; Max-Age=7776000; Expires=Wed, 06 Jan 2021 16:15:41 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

GET
H2

204

setuid
prebid.a-mo.net/
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3Df222e1c0-b524-4512-ab99-e84c96de5542%26D%3D%26bidder%3Dappnexus%26uid%3D%24UID
https://prebid.a-mo.net/setuid?A=f222e1c0-b524-4512-ab99-e84c96de5542&D=&bidder=appnexus&uid=7253945076828680577

0
193 B

1445ms
142ms

Image
text/plain

18.210.170.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.a-mo.net/setuid?A=f222e1c0-b524-4512-ab99-e84c96de5542&D=&bidder=appnexus&uid=7253945076828680577
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.210.170.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Cowboy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Thu, 08 Oct 2020 16:15:42 GMT
cache-control: max-age=0, private, must-revalidate
server: Cowboy

Redirect headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:41 GMT
X-Proxy-Origin: 86.106.103.20; 86.106.103.20; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.238:80
AN-X-Request-Uuid: 20557ff0-b6fe-41f3-8a4c-03d6e794e35e
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://prebid.a-mo.net/setuid?A=f222e1c0-b524-4512-ab99-e84c96de5542&D=&bidder=appnexus&uid=7253945076828680577
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 sync
pixel.advertising.com/ups/56465/ 0
125 B 326ms
62ms Image
text/plain 52.57.10.248
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.57.10.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Thu, 08 Oct 2020 16:15:41 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

setuid
prebid.a-mo.net/
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3Df222e1c0-b524-4512-ab99-e84c96de5542%26D%3D%26bidder%3Dsovrn%26uid%3D%24UID
https://prebid.a-mo.net/setuid?A=f222e1c0-b524-4512-ab99-e84c96de5542&D=&bidder=sovrn&uid=35de274892228f7c463f4a5f

0
193 B

1396ms
143ms

Image
text/plain

18.210.170.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.a-mo.net/setuid?A=f222e1c0-b524-4512-ab99-e84c96de5542&D=&bidder=sovrn&uid=35de274892228f7c463f4a5f
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.210.170.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Cowboy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Thu, 08 Oct 2020 16:15:42 GMT
cache-control: max-age=0, private, must-revalidate
server: Cowboy

Redirect headers

Date: Thu, 08 Oct 2020 16:15:41 GMT
Server: nginx
Location: https://prebid.a-mo.net/setuid?A=f222e1c0-b524-4512-ab99-e84c96de5542&D=&bidder=sovrn&uid=35de274892228f7c463f4a5f
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

204

sync
pixel.advertising.com/ups/55965/
Redirect Chain

https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent=
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=OrwVNzy4EGgiuxVoaukPaT_vFWkivhEzOuqD8LQr

0
124 B

170ms
62ms

Image
text/plain

52.57.10.248
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=OrwVNzy4EGgiuxVoaukPaT_vFWkivhEzOuqD8LQr

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.57.10.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Thu, 08 Oct 2020 16:15:41 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:41 GMT
status: 302
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=OrwVNzy4EGgiuxVoaukPaT_vFWkivhEzOuqD8LQr
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

204

sync
pixel.advertising.com/ups/55946/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_hm=MUE4MGFjOThlMC0wOTgxLTExZWItOTA3ZS0xMjk5OGI0ZWFlNDY%3D&gdpr=1&gdpr_consent=&_origin=0
https://pixel.advertising.com/ups/55946/sync?uid=CAESEE4xmGXojffiKB3ViyOPUUg&gdpr=1&gdpr_consent=&_origin=0&google_cver=1

0
124 B

173ms
73ms

Image
text/plain

52.57.10.248
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55946/sync?uid=CAESEE4xmGXojffiKB3ViyOPUUg&gdpr=1&gdpr_consent=&_origin=0&google_cver=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.57.10.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Thu, 08 Oct 2020 16:15:41 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:41 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.advertising.com/ups/55946/sync?uid=CAESEE4xmGXojffiKB3ViyOPUUg&gdpr=1&gdpr_consent=&_origin=0&google_cver=1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 /
c1.adform.net/serving/cookie/match/ 0
187 B 152ms
73ms Image
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match/?CC=1&party=15&gdpr=1&gdpr_consent=&curl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55944%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26gdpr%3d1%26gdpr_consent%3d

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:41 GMT
server: nginx
status: 403
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
264 B 156ms
76ms Image
image/gif 52.48.46.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.46.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:41 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status: 200
cache-control: private,no-cache, must-revalidate
content-type: image/gif
content-length: 70

GET
H2

204

setuid
prebid.a-mo.net/
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3Df222e1c0-b524-4512-ab99-e84c96de5542%26D%3D%26bidder%3Dindex_rtb%26uid%3D
https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3Df222e1c0-b524-4512-ab99-e84c96de5542%26D%3D%26bidder%3Dindex_rtb%26uid%3D&C=1
https://prebid.a-mo.net/setuid?A=f222e1c0-b524-4512-ab99-e84c96de5542&D=&bidder=index_rtb&uid=X387LblQJWIAAA1bMy4AAADO%26646

0
194 B

1272ms
140ms

Image
text/plain

18.210.170.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.a-mo.net/setuid?A=f222e1c0-b524-4512-ab99-e84c96de5542&D=&bidder=index_rtb&uid=X387LblQJWIAAA1bMy4AAADO%26646
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.210.170.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Cowboy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Thu, 08 Oct 2020 16:15:42 GMT
cache-control: max-age=0, private, must-revalidate
server: Cowboy

Redirect headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:41 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://prebid.a-mo.net/setuid?A=f222e1c0-b524-4512-ab99-e84c96de5542&D=&bidder=index_rtb&uid=X387LblQJWIAAA1bMy4AAADO%26646
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 320
Expires: Thu, 08 Oct 2020 16:15:41 GMT

GET
H2 204 current
aol-match.dotomi.com/match/bounce/ 0
104 B 206ms
82ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aol-match.dotomi.com/match/bounce/current?networkId=60&version=1&nuid=1A80ac98e0-0981-11eb-907e-12998b4eae46&gdpr=1&gdpr_consent=&rurl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55853%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/shlayer-mac-malware-extra-sneakiness/156669/?web_view=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Thu, 08 Oct 2020 16:15:41 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

POST
H/1.1 200
OK abt Show response
capi.connatix.com/tr/ Frame 7FBC 0
323 B 475ms
157ms XHR
multipart/form-data 52.14.222.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/abt?v=65408
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.14.222.78 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 08 Oct 2020 16:15:42 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK st Show response
capi.connatix.com/tr/ Frame 7FBC 0
323 B 158ms
158ms XHR
multipart/form-data 52.14.222.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/st?v=65408
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.14.222.78 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 08 Oct 2020 16:15:44 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 7FBC 143 B
1 KB 81ms
81ms XHR
application/json 37.252.173.62
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

c21ea6fbe624f9521fa9c94b7c7ea4ef2eaec80c91a36cddfab48dd3e3d2c9d2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:47 GMT
X-Proxy-Origin: 86.106.103.20; 86.106.103.20; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.26:80
AN-X-Request-Uuid: 81e90ed6-3f0a-4d5e-b159-6fa1ef7ad672
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame 7FBC 92 B
341 B 71ms
67ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=0a536801-aeec-4632-8afe-86a8c7194d58&nocache=1602173747607&auid=540882778&vwd=400&vht=225
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.194.0 /
Resource Hash: 004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:47 GMT
via: 1.1 google
server: OXGW/16.194.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 92
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 7FBC 144 B
1 KB 92ms
91ms XHR
application/json 37.252.173.62
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

e95a894d48982685b01ae5468c422558e491e7dbcc3b2d4d7168b6d7639911b8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:47 GMT
X-Proxy-Origin: 86.106.103.20; 86.106.103.20; 535.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.91:80
AN-X-Request-Uuid: 1cbbfdcf-63cc-4cca-91d2-3533f77b2168
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 7FBC 0
59 B 256ms
138ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Thu, 08 Oct 2020 16:15:47 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame 7FBC 92 B
282 B 67ms
66ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=81a60d0e-b9b0-4120-a870-240989f6b07c&nocache=1602173747614&auid=540882779&vwd=400&vht=225
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.194.0 /
Resource Hash: 004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Oct 2020 16:15:47 GMT
via: 1.1 google
server: OXGW/16.194.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 92
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ Frame 7FBC 25 B
437 B 252ms
130ms XHR
application/json 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?t=900&s=435870&v=8.1&r=%7B%22id%22%3A%22370ea72345f7d7d%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2238fbe5ea6014054%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22400x225%22%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180000%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%7D&ac=j&sd=1&nf=1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2764c81e71dbb20fcb6971ea22a1bb26f2a59b5cc0db9faf8effbc10f3b74850

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 45
Expires: Thu, 08 Oct 2020 16:15:47 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ Frame 7FBC 25 B
437 B 273ms
152ms XHR
application/json 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?t=900&s=435871&v=8.1&r=%7B%22id%22%3A%22394b9cb81d3388e%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2240b77e493a29341%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22400x225%22%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180000%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22w%22%3A400%2C%22h%22%3A225%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%7D&ac=j&sd=1&nf=1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 86dc91a26da1a3771103a39fffd6a625c3bf92db62c3fbf785603f71cc2df92a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 08 Oct 2020 16:15:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 45
Expires: Thu, 08 Oct 2020 16:15:47 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 7FBC 0
115 B 241ms
132ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Thu, 08 Oct 2020 16:15:47 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 7FBC 0
215 B 385ms
268ms XHR
application/json 3.124.44.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.44.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST
H/1.1 200
OK e
capi.connatix.com/tr/ Frame 7FBC 0
220 B 704ms
196ms Other
text/plain 52.14.222.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/e
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.14.222.78 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Date: Thu, 08 Oct 2020 16:15:48 GMT
Access-Control-Allow-Credentials: true
Server: openresty/1.15.8.2
Connection: keep-alive
Content-Length: 0

GET
H2 206 0.mp4 Show response
vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/ Frame 7FBC 407 KB
407 KB 35ms
35ms XHR
video/mp4 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3edf0837f49625ad64af84f2a4d223b69ea99fb468ebbb2ece40286dbe64b6a1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=855192-1271452

Response headers

date: Thu, 08 Oct 2020 16:15:49 GMT
last-modified: Mon, 07 Sep 2020 18:49:41 GMT
age: 888225
etag: "7e14a97a9fd99818d5080eb2d1b8cc43-7"
x-served-by: cache-bwi5146-BWI, cache-bma1632-BMA
status: 206
x-cache: HIT, HIT
content-type: video/mp4
Content-Range: bytes 855192-1271452/32479190
cache-control: max-age=31557600
accept-ranges: bytes
x-timer: S1602173750.926069,VS0,VE0
access-control-allow-origin: *
Content-Length: 416261
x-cache-hits: 1, 1

OPTIONS
H2 200 0.mp4
vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/ Frame 0
0 103ms
34ms Other 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/54ab44ae-2675-4cee-bcea-ec4cd9d0180b/0.mp4
Protocol: H2
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

status: 200
retry-after: 0
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: range
accept-ranges: bytes
date: Thu, 08 Oct 2020 16:15:49 GMT
x-served-by: cache-bma1632-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1602173750.891175,VS0,VE0
cache-control: max-age=31557600
content-length: 0

POST
H/1.1 200
OK st Show response
capi.connatix.com/tr/ Frame 7FBC 0
323 B 158ms
158ms XHR
multipart/form-data 52.14.222.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/st?v=65408
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.14.222.78 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 08 Oct 2020 16:15:52 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK abt Show response
capi.connatix.com/tr/ Frame 7FBC 0
323 B 159ms
159ms XHR
multipart/form-data 52.14.222.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/tr/abt?v=65408
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.14.222.78 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data

Response headers

Date: Thu, 08 Oct 2020 16:15:52 GMT
Content-Encoding: gzip
Server: openresty/1.15.8.2
Vary: Accept-Encoding
Content-Type: multipart/form-data
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 20

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3232767782959001&correlator=16376800333684&output=ldjh&impl=fifs&eid=21065976%2C21066993&vrg=2020100501&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201008&iu_parts=21707124336%2CThreatPost-970x250-ATF%2CThreatPost-300x250-ATF%2CThreatPost-300x600-ATF%2CThreatPost-2x2-Skin&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2&prev_scp=amznbid%3D2%26amznp%3D2%26hb_adid_rubicon%3D65d918ae4d89bd5%26hb_bidder_rubicon%3Drubicon%26hb_adid_nobid%3D639108dd70b3c7f%26hb_bidder_nobid%3Dnobid%26dyn_bids%3D0.01%26hb_adid%3D65d918ae4d89bd5%26hb_bidder%3Drubicon%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%26hb_adid_nobid%3D64d0ed02a0ddf08%26hb_bidder_nobid%3Dnobid%26dyn_bids%3D0.01%26hb_adid%3D64d0ed02a0ddf08%26hb_bidder%3Dnobid%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fshlayer-mac-malware-extra-sneakiness%252F156669%252F%26urlquery%3Dgoogfc%26contentid%3D156669%26category%3Deditors-picks%26contenttags%3Danti-evasion%252Cfake-adobe-flash-installer%252Cgoogle-search%252Cintego%252Cmac-malware%252Cmalware-analysis%252Cnew-version%252Cpoisoned-search-results%252Cshlayer%252Cstealth&cookie_enabled=1&bc=31&abxe=1&lmt=1602173738&dt=1602173738176&dlt=1602173735805&idt=485&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C1082%2C1082%2C0&adys=10%2C257%2C1558%2C0&adks=1015519800%2C654286612%2C375389812%2C3385906655&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fthreatpost.com%2Fshlayer-mac-malware-extra-sneakiness%2F156669%2F%3Fweb_view%3Dtrue&dssz=55&icsg=171811933184&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x90%7C300x250%7C300x250%7C1600x2&msz=728x90%7C300x250%7C300x250%7C1600x2&ga_vid=1870212433.1602173737&ga_sid=1602173738&ga_hid=1609403991&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfV0.

Domain: capi.connatix.com
URL: https://capi.connatix.com/tr/sv?v=65408

Verdicts & Comments Add Verdict or Comment

275 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			threatpost.com/	1970-01-29 13:01:27	Name: usprivacy Value: 1---
			.threatpost.com/	1970-01-19 22:27:22	Name: __qca Value: P0-1177959967-1602173737671

44 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 372) Message: gBrowserWidth =1600
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 397) Message: OpenX Slot defined for /21707124336/ThreatPost-970x250-ATF div-gpt-ad-6794670-2
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 397) Message: OpenX Slot defined for /21707124336/ThreatPost-300x250-ATF div-gpt-ad-6794670-3
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 397) Message: OpenX Slot defined for /21707124336/ThreatPost-300x600-ATF div-gpt-ad-6794670-5
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 397) Message: OpenX Slot defined for /21707124336/ThreatPost-2x2-Skin div-gpt-ad-6794670-1
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: CMP: Startup v238
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: uspapi: uspapi_init() - v0.105
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: USP: Locale=en-us gdpr= false
console-api	warning	URL: https://qd.admetricspro.com/js/threatpost/prebid.js(Line 3) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: gSChainNodes found, prebid configured with 1 supply chain object(s)
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: ENGINE: final pbjs config
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: [object Object]
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: Initial Ad Load
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: uspapi: No existing consent found in cookie, local or session storage
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: __uspLaunch begin
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: CMP: No existing consent found in cookie, local or session storage
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: CMP: checking non TCF vendor cookie
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: CMP: No existing non-TCF consent found in cookie, local or session storage
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: __uspLaunch(): addEventListener:
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: [object Object]
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: CMP: Locale=en-us gdpr= false
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: CMP: GDPR does not apply
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: __uspLaunch(): addEventListener:
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 27) Message: [object Object]
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendBidRequests() gPBJSTimeoutTimer=null pbjs.adserverRequestSent=undefined
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: uspapi: No existing consent found in cookie, local or session storage
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: Amazon bids returned, count=4
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: [object Object],[object Object],[object Object],[object Object]
console-api	warning	URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js(Line 3) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: uspapi: geo IP found region Saxony
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: uspapi: USP does not apply to Saxony
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 8) Message: uspapi: Setting not applicable signal
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: pbjs bids returned
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: gPBJSTimeoutTimer cleared
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendAdserverRequest(): pbjsBidsBack
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendAdserverRequest()
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: pbjs.getAdserverTargeting: >> Amazon >> Prebid
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: [object Object]
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: pbjs.getBidResponses:
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: [object Object]
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: gThisRefreshSlots=
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: [object Object],[object Object],[object Object],[object Object]
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: sendAdserverRequest(): ---> Calling googletag.pubads().refresh()
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/engine.js(Line 5) Message: console.groupEnd

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

237be589fae8b4cff8daa29793f14f33.safeframe.googlesyndication.com
acdn.adnxs.com
ads.adaptv.advertising.com
ads.pubmatic.com
ads.servenobid.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
analytics.twitter.com
aol-match.dotomi.com
ap.lijit.com
as-sec.casalemedia.com
assets.threatpost.com
c.amazon-adsystem.com
c1.adform.net
capi.connatix.com
cd.connatix.com
cds.connatix.com
cm.g.doubleclick.net
e.serverbid.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
geo.ipify.org
graph.facebook.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
img.connatix.com
js-sec.indexww.com
kasperskycontenthub.com
match.adsrvr.org
media.threatpost.com
pixel.advertising.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
public.servenobid.com
qd.admetricspro.com
rules.quantcount.com
secure.quantserve.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
ssum.casalemedia.com
static.ads-twitter.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.serverbid.com
t.co
tagan.adlightning.com
teachingaids-d.openx.net
threatpost.com
tlx.3lift.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
vid.connatix.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.reddit.com
capi.connatix.com
securepubads.g.doubleclick.net
100.24.218.250
104.111.215.135
104.111.215.51
104.111.215.68
104.111.230.142
104.244.42.197
104.244.42.3
134.209.131.220
151.101.112.157
151.101.114.49
151.101.194.137
172.217.22.34
172.217.23.130
178.128.135.80
18.156.0.31
18.210.170.92
18.224.152.82
185.64.189.112
199.232.53.140
205.185.216.42
216.52.2.48
2600:9000:206e:e400:6:44e3:f8c0:93a1
2600:9000:20eb:9e00:0:5c46:4f40:93a1
2600:9000:2156:f800:2:9275:3d40:93a1
2606:2800:233:97b6:26be:138a:cba8:bb01
2606:4700:e0::ac40:6826
2620:116:800d:21:f916:5049:f87f:108e
2620:1ec:21::14
2620:1ec:29::10
2a00:1288:110:c305::8000
2a00:1450:4001:803::2004
2a00:1450:4001:808::2002
2a00:1450:4001:815::2001
2a00:1450:4001:816::2008
2a00:1450:4001:81b::2001
2a00:1450:4001:81c::2003
2a00:1450:4001:81c::2004
2a00:1450:4001:81e::200e
2a00:1450:4001:824::2003
2a00:1450:400c:c00::9b
2a02:fa8:8806:12::1400
2a03:2880:f01c:800e:face:b00c:0:2
3.124.44.162
34.98.64.218
35.173.160.135
35.244.159.8
37.157.3.30
37.252.173.62
52.14.222.78
52.212.5.193
52.29.69.255
52.48.46.226
52.57.10.248
52.58.26.10
64.140.160.2
69.173.144.140
99.86.240.180
99.86.243.112
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14
0119689800eadf6270855a19b65d74251e7da6be5e4686f36c15bf81281ddb4c
01864580e1f385dc4512aed0de4b324cc1a04812709e7020e857612fc0ce9f4c
039f2a12a4fefd4b33bcae31f1f2f17d12cf51f4e6301792ada3885f412a2761
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
072ab2e24f8ac0a6f43c0c0214b33e72c1f80b4cdea9503a416483a3d4cee21f
103619a1e9ed4f73bde0d6ac618a257188e606e125d045e280f3dc186c47d9b2
136aa09e9cb1f433a76e9f805a8c6559bdfe8f8e947351d75139daf2214ca398
15e9840f31982980328598c38e5c60434072901f2c902713ef9c4d4900e05307
172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d
19642183c7216202f8585c8a953db9be798207e5092cd5ab2b156fdf3cb8f9d3
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1e6cc52bffa814d7c7912cd64a2ef303e6a2f2387b428173dca05f032bfa5788
21e46fe44c6929876f5a413c843ae516c0ddfd1aad3e8e33446b7bc0a6781b08
25d6fd3b4dcdc05593cab2b4157e21194ada84e5b0de832011246e65d15fe8a9
2664d4a135be03411365f11717209e528e5350672a688007a57fe4607085c2b7
2764c81e71dbb20fcb6971ea22a1bb26f2a59b5cc0db9faf8effbc10f3b74850
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
308e1d0bf8d9f9ca518436965729d5398a87fba21a9cb04a15cc65a715e1a519
3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838
3435531b595fb1b2b529346e1df8c979a1fd727f56ea8c0d792316035440cac5
357d9c288830c6aca87a5031448d47ee2db800f809ed0b2f85a45abd9cb4e8ec
3773223dc3f0b2c5f4ba6310b5eb478b52db9c305623545b0723b10a1e636b14
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3b1883ee76f59c128399604a19c4e29c99098c9845d519366bd097c5c36c753e
3bd629d40665df70560408ef15ba85935c03c676d8408cd53bab4a78f66fdc9b
3c516be42ddfa658cff16692483335d1b7c48425bfc8448504928590701e697d
3edf0837f49625ad64af84f2a4d223b69ea99fb468ebbb2ece40286dbe64b6a1
41f3222c29889fb48f5dca1d481858e5339a759655510c256ef4edf56c80f7f5
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
428e9929861f2c8e4d46e098f38f9e7b6d3188e8dffb1442f6a98e26c5cf9507
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
469ff55f31cca5679c40560c673e7bdcdc00e67b8df0c9294788a2a854499c31
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4edf4e4d19fa8ec8abf42e728012fb704a7d8e49a25bbf778b77abd20d90b8ce
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
52c3042def4556ec5587f055207a1272237bd5cc88c4d92644511c176e742b6e
5481f30ba9d01f44fe7726f2f72acf887c9ea90631f66c6937f6df3464c6e5fa
559a8023730d7c14cf1f02032a2a7dca710e3cf77abaa10ade6db613c0ece4eb
5876f68bf30a82eb99d9ec29e561f5c925ea347243c3e022021dd87823c65813
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
6093512522b5494940e9ade7c7c01312e7a31e600824874686588f4e448e4dad
67b5257f432c5230f6a5e8494ac01da1afe28c263d7ce06ad5aaa3b94509c014
68575ad691a70cbdbe9e806567291969d2813ac54ae3a6e26f4778ba568b522e
6a40bb7520e8da8ddbd6bd4814a9438eed29cf2244dc19002edf09a8c4dc106a
6c2a5033d986aab2ca7dd5cd08ce5b731e162f3663470b66ad05898880bba4b2
6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2
6ceb2be119d08740867f19d7f3e5c2230050de29e4eb48a588b86af1a5b7db57
7148f1285575a0733bb2fb07aff9a0b99e775c2fcc5f29c44698e73086b49e8c
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7851468a81d1ce63ee8beb5d286295021d82e8e366b79ef03ed686e18b74e949
791135f98b21bbd99c1cbcd56e2827cab155856c144602a8749a57acaa5aa813
7e2b472509d9e149690aba45c5917ebdd2f52471b98d414c2726301b90e08f21
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8437af4436a1008eb1d73b9fcb156f3005fdd02c0fe620f2b2e65b38bb027f0a
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
86dc91a26da1a3771103a39fffd6a625c3bf92db62c3fbf785603f71cc2df92a
87d73170be9a2e277c57d324c4e05ec0ac60ed3c0191fa29e7a31133b4c4c119
89ce08431545cd3c6d42419d99ee0152027a68c1d0c7c82838cc9a51d9d52451
8a80d3dcbb76cc81900852f3f017919b1db8bf9d1f84a6c277c4529feca16b2c
8abe657ed3aba0c1b5f81802aeb28df3f35d4aafb98b701bca745e5f1606140e
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c
91e8f81ef3c99be20d905536aa719b1fd716ce7760080c3ca6b0cd552723535d
98170098ad5b9e0e27bc80b4fab39889cb6437246979ee85680f64bb77d03a08
9f4d5cca9c79886cc27246836d97c89aaf7853b2a42b09801660cb9a3df67424
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0f5fa6a8f13f599bd10e08442109f4b54217a242617b3b45b0a55f3de7c340a
a49d1360eb68f89031cc73518837c14f24de83086aef3ed0cfe8a7c62c3e42e0
a4f281c13aa2a73483633b5c6cc079a74059d1f1f5d44de8cd25f37c489335a3
a912e70538e92fb1e7970a59f67b43615584959f6c0a96d0ca2ed68e7fe62c3a
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7
aa90c2d77583dd25e7fbdc1411c8d718f29d9665ab48f985ffe6f3a38b34b6a7
ac1eed21fdddd6a981458cc46e79523f77a9b44b9b639d9df405c0d9827cc552
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
b0209d39595432d762f6ba2a81dc0bffa6a6e1ed9021ba24ffa06c3c7e4bcb02
b3e65f5bc65f920ed835a1329e8e585275e7c0e93de8a5c5642eab6300a11cef
baef9f6e65a97c84941f5887e072c0644bdfac30692b513cd0f8be7a495cfee5
c1bb9e412bbbb1c7027687a0b244564a41891353502dc8d909cb1e68b1f9a796
c21ea6fbe624f9521fa9c94b7c7ea4ef2eaec80c91a36cddfab48dd3e3d2c9d2
c8c1db4b20beaa9321f0918115c515c4ed019d8b31ce657e0d28951f7af75ee7
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ce9fc9f45a3f5d71caa5b1cb264f152f8d1a1aad40d91fe4247c083521340ff5
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
d89d98593ac65c9f002b856f3e22a1479f3aea866f7fd15c85903c0a6d66f0e3
d93cf39705c0bc6c7a9dd7b9533ecd7b20d771a4ee03a565e3aa6b51543490a0
dd7d093a1d67babe8e574f94231253e281cf71195d34d8d7035329c655915c90
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e106abbef218a2ed4209a20156878f88540ac5db9df431978cad768027d60d55
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e8909c244d0bcb262bae9f88c1c9f9066e1a412a69ffc96951940a5f7064ee99
e8c207773b5b242229f77be9cde555a9cf5ced8288409f80da3d5192706e40e3
e95a894d48982685b01ae5468c422558e491e7dbcc3b2d4d7168b6d7639911b8
ec95a631650981cd2ff2eecd07118042dee23fc0a3fd6ed70926fa3d94e4e5d3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4f2c0a4763f01ee2b13b4f8189e6fd5f32bd704d71fed8d0f11883de9724198
f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
fa96345fcb3efdc63fe2d47ff53d79abd4578db2d3455dd97f63d98bde78e748

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

177 Requests

99 %HTTPS

36 %IPv6

41 Domains

66 Subdomains

56 IPs

9 Countries

3139 kBTransfer

6456 kBSize

2 Cookies

15 Outgoing links

Redirected requests

177 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

177
Requests

99 %
HTTPS

36 %
IPv6

41
Domains

66
Subdomains

56
IPs

9
Countries

3139 kB
Transfer

6456 kB
Size

2
Cookies

177 HTTP transactions
0 data transactions